When trust defies common security sense

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

[1]  J. Eisenberg,et al.  Changing physicians' practices. , 1993, Tobacco control.

[2]  Brian L. Hawkins,et al.  The Myth about IT Security , 2006 .

[3]  Carl E. Landwehr,et al.  Computer security , 2001, International Journal of Information Security.

[4]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[5]  Nasriah Zakaria,et al.  Exploring Security and Privacy Issues in Hospital Information System: An Information Boundary Theory Perspective , 2003, AMIA.

[6]  Chris Price What is action research in Reconnect , 2002 .

[7]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[8]  Patricia A. H. Williams Medical data security: Are you informed or afraid? , 2007, Int. J. Inf. Comput. Secur..

[9]  Geoff Walsham,et al.  The Emergence of Interpretivism in IS Research , 1995, Inf. Syst. Res..

[10]  E. Eugene Schultz,et al.  The human factor in security , 2005, Comput. Secur..

[11]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[12]  Neil F. Doherty,et al.  Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis , 2005, Inf. Resour. Manag. J..

[13]  Steven Furnell,et al.  Why users cannot use security , 2005, Comput. Secur..

[14]  Patricia Williams Apprasing information security rituals in primary care medical practice , 2006 .

[15]  R. Cushman,et al.  n Serious Technology Assessment for Health Care Information Technology , 2022 .

[16]  Patricia A. H. Williams The Role of Standards in Medical Information Security: An Opportunity for Improvement , 2006, Security and Management.

[17]  Charles P. Friedman,et al.  Development and initial validation of an instrument to measure physicians' use of, knowledge about, and attitudes toward computers. , 1998, Journal of the American Medical Informatics Association : JAMIA.

[18]  Ibrahim Sogukpinar,et al.  ISRAM: information security risk analysis method , 2005, Comput. Secur..

[19]  Sebastiaan H. von Solms,et al.  Information Security Governance - Compliance management vs operational management , 2005, Comput. Secur..

[20]  Roderick Neame,et al.  Computerisation and health care: some worries behind the promises , 1999 .

[21]  Rossouw von Solms,et al.  From policies to culture , 2004, Comput. Secur..

[22]  Patricia A. H. Williams Information Governance: A Model for Security in Medical Practice , 2007, J. Digit. Forensics Secur. Law.

[23]  Heather Grain Information systems in the new world: an emerging national approach. , 2005, Australian health review : a publication of the Australian Hospital Association.

[24]  Randolph A. Miller,et al.  Research Paper: Attitudes of First-year Medical Students Toward the Confidentiality of Computerized Patient Records , 1999, J. Am. Medical Informatics Assoc..

[25]  F DohertyNeil,et al.  Do Information Security Policies Reduce the Incidence of Security Breaches , 2005 .

[26]  J Kern,et al.  Attitudes towards information system security among physicians in Croatia. , 2001, Methods of information in medicine.

[27]  Frank Holloway Confidentiality: threats and limits , 2004 .

[28]  A Nori,et al.  Data in general practice. , 1998, Australian family physician.

[29]  Ahmad Risk,et al.  eHealth in Latin America and the Caribbean: Development and Policy Issues , 2003, Journal of medical Internet research.

[30]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[31]  Theodore Tryfonas,et al.  From risk analysis to effective security management: towards an automated approach , 2004, Inf. Manag. Comput. Secur..

[32]  Gerald V. Post,et al.  Information Security Tradeoffs: The User Perspective , 2006, Inf. Secur. J. A Glob. Perspect..

[33]  Douglas M. Stetson Achieving Effective Medical Information Security: Understanding the Culture , 2005 .

[34]  H. Bauchner,et al.  Changing physician behaviour , 2001, Archives of disease in childhood.