Security in Practice: Examining the Collaborative Management of Personal Sensitive Information in Childcare Centers and Physician’s Offices, Presentation

8/7/2019 Security in Practice: Examining the Collaborative Management of Personal Sensitive Information in Childcare Centers and Physician’s Offices, Presentation

http://slidepdf.com/reader/full/security-in-practice-examining-the-collaborative-management-of-personal-sensitive 1/102

Security in Practice: Examining

the Collaborative Management of Sensitive Information in Childcare

Centers and Physician’s Offices

Laurian Vega

March 28th, 2011

1



2

DianaMonkeys

& KlausZuberbühler



3

Unknown environment appear chaotic;

focusing on one element provides clarity



3



As scientists, we can present new ways

of looking at old topics (i.e.communication & threats)



3



It is only through living the experiencethat true understanding of the

phenomenon of security emerged

As scientists, we can present new ways

of looking at old topics (i.e.communication & threats)



Outline

1. Motivation & Related Work

2. Research Method

3. Sample Security & Privacy

Breakdowns

4. Revisiting Research Themes

5. Security & Privacy Scenarios

• Access v. Inaccess

• Contextual Awareness v.Lack of Contextual

Awareness

• Technological v. Social

Enforcement

4

Security & Privacy

Breakdowns

Research

Themes

Scenarios



Motivation for Work

Related Work

Human-

ComputerInteraction

Usable

Security

Medical

Informatics

5



Motivation for Work:

Usable Security

Related Work

Human-

Computer

Interaction

Usable SecurityMedical

Informatics

• Push back at belief that

humans are weak link in

security

• Software is what is not

usable

• Balance between social

and technical

mechanisms for security

• Security in incongruentwith the user’s primary

task Adams & Sasse (1999): Users Are Not

the Enemy, in Communications of the

ACM. pp 40-46.

6




Human-Computer Interaction

Related Work

Human-

Computer

InteractionUsable Security

Medical

Informatics

Palen & Dourish (2003). Unpacking "privacy" for a

networked world. Conference on Human Factors in

Computing Systems, Ft. Lauderdale, Florida, USA,

ACM.

• The focus on

supporting the user; the

user is always right

• User actions

demonstrate values

• That technology

provides unknown

potential that will impact

privacy• A need to account for

privacy - of which cannot

prior models cannot be

used 7




Medical Informatics

Related Work

Human-

ComputerInteraction

Usable SecurityMedical

Informatics

Berner, Detmer & Simborg (2005): Will the Wave

Finally Break? A Brief View of the Adoption of

Electronic Medical Records in the United States.

Journal of American Medical Informatics Association.

12(1): pp.3-7.

• Increasing adoption of

electronic systems

• National regulation,

HIPAA (Health Insurance

Portability and

Accountability Act)

• Changing relationship

between patient,

technology, & physician• Shared awareness &

social relationships key

for information sharing

8



Motivation for Work

Related Work

Human-Computer

Interaction

Usable

SecurityMedical

Informatics

Study of Collaborative Management

of Sensitive Information

9



Research Method:

Location

• Rural-serving southwest Virginia

• Socio-economic status

• Digital divide

• Different care

• Impacted by local universities

• Location types:

• 12 Childcare Centers

• 19 Physician’s Offices

10



Research Method:

Participant Demographics

Parents

1-2 Avg Number of Children

4 Avg Age of Child

14 Months Avg Time

Childcare

Center

Directors

Physicians’

Office

Directors

12.5 Avg Years Experience 20.16 Avg Years Experience

11



Research Method:


ParentsChildcare

Centers &

Directors

Physicians’

Offices &

Directors

12

64.5 Hours Observation 61.25 Hours Observation

20 Avg Person Staff Size

85 Avg Children Enrolled





Research Method:

Conducting Observations

• Observed Directors of

childcare centers and

physicians’ offices

• Primarily sat within office of

directors and took paper and

electronic time-stamped

notes (recordings when IRB

approved)

