The Intersection of Usability and Security

Information security has been omnipresent in the technology world for decades now. But as anyone who has ever worked in an environment where data was locked down, the weakest link in your security system isn’t your network…its your users. How do these two things, security and usability, intersect?

Information security has been omnipresent in the technology world for decades now.  Healthcare IT, while running about a decade behind most other industries when it comes to the use and integration of technology, it also highly concerned with security.  Recent data breaches from healthcare systems, and the penalties and reporting requirements involved, have prompted healthcare IT experts to implement basic security procedures, like passwords, encryption, multi-factor authentication and the like.

Computer UserBut as anyone who has ever worked in an environment where data was locked down, the weakest link in your security system isn’t your network…its your users.  While it may be fashionable and just plain cool for the tech geeks out there to spend the bulk of your time and funds trying to protect your network from outside hackers, it’s not the best use of your resources.  You don’t have to look very far to see why.  The first 100 search results on the HHS page dedicated to listing healthcare data breaches that affect 500 people or more contains only two listings where Hacking/IT Incident were identified as the type of breach.  The rest?  Loss or Theft of laptops/desktops, with a few outlying cases of improper disposal.

Another hot topic within healthcare IT at the moment is Usability, something which is the antithesis of the way most EHR and other medical software systems are currently designed.  The idea behind Usability is that if software is deliberately difficult to use correctly, you are going to increase the number of errors that occur, which is going to increase the number of adverse health events in your patients.  In order to protect the lives of patients, usability advocates argue, you need to make the software systems easier to use correctly, thereby decreasing the number of errors related to improper use and decreasing the number of errors overall.  It’s a sound idea, and quite frankly spot on when it comes to minimizing the risk to patients.  I have long been convinced that any software company needs a group dedicated to testing the usability of all of the systems they produce, since the current method is programmers designing the software in a way that makes sense to them on the back end, producing something on the front end that is nearly intelligible for someone who isn’t a programmer.

On a Side Note

On a Side Note

One of the key selling points for Millennials on technology is usability and functionality.  If your product isn’t easy to use and have intuitive functionality, no amount of bells/whistles, sales pitches or marketing gimmicks will convince us to buy it.  We grew up with technology and use it on a daily basis, so usability is far more important to us than what the tech can do.  Millennials are now the largest cohort in the working world, and will remain so for the next few decades.  Have you thought about whether you can sell to them?  

How do these two things, security and usability, intersect?  Think about it.  One of the first things any security analyst will tell you is that you need strong passwords to maintain security.  It used to be the passwords were just recommended to be a certain length…then they started recommending adding numbers…and then special characters…and then because all of those can still be cracked by a password cracking program they began to recommend passphrases, which are entire words and sentences PLUS numbers PLUS special characters, just to gain access to your system!  The same security expert will then tell you that you should never write your password down, because an unauthorized person could find it written on your sticky note and thereby gain access.  From the user side, this is an impossible request.  If you require the password or passphrases to be that difficult, no one is going to remember it, especially if they have multiple systems that must be accessed which don’t have Single Sign On capabilities.  That is unless they break another cardinal security rule and use the same password/passphrase for all of their accounts.  There is a reason password manager programs like LastPass and Keeper are huge players in the digital realm.

Software companies, security experts and usability specialists could do themselves a huge favor if they sat down together and realized that they aren’t enemies, but allies.  If systems are designed in a way that is difficult for the average user to use, that user is going to find shortcuts and work-arounds which allow them to do their job more efficienctly.  Those shortcuts and work-arounds not only lead to errors, they also open huge security holes.  It only makes sense to design systems which compensate for your weak points, turning them into strengths.  And weak points in this equation are the human users.

After all, as Associate Professor Jennifer Golbeck of the University of Maryland College of Information Studies recently told Healthcare IT News, “Humans are the weak point, but your design systems that are hard to use.”  You can almost hear her shaking her head in disbelief with that statement.  So let’s stop leaving our greatest weakness unprotected by designing systems which are difficult to use; you’ll have a more secure system and I am willing to bet you’ll increase your customer base as well.

  1. […] health facilities which are already facing numerous challenges to their existence.  Finally, in The Intersection of Usability and Security, I examine how two of the biggest areas of emphasis within healthcare IT, usability and security […]

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: