Access Control Hygiene and the Empathy Gap in Medical IT

Authors

Yifei Wang, Dartmouth College
Sean Smith, Dartmouth College
Andrew Gettinger, Dartmouth CollegeFollow

Document Type

Technical Report

Publication Date

4-1-2012

Technical Report Number

TR2012-713

Abstract

In theory, access control is a solved problem. In practice, large real-world enterprises still report trouble: de facto policy becomes unmanageable; users circumvent controls. These issues can be particularly critical in medical IT, such as emerging EMR and EHR, where access control errors can have serious repercussions. In this paper, we investigate how real-world EMR users think about access control when they are making policy decisions in the abstract---and when they are actually using the system in treatment scenarios. Mismatches suggest places ("empathy gaps") where new policy tools may be needed.

Comments

A preliminary report about the first author's B.A. thesis.

Dartmouth Digital Commons Citation

Wang, Yifei; Smith, Sean; and Gettinger, Andrew, "Access Control Hygiene and the Empathy Gap in Medical IT" (2012). Computer Science Technical Report TR2012-713. https://digitalcommons.dartmouth.edu/cs_tr/354