• Annotated actions within

office of people accessing/

modifying/sharing client

information verbally or

electronically along with the

guiding task of the

participants

13

Front Office

Director

Receptionist

Patient Room

Me



Research Method:

Analysis

1. Collected and aggregated data

2. Used Activity Theory to isolate all

breakdowns related to security and

privacy (281 breakdowns)

3. Collate similar breakdowns intobreakdown type (84 breakdown types)

4. Phenomenologically analyzed

breakdowns to thematically categorize

breakdown types (15 Themes)

14



Research Method:

Analysis





3. Collate similar breakdowns intobreakdown type (84 breakdown types)




15



Tool

Actor Object Outcome

Research Method:

Analysis, Sample Breakdown

16



Access Policy Violations:Discussion of HIPAA Violations

17

Research Method:


Filing Cabinets

Nurse Client

File

Open

access

to files




17

Research Method:


Filing Cabinets

Nurse ClientFile

Filing Cabinets

NurseClientFile

Privacy

Open

accessto files




17

Research Method:


Filing Cabinets

Nurse ClientFile

Filing Cabinets

NurseClientFile

Privacy

Open

accessto files



Research Method:

Analysis, Definition of Breakdown

Breakdown: When a perturbation occurs in the system

that causes a contradiction to occur between activities or

within parts of the activity system.

18

Filing Cabinets

Nurse Client

File

Filing Cabinets

NurseClient

FilePrivacy

Open

access

to files



Research Method:

Analysis





3. Collate similar breakdowns into

breakdown type (84 breakdown types)




19



Research Method:

Analysis





3. Collate similar breakdowns into

breakdown type (84 breakdown types)




20



Security & Privacy Breakdowns

•What is the threat in each breakdown?

•What is the role of the individual versus group?

•What is the ambiguity present in any situation?

21

Thought topics...



Files were co-located with the

director yet were stored in:

• Open filing cabinets

• Open shelves

“The files are accessible by

anyone, including the assistants.

With that said, however, there's

always someone in the

administrative office so anyonesneaking in unnoticed is virtually

impossible.” -Observation Notes

Security & Privacy Breakdowns:

Client Information Left in the Open

!

22




Staff Catching Incorrect Medical Procedure

“The <echo-cardiologist>

comes to the window with <the

receptionist>. Turns out that this

patient was scheduled for a

stress test. The problem is that

<the office staff> didn’t realizethat he’d had a heart attack just

a month ago. The echo guy

gets on the phone to cancel the

stress test.”

Front Office

Nurse

Receptionist

Echo-cardiologist

Patient Room

Hospital

Stress

Test

Administrator

23




Missing Child

Salient Points:

• Bus driver discovers he cannot

contact either parents with the

information on the bus, calls center.

• Assistant Director confesses shehas not updated bus information

because she also does not have it.

• Assistant Director gets cell phone

from sister childcare; mother still

does not pick up phone

• Director is able to pull information

from child’s teacher, and from child

through social interaction

School

Childcare

Sister

Childcare

24




Getting Information Purposefully Not in File

In a single office client

information could be stored

in many forms and locations.

Forms of Storage at

Physician’s Offices:• Electronic Billing

• Electronic Health

• Paper Billing

• Paper Health

• Schedule

Medicaid

Queen

Nurse

Payment

Staff

Staff

Staff

Staff

25






Parents Not Knowing Who Can Access Their File

“I guess the officers in the day care

the main teacher the director... I

guess some of the confidential

information even the teachers cannotget just the officers”

“You know I'm probably guessing

that the director or enrollment person

probably has access to that.”

“No idea. Never thought about it.”

“Right. I am really not sure.”

Director’s Office Parents

Teacher

Lead Teacher

Cook

Licensor

Owner

Bus Driver

Who do you think can access

your child’s file?

27

Childcare Center




Not Knowing Who Accessed Client Information

“<people in the office> can

access anything. That’s their

job.”

