The Open UniversitySkip to content
 

Bridging the gap between organisational and user perspectives of security in the clinical domain

Adams, Anne and Blandford, Ann (2005). Bridging the gap between organisational and user perspectives of security in the clinical domain. International Journal of Human-Computer Studies, 63(1 - 2) pp. 175–202.

URL: http://kn.open.ac.uk/document.cfm?documentid=9310
DOI (Digital Object Identifier) Link: http://dx.doi.org/10.1016/j.ijhcs.2005.04.022
Google Scholar: Look up in Google Scholar

Abstract

An understanding of ‘communities of practice’ can help to make sense of existing security and privacy issues within organisations; the same understanding can be used proactively to help bridge the gap between organisational and end-user perspectives on these matters. Findings from two studies within the health domain reveal contrasting perspectives on the ‘enemy within’ approach to organisational security. Ethnographic evaluations involving in-depth interviews, focus groups and observations with 93 participants (clinical staff, managers, library staff and IT department members) were conducted in two hospitals. All of the data was analysed using the social science methodology ‘grounded theory’. In one hospital, a community and user-centred approach to the development of an organisational privacy and security application produced a new communication medium that improved corporate awareness across the organization. User involvement in the development of this application increased the perceived importance, for the designers, of application usability, quality and aesthetics. However, other initiatives within this organisation produced clashes with informal working practices and communities of practice. Within the second hospital, poor communication from IT about security mechanisms resulted in their misuse by some employees, who viewed them as a socially controlling force. Authentication mechanisms were used to socially exclude users who were formally authorised to access systems but whose access was unacceptable within some local communities of practice. The importance of users’ security awareness and control are reviewed within the context of communities of practice.

Item Type: Journal Article
ISSN: 1071-5819
Keywords: Security, Privacy, Communities of Practice,
Academic Unit/Department: Institute of Educational Technology
Interdisciplinary Research Centre: Centre for Research in Education and Educational Technology (CREET)
Centre for Research in Computing (CRC)
Item ID: 6704
Depositing User: Anne Adams
Date Deposited: 12 Feb 2007
Last Modified: 02 Dec 2010 19:57
URI: http://oro.open.ac.uk/id/eprint/6704
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk