The elephant in the room: Health information system security and the user-level environment

Abstract

The patient care context comprises outdated infrastructure, pervasive computer use, shared clinical workspace, aural privacy shortcomings, interruptive work settings, confusing legislation, poor privacy and security (P&S) eHealth training outcomes and inadequate budgets. Twenty three medical, nursing and allied health clinicians working in Australia (Victoria) participated in qualitative research examining work practices with P&S for patient care. They criticised a slow, inefficient eHealth information system (eHIS) environment permeated by usability errors. EHealth systems expanded workloads and system demands were onerous, increasing the clinicians' scepticism of reliance on information technology. Consequently many clinicians had developed trade-offs to avoid reliance an eHIS. The trade-offs include IT support avoidance and shared passwords to PKI and computer accounts. Handover-sheets populated by transcribed notes were circulated between all clinicians present. The practices ensure paper persistence and escalate P&S threats to data confidentiality, integrity and availability. Study evidence suggests poor eHISs hamper patient care and may represent a larger P&S threat than indicated by studies to date.