Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records

De Montfort University Open Research Archive

Show simple item record

dc.contributor.author He, Ying en
dc.contributor.author Johnson, Chris en
dc.contributor.author Lu, Yu en
dc.date.accessioned 2017-01-18T14:18:09Z
dc.date.available 2017-01-18T14:18:09Z
dc.date.issued 2015-05-07
dc.identifier.citation He, Y., Johnson, C. and Lu, Y. (2015) Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records. Journal of Trust Management, 2 (4) en
dc.identifier.uri http://hdl.handle.net/2086/13186
dc.description The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. This is an Open Access article. en
dc.description.abstract The increasing use of Electronic Health Records has been mirrored by a similar rise in the number of security incidents where con fidencial information has inadvertently been disclosed to third parties. These problems have been compounded by an apparent inability to learn from previous violations; similar security incidents have been observed across Europe, North America and Asia. This has resulted in the loss of con fidence and trust of the public towards the organisations' ability to protect the patients' private information. The Generic Security Template (G.S.T.) has been proposed to communicate security lessons learned from previous security incidents. This paper conducts a series of empirical studies to evaluate the usability of the G.S.T. The first study compares the G.S.T. with the conventional text-based security incident reports. The two methods were compared in term of the users' ability to identify a number of lessons learned from investigations into previous incidents involving the disclosure of healthcare records. The study showed that the graphical approach resulted in higher accuracy in terms of number of correct answers generated by participants. However, subjective feedback raised further questions about the usability of the G.S.T. as the readers of security incident reports try to interpret the lessons that can increase the security of patient data. The second study further evaluates the usability of the G.S.T. using the Cognitive Dimensions and identifi es some aspects that need to be improved. en
dc.language.iso en en
dc.publisher Springer en
dc.subject Lessons Learned en
dc.subject Security Incident en
dc.subject Electronic Patient Record en
dc.subject Generic Security Template en
dc.subject Empirical Study en
dc.subject Cognitive Dimensions en
dc.title Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records en
dc.type Article en
dc.identifier.doi http://dx.doi.org/10.1186/s40493-015-0016-2
dc.peerreviewed Yes en
dc.funder N/A en
dc.projectid N/A en
dc.cclicence CC BY en
dc.date.acceptance 2015-05-07 en


Files in this item

This item appears in the following Collection(s)

Show simple item record