“Yeah because it doesn’t show

who’s logged in and most of the time I’m logged in in the

front because I’m the only one

up there, but occasionally

someone else will come up

and they’ll just do it, and I

usually check to make sure justbecause it is on my login, but

that’s one thing is we wanted it

to actually show who’s logged

in.”

Front Office

Nurse

Receptionist

Nurse

Assistant

Nurse

Doctor

Surgeon

Nurse Partitioner

Director

Assistant Director

Echo-cardiologist

28

Physician’s Office




Children’s Pictures on Facebook

“Two or three of the teachers had friendedme on Facebook. An a week later in looking

at their Facebook I noticed that they had

pictures of the children playing in that I

daycare... I called the daycare and told the

director... Then when I got there to pick

them up the owner was there. So she

pulled me aside and apologized and said

that it would get fixed. And they brought all

the securities, teachers into the office and

watched them take the picture down off

from the internet before they left that day.So, they are definitely on it as far as fixing

the problem and that’s the feeling of

nervousness that I have. You know just like

very personal pictures are up.”

facebook

Lad y Teacher

Lady Teacher

words words words more words

some o thers words words words

words more words some others

words words words words more

words some others words

Januar y 25th, 2011 * lock * like * Comment

Lad y Teacher and O ther

Teacher are no w friends.

January 25 th, 2011 * lock * lik e * Commen t

O ther Teacher



words more words some o thers


words some o thers wordsJanuary 25 th, 2011 * lock * lik e * Commen t

Lad y Teacher



words more words some o thers


words some o thers words

January 25 th, 2011 * lock * lik e * Comment

29






HIPAA Violations

“<The doctor> comes in and <thedirector> talks about a phone call

earlier...It was a man who was looking

for his wife... <the director> said that

she would pass on the message to

the wife... The doctor said that that

was good. But <the nurse> said thatwas against HIPAA . The doctor jokes

that <the nurse> is all HIPAA

compliant - he acts like he doesn’t

take it very seriously. She says, ‘Well,

that is about privacy, what if he wasan estranged spouse looking for his

wife to kill her’... There isn’t a

conclusion on whether or not <the

director> did the right thing.”

Director’s Office Entrance

Patient Room

Doctor

Patient

Nurse

Mechanist

Patient’s Spouse

31




Menacing Outsider

• Man in a red bandana who

maintains the lawn care

• Casual mention, and no intention

to take action

• Only mention by any participant of

a real security threat

Director’s Office

DirectorMe

Lobby Entrance

Lawn Care Person

32



Discussion

•Security & Privacy Embodiment

•Communities of Security

•Zones of Ambiguity

33



Security & Privacy Embodiment:

Threat Models

Security threats as a model for situating security and privacy:

“In these domains the adversarial actions are unintentional, unwelcome,

and intrusive access and modification of sensitive personal information.

Examples include medical and childcare center personnel, medical

researchers, and insurance companies accessing patient or childinformation that should not be available (i.e., private). A second example

includes ‘work-around’ practices of the personnel themselves that

results in unknown and insecure information disclosures.”

34




Threat Models

Security threats as a model for situating security and privacy:

“In these domains the adversarial actions are unintentional, unwelcome,

and intrusive access and modification of sensitive personal information.

Examples include medical and childcare center personnel, medical

researchers, and insurance companies accessing patient or childinformation that should not be available (i.e., private). A second example

includes ‘work-around’ practices of the personnel themselves that

results in unknown and insecure information disclosures.”

34




Threat Models & Practice

“Computing systems are only secure in principle. They are rarely secure inpractice” ~Bellotti & Sellen

Threat models

cannot account

for secure

practice.

