School of Psychology & Public Health, La Trobe University, Victoria 3086, Australia; School of Computing and Information Systems, University of Melbourne, Victoria 3010, Australia.
School of Computing and Information Systems, University of Melbourne, Victoria 3010, Australia.
Int J Med Inform. 2024 Dec;192:105606. doi: 10.1016/j.ijmedinf.2024.105606. Epub 2024 Aug 30.
BACKGROUND/OBJECTIVE: The use of personal devices for work purposes (Bring-your-own-device) has increased in hospitals, as it facilitates productivity and mobility for clinicians. However, owing to increased risk of leaking patient information, and heavy reliance of patient data privacy on user actions, BYOD is a major challenge for hospitals. There has been a dearth of empirical research studying clinicians' BYOD security behaviour. Therefore, the study's aim was to attain subjective understanding of clinicians' attitudes and preferences towards protecting patient data on their devices through a qualitative study.
14 semi-structured interviews were conducted among Australian hospital-based clinicians. A hybrid thematic analysis was conducted using the framework method to explore socio-technical themes pertaining to the clinicians' BYOD security behavioural practices.
Limited use of secure tools like antivirus and passcodes, and inadequate separation of patient and personal data on BYOD devices was found. Key technology concerns included malware introduction into hospital network, inadvertent patient data sharing, and slow remote access. Hospitals lacked dedicated BYOD policies and training, resulting in unsafe practices. Participants also cited misalignment of BYOD policies with workflow needs, privacy maintenance challenges and fears of personal data breaches, while calling for improved communication between technical and clinical staff and a strong cybersecurity culture.
This study provides a comprehensive understanding of BYOD related user behaviour and the usefulness of security controls used in time-sensitive and complex hospital environments. It can inform future policies or processes by advocating for secure and productive BYOD use.
背景/目的:随着个人设备在工作中的应用(自带设备)在医院中的增加,它为临床医生提供了更高的工作效率和移动性。然而,由于患者信息泄露风险的增加,以及患者数据隐私对用户行为的严重依赖,BYOD 给医院带来了重大挑战。目前,关于临床医生自带设备安全行为的实证研究还很少。因此,本研究旨在通过定性研究,从主观上了解临床医生对保护其设备上患者数据的态度和偏好。
对澳大利亚医院的临床医生进行了 14 次半结构化访谈。采用混合主题分析法,结合框架法,探讨与临床医生自带设备安全行为实践相关的社会技术主题。
研究发现,临床医生在使用安全工具(如防病毒软件和密码)方面存在局限性,并且在自带设备上,患者数据和个人数据没有得到充分分离。主要的技术问题包括恶意软件引入医院网络、无意中共享患者数据,以及远程访问速度缓慢。医院缺乏专门的 BYOD 政策和培训,导致不安全的操作。参与者还提到了 BYOD 政策与工作流程需求不匹配、隐私维护挑战以及对个人数据泄露的担忧,同时呼吁加强技术和临床人员之间的沟通,并建立强大的网络安全文化。
本研究全面了解了与 BYOD 相关的用户行为以及在时间敏感和复杂的医院环境中使用的安全控制的有效性。它可以通过倡导安全和高效的 BYOD 使用,为未来的政策或流程提供信息。
