Title

Making research real: Is action research a suitable methodology for medical information security

Document Type

Conference Proceeding

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

4179

Comments

This article was originally published as: Williams, P. (2006). Making research real : Is action research a suitable methodology for medical information security. Proceedings of the 4th Australian Information Security Conference (pp. 196-207). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Original article available here

Abstract

In the medical field. information security is an important yet vastly underrated issue, Research into the protection of sensitive medical data is often technically focused and does not address information systems and behavioural aspects integral to effective information security implementation, Current information security policy and guidelines are strategically oriented which, whilst relevant to large organisations, are less supportive to smaller enterprises such as primary care practices. Further, the conservative nature of the medical profession has been shown to hinder investigation into information technology use and management, making effective improvement based on research problematical. It is an environment which relies greatly on trust, inhibiting good security practice. Research into how information security practice in this setting can be improved demands an interpretivist approach rather than a positivist one. Action research is one such interpretivist method that allows a creation of scientific /mowledge with practical value. Whilst there is some opposition to the action research method on grounds ()f rigour, its fundamental cyclic process of participation, action and reflection promotes internal rigour and can overcome many of the barriers to research inherent in the primary care medical environment.