35



Security & Privacy Embodiment

• Security was not found in activities where:

• There was a conflict between external policies

• When there were uninstantiated policies

• Security was found in activities that were:

• Local

• Individual

• Care

• Robustness of Information

36



Discussion




37



Communities of Security

• Supporting the community in

their shared task of security

and privacy

• The activity of managing

sensitive information is

collaborative, yet security is

considered an individual task -

supporting the “user”

• Childcare centers andphysicians’ offices personnel

did not consider their work

individual

Director’s Office

Entrance

Patient Room

Doctor

Patient

Nurse

Patient’s

Family

Patient

Patient Room

38



Communities of Security:

Roles, Role Based Authentication

Role-based authentication. A user is assigned a role that has predefined

access to certain information

Patient

Patient’s Family

Director

Receptionist

Doctor

Nurse

Patient’s Medical Record

Patient’s Billing Record

Post-it Notes Attached to Patient Record

Schedule

Patient’s Medical Record

Patient’s Billing Record

39




Roles representing work

40

C S




Roles representing work

“They can access

anything. That’s their

job.” ~ Office Director

40





Discussion




41



Zones of Ambiguity

A zone of ambiguity is where

current behavioral practices allow

fundamentally contradictory

concerns to exist in tacit

compromise with one another.

Social systems afford ambiguity -

they allow for the unsaid and the

unarticulated

Technology articulates andformalizes policies and

procedures, leaving little room for

ambiguity

42

Z f A bi it



Zones of Ambiguity:

Accountability is Ambiguous

Who accessed, modifies, and

deletes information is not

tracked.

The values of collaboration is in

direct contradiction to security,

reflected in ambiguity

Leaving workstations open,

passwords not being used, and

passwords being shouted.

43



Security & Privacy Scenarios

44


• Anonymity v. Visibility

• Permanence v. Decay

• Centralization v. Decentralization

• Layered v. Flat

• Contextual Awareness v. Lack of Contextual Awareness

• Center-managed Privacy v.

Client managed Privacy• Technological v. Social

Enforcement

S it & P i S i



45


Actors & Location

Actors:

• Alice: Works in the center and has

moderate access to information

• Rosemary: Works with Alice, less

access

• Nancy: A new regulator checking

centers for information management

Location:

• Interrupting phone calls, little time

to handle tasks• People constantly entering and

leaving

• Stack of work sitting on desks




46


• Anonymity v. Visibility

• Permanence v. Decay

• Centralization v. Decentralization

• Layered v. Flat

• Contextual Awareness v. Lack of Contextual Awareness

• Center-managed Privacy v.

Client managed Privacy• Technological v. Social

Enforcement






Security & Privacy Scenarios:

Access v. Inaccess

48

• Open access can be

compatible with maintaining

security.

• Visible security

mechanisms serve as

reminders of privacy.

• Access security

mechanisms can reinforcesocial work.

Inaccess Access







Contextual v. Lack of Contextual Awareness

50

Contextual Awareness Alice selects to show a client’s record on the wall.

While discussing the issue with Rosemary, Judy

enters the room. The system, grays out the display.

Judy leaves, the display returns, and Rosemary

remembers similar client. She says, “Display Sam

Williams” and the system asks for a password. Alice

says the password to the system. The system then

displays the record and emails Alice a new password.

Lack of Contextual Awareness Alice selects to show a client’s record on the wall.


enters the room, and Alice uses a remote to shut off

the display. Judy leaves, Alice turns the display back

on. Rosemary remembers a similar client, and tries to

pull it up. Rosemary asks Alice what the password is,

and Alice walks over and types it in. The system

displays the record and when they are done

discussing the issue, Alice walks back to her

workstation.





Contextual v. Lack of Contextual Awareness

51

Contextual Awareness Alice selects to show a client’s record on the wall.


enters the room. The system, grays out the display.

Judy leaves, the display returns, and Rosemary

remembers similar client. She says, “Display Sam

Williams” and the system asks for a password. Alice

says the password to the system. The system then

displays the record and emails Alice a new password.

