Вы находитесь на странице: 1из 5

Final Research Project

The article that I chose for this research project is titled, How
Secure Is Your Information System? An Investigation into Actual
Healthcare Worker Password Practices. This article discusses the
importance of privacy, passwords, user behaviors, information
security for healthcare professionals. When it comes to preventing
healthcare data breaches, passwords are often the first line of
defense. Although a strong password will not prevent all attackers
from trying to gain access, it can slow the velocity of attacks and
discourage attackers from seeing attacks through. Rotating
complex passwords, when combined with effective access
controls, such as two-factor authentication and real-time
monitoring of privileged account activity, can help to prevent
patient information from falling into the wrong hands.
In this article the researchers presented the results of a study of
actual healthcare workers' password practices. They were
researching if the majority of these workers passwords and if
they had significant security problems. Because of the importance
of maintaining password security and protection, employees must
use both length and strength in their creation of good passwords.
Examples include use of a combination of numbers, alpha
characters, not using common words, names, and special
symbols. Weak passwords do not include these previously
mentioned sets and are composed of commonly used words or
phrases, which can be easily cracked. The hypothesis statement
for this article would be, healthcare employees are not using the
best practice methods for password protection and security.
This study used data that was collected from passwords that were
currently in use at a healthcare department. At this health
department the employees are required to enter their user ID and
password on a PC which then gets processed by the health

departments system. If it finds a match, the employee will be

given access to the computer system, but if there is no match,
the employee will not be allowed access and will have to contact
the technology officer after three unsuccessful login attempts.
This health department did not enforce nor have any password
rules, methods, or guidelines for its employees to follow. As a
result, the hypothesis statement seems like it would be proven as
a fact without the study being completed.
With this study and article, I feel like there was a mixture of
descriptive statistics and inferential statistics. I say this because
in this article, the researchers ran a study on the employees at a
particular department in a healthcare facility. The statistics used
were measured on if employees used the best password security
methods (use of a combination of numbers, alpha characters, and
special symbols). The study ran different kinds of studies that
involved the percentage of employees that used both letters and
numbers, the percentage that used numbers at either the
beginning or end of the word, percentage of users whose
password had letters and numbers commingled, passwords of at
least six characters long, and lastly, the percentage of users
whose passwords contained eight or more characters. I say that
this study used both descriptive and inferential because the study
used descriptive stats to summarize the data of this department
at this healthcare facility. But, I also lean towards inferential
because this study also shows how it may be in an overall
population of healthcare department employees in facilities that
do not enforce nor have any guidelines on how employees are
supposed to protect their user IDs and passwords.

Descriptive statistics used to show how well passwords are protected in this
healthcare department.

The population that was studied for this was about active current
90 employees who worked in a healthcare department whose
passwords were used without their knowledge in a facility. To
summarize this study, the researchers were able to highlight the
potential issues and conflicts that could arise in regards to
passwords and computer data security. This study showed that a
password policy is necessary to provide a more secure system.
The researchers concluded that it would be best for all healthcare
agencies and institute a password policy that would have the
following guidelines, how passwords should be constructed,
how user-level and system-level passwords are managed
and changed ,and how the agency will track employees'
This study can impact the field of health information by further
proving the importance of data protection and security methods
being in place to prevent breaches and to protect patient privacy.
These are both major components of HIPAA. This study can show
health information departments around the globe how not having
strong password rules can affect a facility.

Joseph A Cazier, PhD and B. Dawn Medlin, PhD

Cazier, Joseph A PhD and Medlin, B. Dawn PhD Perspect Health Inf
Manag. 2006; 3: 8.