8/3/2019 Patients Are Not the Enemy

1/3

Patients are Not the Enemy:Qualitative Inquiry into Security & Healthcare

Aubrey Baker 1 , Laurian Vega 2 , Tom DeHart 2 , Steve Harrison 2 Grado Department of Industrial and Systems Engineering 1 & Center for Human Computer

Interaction 2 , Virginia Tech, Blacksburg, VA, USA 24060{AABaker, Laurian, TDeHart, SRH }@VT.edu

SummaryPart of the job of healthcare providers is to manage client information. Most is routine, but some issensitive. For these reasons physicians offices provide a rich environment for understanding complex,sensitive information management issues as they pertain to privacy and security. We present findings frominterviews and observations of 15 offices in rural-serving southwest Virginia. Our work demonstrates howthe current socio-technical system fails to meet the security needs of the patient. In particular, we foundthat the tensions between work practice and security, and between electronic and paper records resulted ininsecure management of files.

Problem and MotivationTraditionally, electronic and physical security have been concerned with creating rules, locks, and

passwords. However, security systems that neglect people as a significant part of the equation are seldomsecure in practice [3]. Practice is what happens in the moment; it is the activity; it is what is actually done.It is often in the human-centered moment, and not in the computer-centered planning stages, when securitypolicies or mechanisms break down and the safety of sensitive information is compromised. For this reasonwe propose that there exists a need to study socio-technical systems to understand what role humans andtechnology play in creating usable security that complement current technological ones [1]. Specifically, wepropose focusing on physicians offices, where there is a plethora of sensitive patient information that existsin various stages and forms of documentation. Physicians offices are valuable loci of study given thecollaborative nature of the work and the increasing adoption of electronic medical records [7]. We presentdata from interviews and observations of 15 physicians offices in Southwest rural-serving Virginia tocontinue the discussion of usable security within a particular location and with a focus on practice.

Background and Related Work

The work of usable security in healthcare is an amalgamation of prior work on healthcare, security, and HCI[1, 6]. Patients serve as users, owners of sensitive information, and as part of the healthcare system. Inregards to security, prior work has demonstrated balance is essential between policies and softwaresolutions that are constructed accounting for: social and organizational context, temporal factors fromactions in that context, possible threats from information usage, and trade-offs made by the user [1]. Someconsiderations would be the location of computers and paper files within the physicians office and usersbeing inconvenienced by extra steps, such as using a password every time they return to a computer orputting files back on the shelving unit in between frequent access. These factors demonstrated that allsolutions are not technical: the social context must be accounted for in order to fully represent the needs of the users as argued more generally in the work of Paylen & Dourish [4]. Despite the need for suchcontext, there has been little work done in real social practices in regards to privacy and security. Thus, ourwork is a valuable contribution to the growing need of observations in real social environments.

Within prior work there have been few examples of qualitative analysis in regards to security and privacy inhealthcare (with valuable exceptions [1]). Qualitative methods, such as interviews and observations,allowed researchers to gain a deeper understanding of lived experiences by exposing taken-for-grantedassumptions by witnessing how participants live in their environment [5]. In particular, prior qualitativeresearch in security has focused on technologically adept locations, with little research regarding those whoopt not to use technology [8]. For these reasons we present qualitative data from rural-serving physicians offices in regards to their security practices.

8/3/2019 Patients Are Not the Enemy

2/3

Approach and UniquenessComputing as a field can be focused on presenting technological solutions to problems. In security this canbe focusing on how to design more usable interfaces and more secure password systems. These systems areuseful, but fail to account for the collaborative practices of work settings, like healthcare. Our work, for thisreason, necessarily has to use qualitative inquiry to approach the use of technology in this novel area. Wetherefore used interviews and observations as our source of data.

Fifteen interviews were conducted with directors of physicians' offices; and, 61.25 hours of observation werecarried out at 5 locations. The participants on average had 20.16 years of experience. The average staff sizewas 10 people with approximately 128 patients seen weekly. Given the dearth of diversity, more identifyinginformation cannot be provided due to participant anonymity. All participants were unpaid.