Lack of Contextual Awareness Alice selects to show a client’s record on the wall.


enters the room, and Alice uses a remote to shut off

the display. Judy leaves, Alice turns the display back

on. Rosemary remembers a similar client, and tries to

pull it up. Rosemary asks Alice what the password is,

and Alice walks over and types it in. The system

displays the record and when they are done

discussing the issue, Alice walks back to her

workstation.









Technological v. Social Enforcement

54

Social EnforcementNancy is visiting for an inspection. She enters and

explains that that a client was unsatisfied with their

information management. Alice shows Nancy her re-

issuing of passwords, her auditing of files, and the

citations she issued leaving stations open. Nancy also

starts to check 5% of client files, inspects the

location, and writes a citation for information being left

out of the client’s file. She then asks for access to thecomplainer's file. Nancy reviews the access log and

validates that there were numerous accesses to the

file without changes. Alice explains that she was

unaware of the problem. Nancy issues a citation.





Technological v. Social Enforcement

55

• Social application of rules

affords negotiation.

• Electronic systems andsocial systems have different

methods of enforcing

compliance.





Discussion

• Seamless & Seamful

• Surveillance

•“Do Nothing” Scenario

56




57


Discussion

Themes:

•Security & PrivacyEmbodiment





Conclusions

• I used HCI theory and phenomenological analysis to study security and

privacy to understand and evaluate the collaborative practice of managing

sensitive personal information.

• The practices that people do in the management of sensitive information in

childcare centers and physician’s offices are incongruent with current

electronic systems.

• These themes (Security Embodiment, Communities of Security, and Zones of

Ambiguity) cross cut the scenarios as well as the data through different

lenses.

• The goals of security and privacy can be in conflict with the provision of care,

but through considering the presented spectrums we have ways of talking

about how the provision of care can be supported.

58



Thank you

Thank you to Laura Agnich, Monika Akbar, Aubrey Baker, Stacy Branham,

Tom DeHart, Zalia Shams, and Edgardo Vega.

59



Presentation Citations Outside of Dissertation

• The story of the Diana Monkeys was first heard on Radio Lab, on their show“Wild Talk.” A short description is also provided on this Times story, “Smarter

Than You Think.” The study was published by the Study of Animal Behavior ,

with the article titled “The alarm call system of female Campbell’s monkeys.”

60

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6W9W-4W84GT6-1&_user=10&_coverDate=07%252F31%252F2009&_rdoc=1&_fmt=high&_orig=gateway&_origin=gateway&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=48b72b868afa381a05069c311769c8c6&searchtype=a

http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6W9W-4W84GT6-1&_user=10&_coverDate=07%252F31%252F2009&_rdoc=1&_fmt=high&_orig=gateway&_origin=gateway&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=48b72b868afa381a05069c311769c8c6&searchtype=a

http://www.timesonline.co.uk/tol/news/science/biology_evolution/article6991028.ece




http://www.radiolab.org/blogs/radiolab-blog/2010/oct/18/wild-talk/

http://www.radiolab.org/blogs/radiolab-blog/2010/oct/18/wild-talk/



Research Method

• Research Questions

• Participants & Locations

• Data Collection

• Data Analysis

61



Research Method



• Data Collection

• Data Analysis

62



Research Questions

What breakdowns happen whenthe explicit and implicit rules are

not followed?

How are breakdowns

accounted for, negotiated, andmanaged in socio-technical

systems where sensitive

personal information exists?

What are the implicit and explicitrules surrounding how

physicians’ offices and childcare

centers handle sensitive

personal information?

Used Activity Theory tosiphon data to list of

breakdowns

Used Phenomenology to

create list of themes tounderstand breakdowns

Used Near Future scenariosto explain guiding principles as

implications for design

63



Research Method



• Data Collection

• Data Analysis

64

Participants & Locations:




Definitions of Locations

• Childcare center: a facility where parents engage in an service agreementwith a care giver to assume responsibility and provide supervision of the child

for approximately five days a week – less than 24 hours in the day, baring

sickness; hold more than two children under the age of 13; licensed by the

Virginia Department of Social Services (adapted from Virginia Department of

Social Services Website (2010a)) .

