Search results
1 – 10 of 12Karin Hedström, Fredrik Karlsson and Fredrik Söderström
The purpose of this paper is to examine the challenges that arise when introducing an electronic identification (eID) card for professional use in a health-care setting.
Abstract
Purpose
The purpose of this paper is to examine the challenges that arise when introducing an electronic identification (eID) card for professional use in a health-care setting.
Design/methodology/approach
This is a case study of an eID implementation project in healthcare. Data were collected through interviews with key actors in a project team and with eID end users. The authors viewed the eID card as a boundary object intersecting social worlds. For this analysis, the authors combined this with an electronic government initiative challenge framework.
Findings
The findings of this paper illustrate the interpretative flexibility of eID cards and how eID cards as boundary objects intersect social worlds. The main challenges of implementing and using eID cards in healthcare are usability, user behaviour and privacy. However, the way in which these challenges are interpreted varies between different social worlds.
Practical implications
One of the implications for future practice is to increase our understanding of the eID card as a socio-technical artefact, where the social and technical is intertwined, at the same time as the eID card affects the social as well as the technical. By using a socio-technical perspective, it is possible to minimise the potential problems related to the implementation and use of eID.
Originality/value
Previous research has highlighted the need for more empirical research on identity management. The authors contextualise and analyse the implementation and use of eID cards within healthcare. By viewing the eID card as a boundary object, the authors have unveiled its interpretative flexibility and how it is translated across different social worlds.
Details
Keywords
Kane J. Smith, Gurpreet Dhillon and Karin Hedström
In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.
Abstract
Purpose
In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.
Design/methodology/approach
By using value-focused thinking, eliciting values from interviews of three groups of health-care staff’s objective hierarchies for three stakeholder groups are identified and defined. Objective hierarchies allow comparison across multiple stakeholder groups such that strategic objectives for identity management can be compared and contrasted.
Findings
This qualitative investigation, which used value-focused thinking, revealed 94 subobjectives, grouped into 12 fundamental and 14 means objectives, which are essential for developing measures that address potential value conflicts in a health-care organization around electronic identity management. The objectives developed in this study are grounded socioorganizationally and provide a way forward in developing measures aimed to reducing potential conflicts at a policy level.
Originality/value
In a final synthesis, congruence (or lack thereof) in the electronic identity management approach for a Swedish health organization is suggested. This also creates a foundation to evaluate and weight different objectives for strategic decision management.
Details
Keywords
Karin Hedström, Fredrik Karlsson and Ella Kolkowska
Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of…
Abstract
Purpose
Employees' compliance with information security policies is considered an essential component of information security management. The research aims to illustrate the usefulness of social action theory (SAT) for management of information security.
Design/methodology/approach
This research was carried out as a longitudinal case study at a Swedish hospital. Data were collected using a combination of interviews, information security documents, and observations. Data were analysed using a combination of a value-based compliance model and the taxonomy laid out in SAT to determine user rationality.
Findings
The paper argues that management of information security and design of countermeasures should be based on an understanding of users' rationale covering both intentional and unintentional non-compliance. The findings are presented in propositions with practical and theoretical implications: P1. Employees' non-compliance is predominantly based on means-end calculations and based on a practical rationality, P2. An information security investigation of employees' rationality should not be based on an a priori assumption about user intent, P3. Information security management and choice of countermeasures should be based on an understanding of the use rationale, and P4. Countermeasures should target intentional as well as unintentional non-compliance.
Originality/value
This work is an extension of Hedström et al. arguing for the importance of addressing user rationale for successful management of information security. The presented propositions can form a basis for information security management, making the objectives underlying the study presented in Hedström et al. more clear.
Details
Keywords
The purpose of this paper is to analyze the values of IT in elderly care.
Abstract
Purpose
The purpose of this paper is to analyze the values of IT in elderly care.