The interview protocol was developed and vetted by two external researchers. Participants were askeddemographic questions; questions in regards to their daily information management practices, andquestions in regards to their electronic systems. Pictures and forms were collected from offices duringinterviews.

We used phenomenology to derive the essence of security and privacy within collaborative management of patient information. Phenomenology is a qualitative method used frequently in healthcare research; see [5]for details. For our study, data was analyzed by creating a set of themes, clustering the data into sets of meanings, and establishing agreement between the researchers before examining data.

Results and ContributionsThrough our interviews and observations the following findings emerged: passwords were rarely used; whenused, passwords were shared; patient electronic and paper files were lost; electronic systems crashedloosing sensitive client information; and, patient information was freely available and accessible to anyonewho worked at the center. More information about this data can be found in [9]. However, given the brevityof this abstract, we have found these topics that we would like to discuss with the GHC audience.

Supporting Collaborative TasksThe breakdown in password utilization and personal password security reflect that the need for this featureis not represented in the work carried out in systems that have password functionality. In other words, usersdo not see the need for passwords, thus individual passwords are not used. Similarly, office staff often leaveinformation out of files or did not return files to shelves immediately. This means that systems shouldaccount for quick access to information not based on the needs of the group, and not on individual accesscontrol.

Systematic FlawsElectronic record systems crashing, data backups failing, difficulty of locating paper patient files, and leavingfiles in the open can all be attributed to flaws within the socio-technical system. The unreliability of electronic systems require practices to maintain their paper files as a reliable backup source resulting intwice the amount of files to maintain and twice the amount of data to secure. Leaving information out of files or files off the shelf, even temporarily in between uses, is in direct conflict with keeping the informationsecure in the sense that it is not locked away and protected from prying eyes. Redundant informationrepresents a system flaw in regards to security, but was created to support the social system. Designersshould consider the affordances of paper files that are difficult for electronic systems such as having aphysical location, recognizable handwriting, and spotting inconsistencies in the system (e.g., missinginformation within a file).

Is Patient Privacy a Fallacy? Further improvements can be made to enhance the reliability and security of electronic systems. Updatescan be tracked as well as regular backups that alert the system administrator when they fail to runsuccessfully. Additionally machine learning algorithms can process individual user access to patient files inorder to identify unusual behavior.

These are not flaws of malice, but flaws of negligence where the work of making client information secureand private is not clearly embodied in the practice of managing patient information. Our future work is torespond to these issues by prototyping solutions that do represent the social needs of informationmanagement.

8/3/2019 Patients Are Not the Enemy

3/3

References

[1] Adams & Blandford (2005). "Bridging the gap between organizational and user perspectives of securityin the clinical domain." IJHCS 63(1-2).

[2] Adams & Sasse (1999). Users are not the enemy. Communications of the ACM.

[3] Bellotti & Sellen (1993) "Design for Privacy in Ubiquitous Computing Environments," Conference onCSCW, Kluwer Academic Publishers.

[4] Palen & Dourish (2003). Unpacking "privacy" for a networked world. Conference on Human Factors inComp Sys, Ft. Lauderdale, Florida, ACM.

[5] Starks & Trinidad (2007). "Choose your method: A comparison of phenomenology, discourse analysis,and grounded theory." Qual Health Res 17(10.

[6] Carayon (2006). "Human factors of complex sociotechnical systems." Applied ergonomics 37(4).

[7] Berner, Detmer & Simborg (2005). "Will the Wave Finally Break? A Brief View of the Adoption of Electronic Medical Records in the United States." JAMIA 12(1).

[8] Satchell & Dourish (2009). Beyond the user: Use and non-use in HCI. OZCHI. Melbourne, ACM.

[9] Baker, Aubrey, Laurian Vega, Tom DeHart, Steve Harrison. Healthcare & Security: Understanding & Evaluating the Risks. Presented at Human-Computer Interaction International (HCII11) ,ACM,2011. Orlando,Florida, USA. July 9th - 14th,2011.