• Physician’s Office: a facility where patients engage in a service agreement

with an health care professionals to provide care, education, and treatment to

the patient, usually less serious than to warrant a visit to the hospital

emergency room; seen by appointment and during regular business hours

(adapted from Virginia Board of Medicine Website (2006) and inclusive of

practices as defined by HIPAA to include doctors, clinics, psychologists,

dentists, chiropractors, nursing homes, and pharmacies (2010e)).

65





Rural-Serving Southwest Virginia

Rural and rural-serving care providers havebeen found to have the following relevant

characteristics:

• Patients are more likely to be uninsured

(20%)

• Patients are less likely to seek preventative care and medicine

• Rural regions have fewer physician’s and

dentists per patient, with 10% of physician’s

in this area versus 25% of population

•Infants and adolescent mortality along with

rates of obesity and tobacco use are higher

•41% of local public health agencies

reported funding to be their main

challenged (compared to 26% of non-rural

agencies)

66





Childcare Centers

67

Childcare center stakeholders:

• Director

• Assistant Director

• Receptionist

• Lead Teacher

• Teacher(s) (substitutes)

• Cook

• Parents

• Children

• Inspectors: DSS State Licensor,

Health Inspector, Fire Marshal

• Early Intervention





Physicians’ Offices

68

Physicians’ Office stakeholders:

• Director

• Assistant Director

• Receptionist(s)

• Nurse(s)

• Doctors, Physician’s assistant,Nurse Practitioner

• Patients

• Patients’ friends and family

• Pharmacies

• Insurance CompanyRepresentatives





Multisite Fieldwork

69

• Provides perspective on a diversity of issues that are experienced bynumerous people instead of on a micro-culture.

• Examples of use in ethnography (e.g., work of Marcus) and within HCI (e.g.,

work of Wyche).

Research Method:



esea c et od


Parents


4 Avg Age of Child

14 Months Avg Time

ChildcareCenter

Directors

Physicians’Office

Directors

12.5 Avg Years Experience 20.16 Avg Years Experience

70

Research Method:




Parents


4 Avg Age of Child

14 Months Avg Time

ChildcareCenters &

Directors

Physicians’Offices &

Directors

71

12 Interviews

4 Observation Locations

64.5 Hours Observation

16 Interviews

5 Observation Locations

61.25 Hours Observation

12.5 Avg Years Experience



20.16 Avg Years Experience



21 Interviews



Research Method



• Data Collection

• Data Analysis

72

Data Collection:



Study 1 & Study 2

Study 1: All data and preliminary analysis of that data collected prior to theproposal defense. This includes all interviews with childcare center directors,

initial observations of childcare centers, interviews with parents, and the first 13

interviews with physicians’ office directors.

Study 2: All data collected post the research defense and analysis of all datafrom all studies. The data collected includes observations of childcare centers

and physicians’ office along with two additional interviews with physicians’

office directors.

73

Data Collection:



Data Sampling

74

Stratified Sampling Method:

• Define groups of to be sampled

that share distinct characteristics

(e.g., childcare centers, physicians’

offices, parents).

• Purposefully diversifies population

to be sampled along specific criteria

• Useful for exploring divergent

versions of an issue to be studied

Possible DataSources



Research Method:



Observation Protocol

76

Front Office

Director

Receptionist

Patient Room

Me

Observed Directors• Follow-up of interviews to see

differences between official and

unofficial aspects of security

• Directors are primarily located

with client files, making their

office a hotspot for client

information access

• Directors are also primarily

located with the computers

Data Collection:



Conducting Observation

77

Observation Notes Covered:• Actions of directors and anyone in

director’s office

• The location of any visible client

information

• Time stamps of any action

• Any time a client files was accessed

or modified

• Any information that was shared

orally about a client

• Any time the director engaged with apiece of technology

• Interpretations of activities

Data Collection:



Participant Recruitment

78

Childcare Center DirectorsComprehensive list of all childcare

centers in the NRV area from VA DSS

website. All contacted by phone.

