Visible to the public Ethnography of Computer Security Evasions in Healthcare Settings: Circumvention as the NormConflict Detection Enabled

TitleEthnography of Computer Security Evasions in Healthcare Settings: Circumvention as the Norm
Publication TypePresentation
Year of Publication2014
AuthorsJim Blythe, University of Southern California, Ross Koppel, University of Pennsylvania, Vijay Kothari, Dartmouth College, Sean W. Smith, Dartmouth College
KeywordsNSA SoS Lablets Materials, Science of Human Circumvention of Security, science of security, UIUC

Healthcare professionals have unique motivations, goals, perceptions, training, tensions, and behaviors, which guide workflow and often lead to unprecedented workarounds that weaken the efficacy of security policies and mechanisms. Identifying and understanding these factors that contribute to circumvention, as well as the acts of circumvention themselves, is key to designing, implementing, and maintaining security subsystems that achieve security goals in healthcare settings. To this end, we present our research on workarounds to computer security in healthcare settings without compromising the fundamental health goals. We argue and demonstrate that understanding workarounds to computer security, especially in medical settings, requires not only analyses of computer rules and processes, but also interviews and observations with users and security personnel. In addition, we discuss the value of shadowing clinicians and conducting focus groups with them to understand their motivations and tradeoffs for circumvention. Ethnographic investigation of workflow is paramount to achieving security objectives.


Presented at Safety, Security, Privacy and Interoperability of Health Information Technologies (HealthTec 2014), August 19, 2014 in San Diego, CA. See video at URL below.

Citation Keynode-32312