Changing places: The need to alter the start point for information security design

Lizzie Coles-Kemp, Patricia A.H. Williams

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)
6 Downloads (Pure)


Information security is a necessary requirement of information sharing within an electronic health system because without it confidentiality, availability, or integrity controls are absent. Research shows that the application of security in this setting is subject to workarounds partly because of resistance to security controls from clinicians who feel that their voice is excluded from the security design process. Heeks' explored the nature of health system design and referred to the distance between system designer and practitioner as the 'design-reality gap'. To reduce this gap, systems designers typically deploy usercentred, participatory approaches to design. They use various forms of consultation and engagement to ensure that the needs of users are responded to within the design and that users understand the design process and constraints. Whilst there is evidence to suggest that the overall electronic health records (EHR) system design has increasingly used elements of a participatory, human-centred design approach, the security elements of design are still technology-focused. This discussion paper characterises the problem, outlines the principles of Heeks' Information, Technology, Processes, Objectives, Skills, Management Systems, Other Resources (ITPOSMO) framework, and then uses this framework to evaluate security dimensions of both the UK and Australian EHR programmes. The resulting proposal for a 'communities of practice' approach as an alternative start-point to healthcare systems security design, provides a basis for reconceptualising the integration of security practices into EHR systems. In the increasingly distributed and complex environment of healthcare delivery, this new approach can help to address the fundamental challenges experienced in healthcare security practice today.

Original languageEnglish
Article numbere13
Journale-Journal of Health Informatics
Issue number2
Publication statusPublished - 1 Jan 2014
Externally publishedYes

Bibliographical note

The electronic Journal of Health Informatics (ISSN:1446-4381) is dedicated to the advancement of Health Informatics and information technology in health
care. eJHI is an international Open Access journal committed to scholarly excellence and has a global readership in all health professions and at all levels.

Copyright of articles originally published in under the Creative Commons Attribution 3.0 License is retained by the authors.


  • information security design
  • changing places
  • start point for information
  • communities of practice
  • Participatory design
  • Information security
  • E-health
  • Electronic health records


Dive into the research topics of 'Changing places: The need to alter the start point for information security design'. Together they form a unique fingerprint.

Cite this