The Open UniversitySkip to content

Bridging the gap between organisational and user perspectives of security in the clinical domain

Adams, Anne and Blandford, Ann (2005). Bridging the gap between organisational and user perspectives of security in the clinical domain. International Journal of Human-Computer Studies, 63(1 - 2) pp. 175–202.

DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


An understanding of ‘communities of practice’ can help to make sense of existing security and privacy issues within organisations; the same understanding can be used proactively to help bridge the gap between organisational and end-user perspectives on these matters. Findings from two studies within the health domain reveal contrasting perspectives on the ‘enemy within’ approach to organisational security. Ethnographic evaluations involving in-depth interviews, focus groups and observations with 93 participants (clinical staff, managers, library staff and IT department members) were conducted in two hospitals. All of the data was analysed using the social science methodology ‘grounded theory’. In one hospital, a community and user-centred approach to the development of an organisational privacy and security application produced a new communication medium that improved corporate awareness across the organization. User involvement in the development of this application increased the perceived importance, for the designers, of application usability, quality and aesthetics. However, other initiatives within this organisation produced clashes with informal working practices and communities of practice. Within the second hospital, poor communication from IT about security mechanisms resulted in their misuse by some employees, who viewed them as a socially controlling force. Authentication mechanisms were used to socially exclude users who were formally authorised to access systems but whose access was unacceptable within some local communities of practice. The importance of users’ security awareness and control are reviewed within the context of communities of practice.

Item Type: Journal Item
ISSN: 1071-5819
Keywords: Security, Privacy, Communities of Practice,
Academic Unit/School: Learning and Teaching Innovation (LTI) > Institute of Educational Technology (IET)
Learning and Teaching Innovation (LTI)
Research Group: Centre for Research in Computing (CRC)
Centre for Research in Education and Educational Technology (CREET)
Item ID: 6704
Depositing User: Anne Adams
Date Deposited: 12 Feb 2007
Last Modified: 07 Dec 2018 09:01
Share this page:


Altmetrics from Altmetric

Citations from Dimensions

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU