A friend sent me a link to Healthcare workers prioritize helping people over information security (disaster ensues) as a great example of what happens when security isn’t designed for the users of the system. For example, “Other IT-based checks forced even-more-dangerous workarounds, like the system that wouldn't let doctors save work without ordering potentially lethal blood thinners, which they'd have to remember to log back in and cancel, or kill their patients.”
When my girls were born very prematurely, I had a chance to spend many months experiencing how hospitals work day to day. I can attest to how busy our doctors and nurses were, and how many details they needed to remember. I have seen doctors rush from one wing to another to save a little girl who has turned blue (but is now a happy 8 year old). One of my daughter’s nurses committed suicide years after we left the hospital after she had made a mistake on a medication. It is no wonder that medical professionals work around security when it gets in their way. In many cases they are weighing the risk of a data leak vs. a medical emergency that is in progress.
The best thing we as security professionals can do is to find solutions that not only help protect data, but also help catch medical errors, and assist professionals in an emergency. Auditing is one solid area for this. Another is to find better biometrics that don’t require physical touch (to cut down on germs), and have smart overrides in an emergency (allow access anyway but call security to come verify once the crisis is under control). The work done on Microsoft’s Kinect and Amazon’s Echo come to mind as technologies that may help move research forward in this area.
The next time you’re at the doctor, or at a hospital, ask about how the data security system is working for the people you depend on. What do they like? What would they change? What do they work around? How would you make their life easier so they can concentrate on treating you or keeping you well?
Questions or comments? e[email protected].
RSS Feed