Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?

@article{Koppel2015WorkaroundsTC,
  title={Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?},
  author={Ross Koppel and Sean W. Smith and Jim Blythe and Vijay H. Kothari},
  journal={Studies in health technology and informatics},
  year={2015},
  volume={208},
  pages={
          215-20
        }
}
Workarounds to computer access in healthcare are sufficiently common that they often go unnoticed. [...] Key Method We conducted interviews and observations with hundreds of medical workers and with 19 cybersecurity experts, CIOs, CMIOs, CTO, and IT workers to obtain their perceptions of computer security. We also shadowed clinicians as they worked. We present dozens of ways workers ingeniously circumvent security rules. The clinicians we studied were not "black hat" hackers, but just professionals seeking to…Expand
Cybersecurity in healthcare: A systematic review of modern threats and trends.
TLDR
The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data and it is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access. Expand
Seeing the Signs of Workarounds
Workarounds are intentional deviations from prescribed processes. They are most commonly studied in healthcare settings, where nurses are known for frequently deviating from the intended way of usingExpand
A Practice-Based Approach to Security Management: Materials, Meaning and Competence for Trainers of Healthcare Cybersecurity
Managing how new digital technologies are integrated into different contexts has become a key component needed for effective international security management. This chapter focuses on rethinking ourExpand
Information technology and medication safety
TLDR
The studies in this thesis highlight the importance of good software design, training healthcare professionals in using IT-based interventions and increasing their awareness of potential IT system imperfections that can harm patients. Expand
Factors associated with workarounds in barcode‐assisted medication administration in hospitals
TLDR
Several potential risk factors associated with workarounds performed by nurses that could be used to target future improvement efforts in Barcode‐assisted Medication Administration in hospitals are identified. Expand
Understanding Cybersecurity Practices in Emergency Departments
TLDR
Across multiple hospitals, deployed computer security systems fail to integrate with the requirements of staff and patients, leading to interruptions and inefficiencies. Expand
A Qualitative Exploration of the Security Practices of Registered Nurses
TLDR
The social change from this work may provide contributions to the development of IT infrastructure systems for healthcare helping to create and maintain continued access to and availability of electronic medical records and data for increasing numbers of people who need health maintenance and care. Expand
Mismorphism: a semiotic model of computer security circumvention (poster abstract)
TLDR
A model based on semiotic triads suggests that mismorphisms---mappings that fail to preserve structure---lie at the heart of circumvention scenarios; differential perceptions and needs explain users' actions. Expand
Working around Health Information Systems: to Accept or not to Accept?
TLDR
It is found that workarounds existing in knowledge-intensive processes and/or where a patient is involved are generally considered unacceptable, and workaround in processes with a high degree of collaboration are likely to be accepted. Expand
Healthcare Staffs' Information Security Practices Towards Mitigating Data Breaches: A Literature Survey
TLDR
The purpose of this study was to understand healthcare staffs' information security practices towards mitigating data breaches and identified Human Aspect of Information Security Questionnaire as robust and comprehensive tool for gathering staff security practices. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 20 REFERENCES
Technology Evaluation: Workarounds to Barcode Medication Administration Systems: Their Occurrences, Causes, and Threats to Patient Safety
TLDR
A typology of clinicians' workarounds when using barcoded medication administration (BCMA) systems is developed, finding nurses overrode BCMA alerts for 4.2% of patients charted and for 10.3% of medications charted. Expand
The true cost of unusable password policies: password use in the wild
TLDR
A study which re-examined password policies and password practice in the workplace today finds that users are in general concerned to maintain security, but existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. Expand
Role of computerized physician order entry systems in facilitating medication errors.
TLDR
It is found that a leading CPOE system often facilitated medication error risks, with many reported to occur frequently, in addition to errors that they prevent. Expand
Unintended Consequences of Information Technologies in Health Care—An Interactive Sociotechnical Analysis
Many unintended and undesired consequences of Healthcare Information Technologies (HIT) flow from interactions between the HIT and the healthcare organization's sociotechnical system—its workflows,Expand
Security Dilemma: Healthcare Clinicians at Work
TLDR
While healthcare organizations strive to increase control of network access, clinicians need unencumbered access to data to get their job done. Expand
Healthcare information technology's relativity problems: a typology of how patients' physical reality, clinicians' mental models, and healthcare information technology differ
OBJECTIVE To model inconsistencies or distortions among three realities: patients' physical reality; clinicians' mental models of patients' conditions, laboratories, etc; representation of thatExpand
Why Do Patients Derogate Physicians Who Use a Computer-Based Diagnostic Support System?
Objective. To better understand 1) why patients have a negative perception of the use of computerized clinical decision support systems (CDSSs) and 2) what contributes to the documented heterogeneityExpand
The compliance budget: managing security behaviour in organisations
TLDR
A new paradigm -- the Compliance Budget -- is presented as a means of understanding how individuals perceive the costs and benefits of compliance with organisational security goals, and a range of approaches that security managers can use to influence employee's perceptions are identified. Expand
Password Security: What Users Know and What They Actually Do
TLDR
Results indicate that, in general, users do not vary the complexity of passwords depending on the nature of the site (bank account vs. instant messenger) or change their passwords on any regular basis if it is not required by the site. Expand
So long, and no thanks for the externalities: the rational rejection of security advice by users
TLDR
It is argued that users' rejection of the security advice they receive is entirely rational from an economic perspective, and most security advice simply offers a poor cost-benefit tradeoff to users and is rejected. Expand
...
1
2
...