A Critical Analysis of Requirements and Recommendations for Multi-modal Access Control in Hospitals

  • Mapula Elisa Maeko
  • Dustin van der HaarEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 918)


Lack of user awareness and user acceptance of the importance of practising a good access-control approach, particularly in the healthcare sector of South Africa, is a challenging issue in the area of the security of information. The challenge results in breaches to information stored in medical information systems, fraud, and medical identity theft. The paper proposes the hospital user awareness and user acceptance framework for multimodal access control in the medical information systems. The survey results from participants in Charlotte Maxeke Academic hospital, based in Johannesburg showed a response rate of 86%. Focusing on the objectives of the study the results showed that 76.7% of users’ lack knowledge in the security of information and that there is a lack of security awareness education and training in the hospital. The results of the study are presented and analysed through IBM SPSS statistical software that is used for data analysis.


Access control User awareness User acceptance Fingerprint biometrics Smart cards Medical information systems 


  1. 1.
    Abubaka, F.M., Ahmad, H.B.: Mediating role of technology awareness on social influence–behavioural intention relationship. Res. J. 2(1), 119 (2014)Google Scholar
  2. 2.
    Becker, J., Knackstedt, R., Pöppelbuß, J.: Developing maturity models for IT management. Bus. Inf. Syst. Eng. 1(3), 213–222 (2009)CrossRefGoogle Scholar
  3. 3.
    Besnard, D., Arief, B.: Computer security impaired by legitimate users. Comput. Secur. 23(3), 253–264 (2004)CrossRefGoogle Scholar
  4. 4.
    Boyinbode, O., Toriola, G.: CloudeMR: a cloud-based electronic medical record system. Int. J. Hybrid Inf. Technol. 8(4), 201–212 (2015)CrossRefGoogle Scholar
  5. 5.
    Bryman, A.: Social Research Methods. Oxford University Press, Oxford (2015)Google Scholar
  6. 6.
    Caballero, A.: Security education, training, and awareness. In: Computer and Information Security Handbook, 3rd edn, pp. 497–505 (2017)CrossRefGoogle Scholar
  7. 7.
    D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79–98 (2009)CrossRefGoogle Scholar
  8. 8.
    Drake, T., Kanu, A., Silverman, N.: Health care fraud. Am. Crim. Law Rev. 50, 1131 (2013)Google Scholar
  9. 9.
    Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Norwood (2003)zbMATHGoogle Scholar
  10. 10.
    Glinz, M.: On non-functional requirements. In: 15th IEEE International Requirements Engineering Conference, RE 2007, pp. 21–26. IEEE, October 2007Google Scholar
  11. 11.
    Lafferty, L.: Medical identity theft: the future threat of health care fraud is now. J. Health Care Compliance 9(1), 11–20 (2007)Google Scholar
  12. 12.
    Omotosho, A., Adegbola, O., Adelakin, B., Adelakun, A., Emuoyibofarhe, J.: Exploiting multimodal biometrics in e-privacy scheme for electronic health records. arXiv preprint arXiv:1502.01233 (2015)
  13. 13.
    Osborn, S.: Mandatory access control and role-based access control revisited. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 31–40. ACM, November 1997Google Scholar
  14. 14.
    Peltier, T.R.: Information Security Risk Analysis. Auerbach Publications (2010)Google Scholar
  15. 15.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  16. 16.
    Smyth, R.: Exploring the usefulness of a conceptual framework as a research tool: a researcher’s reflections. Issues Educ. Res. 14(2), 167 (2004)Google Scholar
  17. 17.
    Solove, D.J., Schwartz, P.: Information Privacy Law. Wolters Kluwer Law & Business (2014)Google Scholar
  18. 18.
    Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 34(3), 503–522 (2010)CrossRefGoogle Scholar
  19. 19.
    Terry, N.P., Francis, L.P.: Ensuring the privacy and confidentiality of electronic health records. Univ. Ill. Law Rev. 681 (2007)Google Scholar
  20. 20.
    Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: toward a unified view. MIS Q. 27(3), 425–478 (2003)CrossRefGoogle Scholar
  21. 21.
    Von Solms, R., Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)CrossRefGoogle Scholar
  22. 22.
    Ward, R., Stevens, C., Brentnall, P., Briddon, J.: The attitudes of health care staff to information technology: a comprehensive review of the research literature. Health Inf. Libr. J. 25(2), 81–97 (2008)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of JohannesburgJohannesburgSouth Africa

Personalised recommendations