Improving the implementation of access control in EMR

The Electronic Medical Record (EMR) allows for the distributed collection and searching of healthcare information. However, it usually does not integrate easily into healthcare professionalspsila daily workflows. Barriers to its acceptance include costs such as time and effort, but also relational and educational issues. Access controls are likely to increase the barrier to acceptance, since their design and implementation are very complex and thus costly. Three literature reviews were performed in order to gain insight to this problem. The two reviews regarding access control implementation (A and B) showed that the definition of an access control policy was ACP_A=29% and ACP_B=58%, and the participation of end users in its development within Information Systems (IS) was UPD_A=0% and UPD_B=0%. The review regarding evaluation methods (Review C) showed that most chosen methods were not appropriate for the evaluation that needed to be performed (CMI_C=44%) and that the ISs were difficult to use (SDU_C=22%) and did not simplify the workflow environment for which they were implemented (CWD_C=19%). The goal of this paper is to propose that future access control systems for EMR should monitor healthcare professionalspsila attitudes, opinions and experiences through the use of comprehensive evaluation methods to improve the acceptance of EMR.