Document Type
Technical Report
Publication Date
4-1-2012
Technical Report Number
TR2012-713
Abstract
In theory, access control is a solved problem. In practice, large real-world enterprises still report trouble: de facto policy becomes unmanageable; users circumvent controls. These issues can be particularly critical in medical IT, such as emerging EMR and EHR, where access control errors can have serious repercussions. In this paper, we investigate how real-world EMR users think about access control when they are making policy decisions in the abstract---and when they are actually using the system in treatment scenarios. Mismatches suggest places ("empathy gaps") where new policy tools may be needed.
Dartmouth Digital Commons Citation
Wang, Yifei; Smith, Sean; and Gettinger, Andrew, "Access Control Hygiene and the Empathy Gap in Medical IT" (2012). Computer Science Technical Report TR2012-713. https://digitalcommons.dartmouth.edu/cs_tr/354
Comments
A preliminary report about the first author's B.A. thesis.