Chci Proposal For Childcares Study

  • Uploaded by: Laurian Vega
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Chci Proposal For Childcares Study as PDF for free.

More details

  • Words: 1,385
  • Pages:
Usable Security Team

CHCI Project Proposal Prepared for: Center for Human-Computer Interaction Prepared by: Laurian Vega, Ph.D. Candidate August 11, 2009

Virginia Tech

2202 Kraft Drive Blacksburg, VA 24061

T 540.239.9334

[email protected]

http://www.laurianvega.com

Usable Security Team

Usable Security Childcare Information Proposal Introduction President Obama has recently called for a complete revamping of the medical system. Within that call to action, there has been a push to make medical records not only electronic, but usable. However, medical records are a type of information that is primarily stored in paper form. Securing a piece of paper, one would think, is as simple as locking it in a filing cabinet. Additionally, determining who has access or had access to the medical information is relatively conventional given that paper can only be handed from person-to-person. What happens, though, when medical records become not only electronic but stored online[1]? How many people can access those files? How do you figure out who has access the files? Who owns the medical record? The patient, the doctor? And, who does the patient trust with their records? Should a doctor be able to see all of a patient’s records? The grand scope of this research attempts to answer some of those questions. In this proposal I have scaled down our project to a small pilot study. We are proposing an area of study that is not life critical – such as the emergency room, but one that contains medical-like sensitive information. I would like to study how information is secured and accessed in local childcares. Childcares have many different kinds of people (childcare workers, auditors, owners, parents – to name a few) and contains information that should not be shared with others. A study of current practices showing all of the different methods of information access and types of people who share information would provide insight into how to design information security measures for the personal health record domain where there are similar stakeholders. Some of the questions we are asking: • what kinds of information is stored? • what are the kinds of information different people have access to? • how is that information accessed? • what are the current security measures taken?; and, • what is the kind of audit trail left after someone accesses a piece of critical information? From this study I anticipate knowing a lot more about how critical information is accessed and secured in real life situations.

Usable Security Childcare Information Proposal

1

Usable Security Team

Research to Date At this point I have finished one half of a two part study that has been approved by the IRB; the IRB approval number is 09-515. In July an REU student and I interviewed twelve childcare directors in the NRV area. From this study we were able to derive the official policy on how information about the children and their families is stored, secured, accessed, and located. Now that we know what is the official policy, we would like to further explore what is the actual practice of information security by interviewing the parents of children in childcares. While in the childcares we asked if a flyer could be hung to encourage parents to participate in the second half of this study. From those flyers we have received a call from one parent participant. We have not received more phone calls. This has shown that our current recruitment methods are not as successful as we had hoped. In talking with Dr. Tatar about craftier recruitment methods, she believes that a monetary incentive along with fuller coverage in places where parents are located would greatly improve the chances of voluntary participation.

Plan of Action & Recruitment Methods Once this budget has been approved I will resubmit IRB with the financial information. I will then put up flyers in coffee shops, campus buildings, and other Blacksburg and Christiansburg shops while accessing my social network. Additionally, I will post announcements on listserves like the graduate student listserve and the working mother listserve. Interviews will be set up for September through November with transcripts being done within a week. The participant will be paid after the interview has been conducted. A final report of all the interviews will be completed by the end of the semester.

Procedure The participants will contact me by phone to to indicate that they would like to participate. A meeting will be set up to take place at the person's work or home location at a time of their choice. Upon arrival at the meeting an informed consent will be given, explained, and signed. The participant will then be instructed that the interview will be audio recorded and that at any time they can choose to not participate. The audio recording will then be started. They will be asked questions from the interview protocol that has been attached. We expect the study to last no longer than 30-45 minutes. Copies of pertinent artifacts may be collected. After the interview is over the participant will be thanked for his/her time and we will leave. 1) An audio recording from an MP3 recorder will be made which transcriptions will be made from. (2) Copies of forms will be collected and associated with a participants ID number (which will be assigned to the participant after agreeing to participate in the study). (3) A digital picture may be taken of pertinent artifacts. All of these materials will be digitized and the originals will be shredded. All original digital documents will be stored on Laurian Vega's personal machine that will be password protected.

Usable Security Childcare Information Proposal

2

Usable Security Team

Budget I am applying for $200.00 to interview twenty people in the fall semester 2009. Each participant would be paid $10.00 for 30 minutes of time.

References Kaelber, D.C., et al., A Research Agenda for Personal Health Records (PHRs). J Am Med Inform Assoc, 2008: p. M2547-M2547.

Appendix Interview Protocol & Questions: Field Study of In-use Information Security and Interfaces within Childcare Facilities Parents Section 1: Demographic and Background Information Goal: To collect background information about the parent and their child or children. Name: ________________________________________________________________ Gender: M/F Number of children in a childcare program: _____ Age(s) of child(ren): ____________________________ Childcare Facility in which your children are enrolled in: _____________________ How long has/have your child/children been enrolled in a childcare program: ________ How long has/have your child/children been enrolled in the current childcare program: _____________ Section 2: Information Security Goal: To look at how information is shared between the childcare providers and to the parents that are enrolling their children in to such programs. • In order to enroll your child/children in to childcare, what kind of information did you have to provide about yourself? • What kind of information did you have to provide about your child/children? Forms? Immunizations? • Maybe: Was there any particular information that you had to provide to the childcare facility that you felt was unnecessary or sensitive? How was this information handled? Any differently? • What kind of information does the childcare facility provide to you about your child/children? (ex: daily reports, webcam feeds, etc) Daily? Weekly? Yearly? • Is there any sort of information that you might have gathered about other children that are enrolled in your child’s/ children’s program (e.g. illnesses/conditions, behaviors )? • Are you aware of who can access your child’s information? Who do you think can access your child’s information? • Do you know that centers keep your files forever? • Who do you think is the owner the information in your child’s file? • If you aren’t comfortable with any policies do you feel you would be able to bring it up and have it be changed? • How much do you trust your childcare with your child’s information?

Usable Security Childcare Information Proposal

3

Usable Security Team

• What reassurances have you been given that the information about your child has been protected? Do you know who has access to information about your child? • Maybe (intrusive): Has there ever been an incident between your child and another at the childcare (e.g. physical altercations)? • If so, what kind of information was given to you about the incident (e.g. name of the other child, what exactly happened between the two children, etc)?

Usable Security Childcare Information Proposal

4

Related Documents


More Documents from "Faradlina Mufti"