Capturing Culture in Medical Information Security Research
University of Plymouth
Computing, Health and Science
Computer and Security Science, Centre for Security Research
The definition and deconstruction of culture is an intricate exercise which is multifaceted and multilayered and has at its core, values that drive behaviour and practice often instinctively. One aspect of such culture that is deeply embedded in the medical setting is trust. Researching the influence of culture on security practice is a complex task in this situation, yet information systems research must address such factors if effective information security is to be promoted. In the medical environment this is particularly important as electronic communication is becoming widely adopted and as E-health and shared electronic patient information develops into a focal point for many health services worldwide. Through a series of research projects using traditional methods of investigation, it was identified that trust is a powerful influence on how information security is implemented in primary care medical practices. An underestimation of potential threats coupled with a lack of understanding of security concepts further fosters reliance on trust within this environment. The challenge was to design methods that would investigate the influence of trust within an information systems framework. The methods chosen are a fusion of separate investigative techniques. The combination of methods provides a unique triangulation of interviews, observation and physical artefacts from which to investigate how trust is reported and how it influences practice. The importance of adopting alternative methods within the sphere of information systems research is that it is essential that techniques are used to inform development of effective and contextualised solutions for information security threats in the medical environment.