Advice for better security? User-friendly systems

'We've designed these systems as if they're designed for people to fail.'
By Jessica Davis
09:47 AM
Health IT illustration

Recent security breaches, especially in healthcare, have put the spotlight on major companies to be diligent on revamping systems to prevent data theft.

But the problem is that the systems aren't designed with the user in mind and are too difficult for the average user to navigate.

"Humans are the weak point, but you design systems that are hard to use," Jennifer Golbeck, associate professor, College of Information Studies, University of Maryland, told Healthcare IT News.

"People are going to find an easier way to use the system because they have a job to do, but that breaks down security," she added.  

Golbeck will be discussing these ideas during a session titled "Your weakest security link? The answer will surprise you," at the upcoming HIMSS and Healthcare IT News Media Privacy and Security Forum in Boston.

[Learn more: Meet the speakers at the HIMSS and Healthcare IT News Privacy and Security Forum.]

Healthcare has an even greater responsibility to protect this information due to the sensitivity of the data, thus increasing the need to make sure users can readily access what they need to get their jobs done and even to save lives.

"It's critical if we want to protect data," Golbeck said. "We need to start with assessing the user; let's build security around that, instead of forcing the security around the environment."

In the end, security system designers should be following around healthcare professionals to gauge how to build a user-system "basically easy for people to learn and to reduce mistakes."

All other security systems employ that method, but healthcare designers have missed this step, Golbeck added, and it doesn't help that healthcare is a unique environment, with much more than standard office work.

"We kind of ignore humans when designing systems, but that leads to this behavior," Golbeck said. "Every step of the way you need to be talking to people who'll be using their system, also talking with institutions with successful systems in place."

Register for the Privacy and Security Forum, which runs Dec 1-3 at the Weston Boston Waterfront hotel. 

Related articles: 

Security tips for a 'cyber workforce'

Cyber czar Richard Clarke on the need to prepare for outlier events

Healthcare security: Adapt or die