CHCI Proposal for childcares study

8/14/2019 CHCI Proposal for childcares study

1/5

CHCI Project Proposal

Prepared for: Center for Human-Computer InteractionPrepared by: Laurian Vega, Ph.D. Candidate

August 11, 2009

Virginia Tech 2202 Kraft Drive Blacksburg, VA 24061 T 540.239.9334 [email protected] http://www.laurianvega.com

Usable Security Team


2/5

Usable Security Childcare In-formation Proposal

IntroductionPresident Obama has recently called for a complete revamping of the medical system. Within that call to action, therehas been a push to make medical records not only electronic, but usable. However, medical records are a type of information that is primarily stored in paper form. Securing a piece of paper, one would think, is as simple as locking it in

a ling cabinet. Additionally, determining who has access or had access to the medical information is relativelyconventional given that paper can only be handed from person-to-person. What happens, though, when medical recordsbecome not only electronic but stored online[1]? How many people can access those les? How do you gure out who

has access the les? Who owns the medical record? The patient, the doctor? And, who does the patient trust with theirrecords? Should a doctor be able to see all of a patients records? The grand scope of this research attempts to answersome of those questions.

In this proposal I have scaled down our project to a small pilot study. We are proposing an area of study that is not lifecritical such as the emergency room, but one that contains medical-like sensitive information. I would like to study howinformation is secured and accessed in local childcares. Childcares have many different kinds of people (childcareworkers, auditors, owners, parents to name a few) and contains information that should not be shared with others. A

study of current practices showing all of the different methods of information access and types of people who shareinformation would provide insight into how to design information security measures for the personal health record domainwhere there are similar stakeholders. Some of the questions we are asking:

what kinds of information is stored?

what are the kinds of information different people have access to?

how is that information accessed?

what are the current security measures taken?; and,

what is the kind of audit trail left after someone accesses a piece of critical information?

From this study I anticipate knowing a lot more about how critical information is accessed and secured in real lifesituations.

Usable Security Childcare Information Proposal 1



3/5

Research to Date At this point I have nished one half of a two part study that has been approved by the IRB; the IRB approval number is09-515. In July an REU student and I interviewed twelve childcare directors in the NRV area. From this study we wereable to derive the ofcial policy on how information about the children and their families is stored, secured, accessed, and

located. Now that we know what is the ofcial policy, we would like to further explore what is the actual practice of information security by interviewing the parents of children in childcares.

While in the childcares we asked if a yer could be hung to encourage parents to participate in the second half of this

study. From those yers we have received a call from one parent participant. We have not received more phone calls. This has shown that our current recruitment methods are not as successful as we had hoped. In talking with Dr. Tatarabout craftier recruitment methods, she believes that a monetary incentive along with fuller coverage in places where

parents are located would greatly improve the chances of voluntary participation.

Plan of Action & Recruitment MethodsOnce this budget has been approved I will resubmit IRB with the nancial information. I will then put up yers in coffeeshops, campus buildings, and other Blacksburg and Christiansburg shops while accessing my social network.

Additionally, I will post announcements on listserves like the graduate student listserve and the working mother listserve.

Interviews will be set up for September through November with transcripts being done within a week. The participant willbe paid after the interview has been conducted. A nal report of all the interviews will be completed by the end of thesemester.

Procedure The participants will contact me by phone to to indicate that they would like to participate. A meeting will be set up to

take place at the person's work or home location at a time of their choice.

Upon arrival at the meeting an informed consent will be given, explained, and signed. The participant will then beinstructed that the interview will be audio recorded and that at any time they can choose to not participate. The audiorecording will then be started. They will be asked questions from the interview protocol that has been attached. We

expect the study to last no longer than 30-45 minutes. Copies of pertinent artifacts may be collected. After the interviewis over the participant will be thanked for his/her time and we will leave.

1) An audio recording from an MP3 recorder will be made which transcriptions will be made from. (2) Copies of forms willbe collected and associated with a participants ID number (which will be assigned to the participant after agreeing toparticipate in the study). (3) A digital picture may be taken of pertinent artifacts. All of these materials will be digitized andthe originals will be shredded. All original digital documents will be stored on Laurian Vega's personal machine that will be

password protected.




4/5

BudgetI am applying for $200.00 to interview twenty people in the fall semester 2009. Each participant would be paid $10.00 for30 minutes of time.

ReferencesKaelber, D.C., et al., A Research Agenda for Personal Health Records (PHRs). J Am Med Inform Assoc, 2008: p.

M2547-M2547.

Appendix

Interview Protocol & Questions: Field Study of In-use Information Security and Interfaces within Childcare FacilitiesParentsSection 1: Demographic and Background InformationGoal: To collect background information about the parent and their child or children.

Name: ________________________________________________________________Gender: M/FNumber of children in a childcare program: _____

Age(s) of child(ren): ____________________________

Childcare Facility in which your children are enrolled in: _____________________How long has/have your child/children been enrolled in a childcare program: ________How long has/have your child/children been enrolled in the current childcare program: _____________

Section 2: Information SecurityGoal: To look at how information is shared between the childcare providers and to the parents that are enrolling their

children in to such programs. In order to enroll your child/children in to childcare, what kind of information did you have to provide about yourself? What kind of information did you have to provide about your child/children? Forms? Immunizations? Maybe: Was there any particular information that you had to provide to the childcare facility that you felt was

unnecessary or sensitive? How was this information handled? Any differently? What kind of information does the childcare facility provide to you about your child/children? (ex: daily reports, webcamfeeds, etc) Daily? Weekly? Yearly?

Is there any sort of information that you might have gathered about other children that are enrolled in your childs/ childrens program (e.g. illnesses/conditions, behaviors )? Are you aware of who can access your childs information? Who do you think can access your childs information?

Do you know that centers keep your les forever? Who do you think is the owner the information in your childs le? If you arent comfortable with any policies do you feel you would be able to bring it up and have it be changed? How much do you trust your childcare with your childs information?




5/5

What reassurances have you been given that the information about your child has been protected? Do you know whohas access to information about your child?

Maybe (intrusive): Has there ever been an incident between your child and another at the childcare (e.g. physicalaltercations)? If so, what kind of information was given to you about the incident (e.g. name of the other child, what exactly happened

between the two children, etc)?



CHCI Proposal for childcares study

Documents

Transcript of CHCI Proposal for childcares study