Designing for privacy management in hospitals: Understanding the gap between user activities and IT staff's understandings

Purpose: We examined the role of privacy in collaborative clinical work and how it is understood by hospital IT staff. The purpose of our study was to identify the gaps between hospital IT staff members' perceptions of how electronic health record (EHR) users' protect the privacy of patient information and how users actually protect patients' private information in their daily collaborative activities. Since the IT staff play an important role in implementing and maintaining the EHR, any gaps that exist between the IT staff's perceptions of user work practices and the users' actual work practices can result in a number of problems in the configuration, implementation, or customization of the EHR, which can lead to collaboration challenges, interrupted workflow, and privacy breaches. Methods: We used qualitative data collection methods for this study. We conducted semi-structured interviews with 20 hospital IT staff members. We also conducted observations of EHR users in the in-patient units of the same hospital. Results: We identified gaps in IT staff's understandings of users' work activities, especially in regards to privacy-compromising workarounds that are used by users and why they are used. Discussion: We discuss the reasons why this gap may exist between IT staff and users and ways to improve IT staff's understanding of why users perform certain privacy-compromising workarounds. Conclusion: A hospital's IT staff face a daunting task in ensuring users' collaborative work practices are supported by the system while providing effective privacy mechanisms. In order to achieve both goals, the IT staff must have a clear understanding of their users' practices. However, as this study highlights, there may be a mismatch between the IT staff's understandings of how users protect patient privacy and how users actually protect privacy.