International Journal of Medical Informatics
Volume 79, Issue 4 , Pages 268-283, April 2010

Grounding information security in healthcare

  • Ana Ferreira

      Affiliations

    • Computing Laboratory, University of Kent, CT2 7NF Canterbury, Kent, UK
    • Biostatistics and Medical Informatics Department, Faculty of Medicine, Al. Prof. Hernâni Monteiro, 4200-319 Porto, Portugal
    • CINTESIS – Center for research in health information Systems and technologies, Faculty of Medicine, Al. Prof. Hernâni Monteiro, 4200-319 Porto, Portugal
    • Corresponding Author InformationCorresponding author at: Computing Laboratory, University of Kent, CT2 7NF Canterbury, Kent, UK. Tel.: +44 1227 824180; fax: +44 1227 762811.
    • ,
  • Luis Antunes

      Affiliations

    • Instituto de Telecomunicações, Faculdade de Ciências da Universidade do Porto, 4169-007 Porto, Portugal
    • ,
  • David Chadwick

      Affiliations

    • Computing Laboratory, University of Kent, CT2 7NF Canterbury, Kent, UK
    • ,
  • Ricardo Correia

      Affiliations

    • Biostatistics and Medical Informatics Department, Faculty of Medicine, Al. Prof. Hernâni Monteiro, 4200-319 Porto, Portugal
    • CINTESIS – Center for research in health information Systems and technologies, Faculty of Medicine, Al. Prof. Hernâni Monteiro, 4200-319 Porto, Portugal

Received 7 July 2009; received in revised form 19 January 2010; accepted 19 January 2010. published online 15 February 2010.

Abstract 

Purpose

The objective of this paper is to show that grounded theory (GT), together with mixed methods, can be used to involve healthcare professionals in the design and enhancement of access control policies to Electronic Medical Record (EMR) systems.

Methods

The mixed methods applied for this research included, in this sequence, focus groups (main qualitative method that used grounded theory for the data analysis) and structured questionnaires (secondary quantitative method).

Results

Results showed that the presented methodology can be used to involve healthcare professionals in the definition of access control policies to EMR systems and explore these issues in a diversified and integrated way. The methodology allowed for the generation of great amounts of data in the beginning of the study and in a short time span. Results from the applied methodology revealed a first glimpse of the theories to be generated and integrated, with future research, into access control policies.

Conclusions

The methodological research described in this paper is very rarely, if ever, applied in developing security tools such as access control. Nevertheless, it can be an effective way of involving healthcare professionals in the definition and enhancement of access control policies and in making information security more grounded into their workflows and daily practices.

Keywords: Information security, Access control, Access control policy, Electronic medical record, Grounded theory, Mixed methods

To access this article, please choose from the options below

Login to an existing account or Register a new account.

  • Purchase this article for 31.50 USD (You must login/register to purchase this article)

    Online access for 24 hours. The PDF version can be downloaded as your permanent record.

  • Subscribe to this title

    Get unlimited online access to this article and all other articles in this title 24/7 for one year.

  • Claim access now

    For current subscribers with Society Membership or Account Number.

  • Visit SciVerse ScienceDirect to see if you have access via your institution.
 

PII: S1386-5056(10)00022-5

doi:10.1016/j.ijmedinf.2010.01.009

International Journal of Medical Informatics
Volume 79, Issue 4 , Pages 268-283, April 2010

Article Tools

* Image Usage & Resolution