Physician’s Office Directors

List of all offices in Blacksburg &

Christiansburg were canvased by foot.

List expanded to NRV area for

observations.

Parents

Flyers placed in childcare centers,

announcements sent over listserv for

working moms, and advertisements

placed in company newsletter

Data Collection:



Training & Preparing for Interviews & Observations

79

Training Procedure:• Review prior literature and discuss

• Become familiar and practice

protocols

• Review prior data and reports

• Meet with team to discuss data and

practice with protocols

• Shadowing by experienced

researcher for first session

Data Collection:



Data Management

80

Data is comprised of:• Interview recordings

• Interview transcripts

• Interview notes

• Forms

• Pictures

• Drawings & diagrams

• Observation notes

• Observation transcripts

• Observation recordings

Data Collection



Dates & Times of Observations

Childcare Centers Physicians’ Offices7 8 9 10 11 12 1 2 3 4 5 6

August 30th, 2010

August 31st, 2010

October 13th, 2009

October 13th, 2009

October 14th, 2009

October 15th, 2009

October 16th, 2009October 21st, 2009

October 22nd, 2009

October 23rd, 2009

October 26th, 2009

October 29th, 2009

October 30th, 2009

September 14th, 2010

September 15th, 2010

September 2nd, 2010

September 2nd, 2010

September 8th, 2010

September 8th, 2010

September 9th, 2010

8 9 10 11 12 1 2 3 4 5

August 16th, 2010

August 19th, 2010

August 19th, 2010

August 20th, 2010

August 20th, 2010

August 23rd, 2010

August 26th, 2010

July 13th, 2010

July 15th, 2010

July 1st, 2010

July 6th, 2010

June 7th, 2010

September 1st, 2010

September 7th, 2010

September 9th, 2010

81



Research Method



• Data Collection

• Data Analysis

82

Data Analysis:



Activity Theory

83

Tool

Subject Object Outcome Transformation

Process

Rules CommunityDivision of

Labor

Data Analysis:



Tool

Actor Object(ive)

Outcome

y


84

Data Analysis:



Filing Cabinets

Nurse ClientFile


85

y


Open

accessto files

Data Analysis:



Filing Cabinets

Nurse ClientFile


85

y


Filing Cabinets

NurseClientFilePrivacy

Open

accessto files



Data Analysis:



Combining Breakdowns

86

Childcare Director

Parent 1 ClientFile

Accessing

their file

Data Analysis:




86

Childcare Director

Parent 1 ClientFile

Accessing

their file

Childcare Director

Parent 2 Client

File

Accessing

their file

Data Analysis:




87

Childcare Director

Parent 2 Client File Accessing their file

Childcare Director


Childcare Director


Childcare Director


Childcare Director


Childcare Director


Childcare

Director

Parent

1-11Client

File

Accessing

their file

Data Analysis:



Phenomenology

88

Collecting the

data and

organizing it

into

appropriate

forms and

files

Reading the

data, writing

notes in the

margins,

writing

memos,

forminginitial codes

Evaluating the

personal

experience

along with the

essence of the

experience of

the

participants

Group initial

codes or

statements

into related

clusters or

meaning

units

Generating a

textual

description of

the

phenomenon

explaining

the ‘what’

and ‘how’

Creating a

description of

the essence

of the

experience

and

discussing it

Data

Managing

Reading &

Memoing DescribingClassifying Interpreting Representing

Key Aspects:

• Focusing on the experience of a phenomenon

• Bracketing off individual interpretations• Respecting and collating different experiences through

horzontalization of data

• Result is a description of the phenomenon answering questions of

‘what’ and ‘how.’

