Visible to the public Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?Conflict Detection Enabled

TitleWorkarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient?
Publication TypeJournal Article
Year of Publication2015
AuthorsRoss Koppel, University of Pennsylvania, Sean W. Smith, Dartmouth College, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College
JournalInformation Technology and Communications in Health
Date Published02/2015
Keywordscomputer access, cybersecurity, NSA SoS Lablets Materials, Science of Human Circumvention of Security, science of security, UIUC, workarounds, workflow

Workarounds to computer access in healthcare are sufficiently common that they often go unnoticed. Clinicians focus on patient care, not cybersecurity. We argue and demonstrate that understanding workarounds to healthcare workers' computer access requires not only analyses of computer rules, but also interviews and observations with clinicians. In addition, we illustrate the value of shadowing clinicians and conducing focus groups to understand their motivations and tradeoffs for circumvention. Ethnographic investigation of the medical workplace emerges as a critical method of research because in the inevitable conflict between even well-intended people versus the machines, it's the people who are the more creative, flexible, and motivated. We conducted interviews and observations with hundreds of medical workers and with 19 cybersecurity experts, CIOs, CMIOs, CTO, and IT workers to obtain their perceptions of computer security. We also shadowed clinicians as they worked. We present dozens of ways workers ingeniously circumvent security rules. The clinicians we studied were not "black hat" hackers, but just professionals seeking to accomplish their work despite the security technologies and regulations.

Citation Keynode-32579