Reference : Log analysis of human computer interactions regarding Break The Glass accesses to gen...
Scientific congresses, symposiums and conference proceedings : Unpublished conference
Engineering, computing & technology : Computer science
Log analysis of human computer interactions regarding Break The Glass accesses to genetic reports
Ferreira, Ana mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
15th International Conference on Enterprise Information Systems
from 04-07-2013 to 07-07-2013
[en] Security usability ; Human interaction log analysis, ; Access control override ; Electronic Health Records
[en] Patients’ privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in security but they are, many times, part of the solution when they are involved in systems’ design. In the healthcare domain, the focus is to treat patients (many times with scarce technological, time and human resources) and not to secure their information. Therefore, security must not interfere with this process but be present, nevertheless. Security usability issues must also be met with interdisciplinary knowledge from human-computer-interaction, social sciences and psychology. The main goal of this paper is to raise security and usability awareness with the analysis of users’ interaction logs of a BreakTheGlass (BTG) feature. This feature is used to restrict access to patient reports to a group of healthcare professionals within an EHR but also permit access control override in emergency and/or unexpected situations. The analysis of BTG user interaction logs allows, in a short time span and transparently to the user, revealing security and usability problems. This log analysis permits a better choice of methodologies to further apply in the investigation and resolution of the encountered problems.
I2R-APS-PFN-11STAS > C11/IS/1183245 : STAST > 01/05/2012 - 30/04/2015 > RYAN Peter

File(s) associated to this reference

Fulltext file(s):

Open access
FerreiraA-ICEIS2013-FINAL.pdfAuthor postprint542.36 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.