Data Analysis:

Cl if i D



Classifying Data

89

To construct themes:• Reviewed each breakdown

type, read examples

• Collated similar breakdowns

together tagging for cause,

technologies, and peopleinvolved

• Tentative groups memo’d, met

with external researcher to review

them; new groups made, one

dissolved

• Final groups created and

described

Data Analysis:

Ph l i l Th



Phenomenological Themes

Breakdown Themes Title Description of Breakdown Themes

Policy Violation When there is an explicit policy governing how sensitive personal information should bemanaged, but the policy is not followed.

Access Policy Work-arounds When there is an explicit policy governing how sensitive personal information should bemanaged, but the office staff find a method to get around the policy or a loophole.

Beliefs About Security Ideas that people have about security and privacy that are questionably correct.

Human-Technology Mismatch When technology exists that offers a solution, but the people do not like using thetechnology thus resulting in a situation that is less secure.

Inadequate Representation in Available Information System

A system exists that has all of the information that is desired, but because of the way thesystem is set up the user is incapable of using it. This is relevant for issues like access logs.

Information Acquisition The centers having difficulty acquiring information that is sensitive.

Information System Issues The information system exists but results in additional problems relating to managing clientinformation (e.g. system crashing).

Information Withheld/Hidden Information is sought, and the information exists, but a person enforces a policy restrictingaccess to that information

Local Negotiation of Content The content that actually goes into the client’s files is negotiated.

Local Negotiation of Policy There is an explicit policy that regulates how the situation is supposed to unfold, but locally

in practice the policy is different. Access Policy There exists a policy that is restricts access to some needed piece of information.

Practice/Performance Issues In the action of enacting a policy there are difficulties.

Sensitive Information Publicly Available

Sensitive information is viewable to anyone who walks by.

Social Relations Issues Problems that occur socially that then affect client care or the management of clientinformation.

Synchronizing Informationwith Reality

The information that exists in a client file is not representative of some objective reality.

90

Data Analysis:

Ph l i l Th



Phenomenological Themes

Breakdown Themes Title Description of Breakdown Themes

Policy Violation When there is an explicit policy governing how sensitive personal information should bemanaged, but the policy is not followed.

Access Policy Work-arounds When there is an explicit policy governing how sensitive personal information should bemanaged, but the office staff find a method to get around the policy or a loophole.

Beliefs About Security Ideas that people have about security and privacy that are questionably correct.

Human-Technology Mismatch When technology exists that offers a solution, but the people do not like using thetechnology thus resulting in a situation that is less secure.

Inadequate Representation in Available Information System

A system exists that has all of the information that is desired, but because of the way thesystem is set up the user is incapable of using it. This is relevant for issues like access logs.

Information Acquisition The centers having difficulty acquiring information that is sensitive.

Information System Issues The information system exists but results in additional problems relating to managing clientinformation (e.g. system crashing).

Information Withheld/

Hidden

Information is sought, and the information exists, but a person enforces a policy

restricting access to that information

Local Negotiation of Content The content that actually goes into the client’s files is negotiated.

Local Negotiation of Policy There is an explicit policy that regulates how the situation is supposed to unfold, but locally

in practice the policy is different.

Access Policy There exists a policy that is restricts access to some needed piece of information.

Practice/Performance Issues In the action of enacting a policy there are difficulties.

Sensitive Information Publicly Available

Sensitive information is viewable to anyone who walks by.

Social Relations Issues Problems that occur socially that then affect client care or the management of clientinformation.

Synchronizing Informationwith Reality

The information that exists in a client file is not representative of some objective reality.

91

Data Analysis:

N F t S i



Near Future Scenarios

To construct scenarios:• Derived problems from

breakdowns and brainstormed

possible solutions

• Constraints for brainstorming

were: could be used withinchildcare center or physician’s

office, and had to be in response

to a breakdown

• These scenario ideas were

then organized to reflect

contrasting spectrums

• 8 spectrums derived (e.g.,

access v. inaccess)

Documents

Security in Practice: Examining the Collaborative Management of Personal Sensitive Information in Childcare Centers and Physician’s Offices, Presentation