Journal:Password compliance for PACS work stations: Implications for emergency-driven medical environments
| Full article title | Password compliance for PACS work stations: Implications for emergency-driven medical environments |
|---|---|
| Journal | South African Journal of Bioethics and Law |
| Author(s) | Mahlaola, T.B.; van Dyk, B. |
| Author affiliation(s) | University of Johannesburg |
| Year published | 2017 |
| Volume and issue | 10(2) |
| Page(s) | 62–6 |
| DOI | 10.7196/SAJBL.2017.v10i2.00600 |
| ISSN | 1999-7639 |
| Distribution license | Creative Commons Attribution-NonCommercial 4.0 International |
| Website | https://www.ajol.info/index.php/sajbl/article/view/165242 |
| Download | https://www.ajol.info/index.php/sajbl/article/download/165242/154702 (PDF) |
Abstract
Background: The effectiveness of password usage in data security remains an area of high scrutiny. Literature findings do not inspire confidence in the use of passwords. Human factors such as the acceptance of and compliance with minimum standards of data security are considered significant determinants of effective data-security practices. However, human and technical factors alone do not provide solutions if they exclude the context in which the technology is applied.
Objectives: To reflect on the outcome of a dissertation which argues that the minimum standards of effective password use prescribed by the information security sector are not suitable to the emergency-driven medical environment, and that their application as required by law raises new and unforeseen ethical dilemmas.
Method: A close-ended questionnaire, the Picture Archiving and Communication System Confidentiality Scale (PAC-CS) was used to collect quantitative data from 115 health professionals employed in both a private radiology and a hospital setting. The PACS-CS sought to explore the extent of compliance with accepted minimum standards of effective password usage.
Results: The percentage compliance with minimum standards was calculated. A significant statistical difference (p<0.05) between the expected and observed data-security practices was recorded.
Conclusion: The study interrogates the suitability of adherence to minimum standards of effective password usage in an emergency-driven medical environment and calls for much-needed debate in this area.
Introduction
The effectiveness of password usage in data security has been heavily criticized. A variety of assumptions regarding password usage have been made, depending on the focus of the literature. From a technical perspective, passwords are considered ineffective in restricting access only to individuals with authorized and legitimate access to data.[1] Engineers suspect that human factors play a significant role in determining the effectiveness of technical safeguards, so that human beings are deemed the weakest link in data security.[2] It remains unclear whether the use of passwords is effective in safeguarding electronic data.
Literature findings do not inspire confidence in the usage of passwords for data security. Several quotes taken from various points in time attest to this fact, for example: "Boot passwords, put your computer under lock and key"[3]; "Goodbye, passwords. You aren’t a good defense"[4], and more recently, "Forget passwords – use your face instead."[5]
There is extensive literature focusing on the effectiveness and suitability of password usage in preventing confidentiality breaches within environments such as computer security. The researchers have no knowledge of similar studies relating to the suitability of password usage within the medical environment. The aim of this article is to bring to the fore factors unique to the medical environment that argue against the direct "copy and paste" adoption of the minimum standards for effective password usage from computer security into the medical environment.
References
- ↑ Dayarathna, R. (2009). "The principle of security safeguards: Unauthorized activities". Computer Law & Security Review 25 (2): 165–72. doi:10.1016/j.clsr.2009.02.012.
- ↑ Ifinedo, P. (2012). "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory". Computers & Security 31 (1): 83–95. doi:10.1016/j.cose.2011.10.007.
- ↑ Steers, K. (2003). "Boot passwords, put your PC under lock and key". PC World 21 (9): 168.
- ↑ Stross, R. (9 August 2008). "Goodbye, Passwords. You Aren’t a Good Defense". The New York Times. https://www.nytimes.com/2008/08/10/technology/10digi.html. Retrieved 27 May 2017.
- ↑ Graham, J. (5 January 2015). "Forget passwords - use your face instead". USA Today. https://www.pressreader.com/usa/usa-today-us-edition/20150105/281801397332402.
Notes
This presentation is faithful to the original, with only a few minor changes to presentation. In some cases important information was missing from the references, and that information was added.
