Usability of authentication and access control: A case study in healthcare

摘要

Although there is an initial plan describing the rules to access an Electronic Medical Record (EMR) that is devised by implementers and software engineers, its access in practice is often different from what was envisaged. Healthcare professionals do not normally participate in the design of working tools, so they have to adapt their workflows around the systems in order to use them for their daily practice (being this one of the main reasons for health information systems failure); or they may circumvent the rules established for accessing the system because those rules are too cumbersome, time-consuming, or both. The objective of this paper is to study the usability of authentication and access control features in the healthcare environment with the use of qualitative methods. Usability studies using qualitative data collection and analysis can deeper explore people's behaviour when interacting with security technology and help understand better the context, workflows, needs and beliefs of users. This can facilitate in defining better security technology that is closer to the healthcare practice.