Information security in electronic medical records: A case study with the user in focus

Healthcare manages a large amount of information. which represented in different forms is a necessity for the healthcare work. Furthermore, security is air obvious requirement for almost everything one does in healthcare. Information are available quicker and easier by means of modern information technology (IT) but IT also entails new demands on information security awareness. It is obvious, from different sources and earlier work in this area, that user behavior is one of the most important reasons for present shortcomings in information security. This paper reports on experiences from a case study at a hospital in southwestern Sweden. The aim with the work was to determine how users, using electronic medical records (EMR), are affected by the requirements of information security, how they affect the information security, and how they obey the recommendations and common advice for processing of personal data compiled by the Swedish Data Inspection Board. The result from this work shows that users are indeed affected by, and affect the requirements of information security. This is due to, above all, insufficient knowledge about information security, but also because security policies and routines in the organization (ire inadequate. Consequently, users are still a critical factor when information security measures are applied in healthcare.