Password Sharing and How to Reduce It

Password Sharing and How to Reduce It

Ana Ferreira (Cintesis, Portugal & University of Kent, UK), Ricardo Correia (Cintesis, Portugal), David Chadwick (University of Kent, UK), Henrique M.D. Santos (University of Minho, Portugal), Rui Gomes (Hospital Prof. Doutor Fernando Fonseca, Portugal), Diogo Reis (Hospital S. Sebastião, Portugal) and Luis Antunes (Instituto de Telecomunicações, Portugal)
Copyright: © 2011 |Pages: 21
ISBN13: 9781616928957|ISBN10: 1616928956|EISBN13: 9781616928971
DOI: 10.4018/978-1-61692-895-7.ch013
Cite Chapter Cite Chapter

MLA

Ferreira, Ana, Ricardo Correia, David Chadwick, Henrique M.D. Santos, Rui Gomes, Diogo Reis and Luis Antunes. "Password Sharing and How to Reduce It." Certification and Security in Health-Related Web Applications: Concepts and Solutions. IGI Global, 2011. 243-263. Web. 27 Mar. 2020. doi:10.4018/978-1-61692-895-7.ch013

APA

Ferreira, A., Correia, R., Chadwick, D., Santos, H. M., Gomes, R., Reis, D., & Antunes, L. (2011). Password Sharing and How to Reduce It. In A. Chryssanthou, I. Apostolakis, & I. Varlamis (Eds.), Certification and Security in Health-Related Web Applications: Concepts and Solutions (pp. 243-263). Hershey, PA: IGI Global. doi:10.4018/978-1-61692-895-7.ch013

Chicago

Ferreira, Ana, Ricardo Correia, David Chadwick, Henrique M.D. Santos, Rui Gomes, Diogo Reis and Luis Antunes. "Password Sharing and How to Reduce It." In Certification and Security in Health-Related Web Applications: Concepts and Solutions, ed. Anargyros Chryssanthou, Ioannis Apostolakis and Iraklis Varlamis, 243-263 (2011), accessed March 27, 2020. doi:10.4018/978-1-61692-895-7.ch013

Export Reference

Mendeley
Favorite

Abstract

Password sharing is a common security problem. Some application domains are more exposed than others and, by dealing with very sensitive information, the healthcare domain is definitely not exempt from this problem. This chapter presents a case study of a cross section of how healthcare professionals actually deal with password authentication in typical real world scenarios. It then compares the professionals’ actual practice with what they feel about password sharing and what are the most frequent problems associated with it. Further, this chapter discusses and suggests how to solve or minimize some of these problems using both technological and social cultural mechanisms.

References

Adams A. Sasse M. A. (1999). Users are not the enemy.Communications of the ACM, 42(12), 40–46. 10.1145/322796.322806
Bakker A. (2004). Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences.International Journal of Medical Informatics, 73(3), 267–270. 10.1016/j.ijmedinf.2003.11.00815066557
Beolchi L. (2002). Telemedicine Glossary (4th ed.). Belgium: European Commission.
Blobel B. (2000). Authorisation and access control for electronic health record systems.International Journal of Medical Informatics, 73(3), 251–257. 10.1016/j.ijmedinf.2003.11.01815066555
Bodenheimer T. Grumbach K. (2003). A Spark to Revitalize Primary Care?JAMA: the Journal of the American Medical Association, 290, 259–264. 10.1001/jama.290.2.25912851283
Cazier J. Medlin B. (2006). How secure is your information system? An investigation into actual healthcare worker password practices.Perspectives in Health Information Management, 3(8).18066366
Croll P. Croll J. (2006). Investigating risk exposure in e-health systems.International Journal of Medical Informatics, 76(5-6), 460–465. 10.1016/j.ijmedinf.2006.09.01317126069
Cruz-Correia, R., Vieira-Marques, P., Costa, P., Ferreira, A., Oliveira-Palhares, E., Araújo, F. (2005). Integration of Hospital data using Agent Technologies – a case study. AICommunications special issue of ECAI, 18(3), 191-200.
Dick R. Steen E. (1997). The Computer-based Patient Record: An Essential Technology for HealthCare. Washington: National Academy Press.
Gollman D. (1999). Computer Security (1st ed.). New York: John Wiley & Sons.
Harris S. (2003). CISSP Certification All-in-One Exam Guide (2nd ed.). New York: McGraw-Hill Osborne Media.
Hirose, Y. (1998). Access control and system audit based on patient-doctor relation and clinical situation model. Medinfo’98, 2, 1151-1155.
Hirose Y. Sasaki Y. Kinoshita A. (2001). Human resource assignment and role representation mechanism with the cascading staff-group authoring and relation/situation model.Medinfo, 10(1), 740–744.11604835
Iakovidis I. (1998). From electronic medical record to personal health records: present situation and trends in European Union in the area of electronic healthcare records.Medinfo, 9, 18–22.10384547
Institute M. R. (2005). 7th annual survey of electronic health record trends and usage for 2005. Medical Records Institute.
International Organization for Standardization. International Standard ISO/IEC 17799. (2000). Information technology - Code of practice for information security management. Geneva: ISO2000.
Jain A. Ross A. (2006). Biometrics: A tool for information security.IEEE Transactions on Information Forensics and Security, 1(2), 125–143. 10.1109/TIFS.2006.873653
Knitz, M. (2005). HIPPA compliance and electronic medical records: are both possible? Graduate research report: Bowie State University.
Kurtz G. (2003). EMR confidentiality and information security.Journal of Healthcare Information Management, 17(3), 41–48.12858596
Lehoux P. (2006). The Problem of Health Technology: Policy Implications for Modern Health Care (1st ed.). Routledge.
Magalhães, S., Santos, H. M. D., et al. (2008). Keystroke Dynamic and Graphical Authentication Systems. Encyclopedia of Information Science and Technology, Second ed. M. Khosrow-Pour. USA, Information Science Reference, 1, 2313 - 2318.
Miller R. Hillman J. Given R. (2004). Physician use of IT: results from the Deloitte Research Survey.Journal of Healthcare Information Management, 18(1), 72–80.14971083
Morgan D. (1996). Focus Groups.Annual Review of Sociology, 22, 129–152. 10.1146/annurev.soc.22.1.129
NVIVO 7.(2009). QSR International. Retrieved from: http://www.qsrinternational.com/. (13th April 2009).
Nygren E. Wyatt J. Wright P. (1998). Helping clinicians to find data and avoid delays.Lancet, 352, 1462–1466. 10.1016/S0140-6736(97)08307-49808009
Pfleeger C. P. Pfleeger S. L. (2007). Security in Computing (4th ed.). Prentice Hall.
Schneier B. (2004). Secrets and Lies: digital security in a networked world. Wiley.
Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., Furlong, M., et al. (2007). Password sharing: implications for security design based on social practice. In Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 895-904.
Stanton J. Stam K. (2005). Analysis of end user security behaviors.Computers & Security, 24(2), 124–133. 10.1016/j.cose.2004.07.001
Waegemann, C. (2002). Status Report 2002: Electronic Health Records.
Waegemann, C. (2003). EHR vs. CPR vs. EMR. Healthcare Informatics online.
Wyatt, J. (1994). Clinical data systems, Part 1: Data and medical records. The Lancet, 344, 1543 7.
Wyatt J. (2005). Clinical data capture and presentation. Porto: Medical Informatics Summer School.
Wyatt J. Wright P. (1998). Design should help use of patients' data.Lancet, 352, 1375–1378. 10.1016/S0140-6736(97)08306-29802289

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.