The elephant in the room: Health information system security and the user-level environment

The patient care context comprises outdated infrastructure, pervasive computer use, shared clinical workspace, aural privacy shortcomings, interruptive work settings, confusing legislation, poor privacy and security (P&S) eHealth training outcomes and inadequate budgets. Twenty three medical, nursing and allied health clinicians working in Australia (Victoria) participated in qualitative research examining work practices with P&S for patient care. They criticised a slow, inefficient eHealth information system (eHIS) environment permeated by usability errors. EHealth systems expanded workloads and system demands were onerous, increasing the clinicians´ scepticism of reliance on information technology. Consequently many clinicians had developed trade-offs to avoid reliance an eHIS. The trade-offs include IT support avoidance and shared passwords to PKI and computer accounts. Handover-sheets populated by transcribed notes were circulated between all clinicians present. The practices ensure paper persistence and escalate P&S threats to data confidentiality, integrity and availability. Study evidence suggests poor eHISs hamper patient care and may represent a larger P&S threat than indicated by studies to date.