CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


Graduate School of Computer and Information Sciences


Gurvirender P. Tejay

Committee Member

Maxine S. Cohen

Committee Member

Ling Wang


Healthcare Information Systems, Security Failures, Usability Failures


This research study explores how the nature and type of usability failures impact task performance in a healthcare organization. Healthcare organizations are composed of heterogeneous and disparate information systems intertwined with complex business processes that create many challenges for the users of the system. The manner in which Information Technology systems and products are implemented along with the overlapping intricate tasks the users have pose problems in the area of usability. Usability research primarily focuses on the user interface; therefore, designing a better interface often leaves security in question. When usability failures arise from the incongruence between healthcare task and the technology used in healthcare organizations, the security of information is jeopardized. Hence, the research problem is to understand the nature and types of usability-related security failures and how they can be reduced in a Healthcare Information System.

This research used a positivist single case study design with embedded units, to understand the nature and type of usability-related information systems security failures in a Healthcare context. The nature and types of usability failures were identified following a four-step data analysis process that used terms that defined (1) user failures in a large healthcare organization, (2) Task Technology Fit theory, (3) the Confidentiality Integrity and Availability triad of information protection that captured usability-related information system security failures, and (4) by conducting semi-structured interviews with users of the Healthcare Information System capturing and recording their interactions with the usability failure.

The captured reported usability-related information system security failures dated back five years within a healthcare organization consisting of a network of 128 medical centers. The evaluation of five years of data and over 8,000 problems reported by healthcare workers allowed this research to identify the misalignment of healthcare task to the technology used, and how the misalignment impacted both information security and user performance. The nature of usability failures were centered on technical controls, however, the cause of the failures was predominately information integrity failures and the unavailability of applications and systems. Usability-related information system security failures are primarily not recognized due to the nature of healthcare task along with the methods healthcare workers use to mitigate such failures by employing workarounds to complete a task. Applying non-technical security controls within the development process provides the clearest path to addressing throughout the organization the captured usability-related information system security failures.