Design/methodology/approach
The paper is an empirical investigation based on four in‐depth case studies concerning IT in elderly care. The study draws on Actor‐Network Theory (ANT) and Social Construction of Technology (SCOT) with a focus on different actor groups' sense‐making regarding the role of IT in elderly care. The empirical analysis is, however, influenced by Grounded Theory (GT). Values are studied through the concept of “value areas”, which is a categorization of various actor groups' anticipated and experienced effects of developing, implementing, and using IT in elderly care.
Findings
The paper finds that the values of IT in elderly care can be organized in four related value areas: administration values, integration values, care values, and professional values. Research limitations/implications – Although the findings in this paper are related to elderly care it is believed that the value areas could be valid for all kinds of care work. Practical implications – The paper illustrates how different values are present during the development of IT, and discusses the importance of not only including, but also permitting, various actor groups' interests and values to influence the design process.
Originality/value
This paper examines the value of IT in elderly care, as well as presenting an approach for analyzing the values of IT. The paper and its findings should be valid for researchers, as well as for practitioners.
Details
Keywords
Karin Hedström, Elin Wihlborg, Mariana S Gustafsson and Fredrik Söderström
The purpose of the paper is to reveal how identities are constructed when electronic identification (eIDs) cards are introduced through information systems in public…
Abstract
Purpose
The purpose of the paper is to reveal how identities are constructed when electronic identification (eIDs) cards are introduced through information systems in public organisations.
Design/methodology/approach
Through two case studies, the authors generate rich data on the construction of identities through use of eID within public organisations. The author’s analysis, based on actor network theory, focusses on the translation of eIDs in these two settings.
Findings
ID can be viewed as an artefact where the public and private spheres meet. The authors found at least three mixed roles in employees’ use of eID: as a purely private person; as a private person in the work place; and as a professional in the work place.
Research limitations/implications
There is a need for further research on how eID is translated into organisational contexts and how institutional settings define the openings for local translation processes. However, the results are based on two small cases, meaning that broad generalisations are difficult to make.
Practical implications
EID is so much more than technology. The technical framing of the identification system appears to be subordinated to organisational arrangements and cultures, making it important to apply a socio-technical perspective when working with eID.
Originality/value
The empirical cases have offered a unique chance to study implementation and use of eID in two very different public service organisations. The findings illustrate how eID translated into organisational contexts, and how identity management within an organisational setting is linked to the employees’ private and professional roles.
Details
Keywords
Ann-Sofie Hellberg and Karin Hedström
– The aim of this paper is to describe a local government effort to realise an open government agenda. This is done using a storytelling approach.
Abstract
Purpose
The aim of this paper is to describe a local government effort to realise an open government agenda. This is done using a storytelling approach.
Design/methodology/approach
The empirical data are based on a case study. The authors participated in, as well as followed, the process of realising an open government agenda on a local level, where citizens were invited to use open public data as the basis for developing apps and external Web solutions. Based on an interpretative tradition, they chose storytelling as a way to scrutinise the competition process. In this paper, they present a story about the competition process using the story elements put forward by Kendall and Kendall (2012).
Findings
The research builds on existing research by proposing the myth that the “public” wants to make use of open data. The authors provide empirical insights into the challenge of gaining benefits from open public data. In particular, they illustrate the difficulties in getting citizens interested in using open public data. Their case shows that people seem to like the idea of open public data, but do not necessarily participate actively in the data reuse process.
Research limitations/implications
The results are based on one empirical study. Further research is, therefore, needed. The authors would especially welcome more studies that focus on citizens’ interest and willingness to reuse open public data.
Practical implications
This study illustrates the difficulties of promoting the reuse of open public data. Public organisations that want to pursue an open government agenda can use these findings as empirical insights.
Originality/value
This paper answers the call for more empirical studies on public open data. Furthermore, it problematises the “myth” of public interest in the reuse of open public data.
Details
Keywords
Moufida Sadok, Steven Alter and Peter Bednar
This paper aims to present empirical results exemplifying challenges related to information security faced by small and medium enterprises (SMEs). It uses guidelines based on work…
Abstract
Purpose
This paper aims to present empirical results exemplifying challenges related to information security faced by small and medium enterprises (SMEs). It uses guidelines based on work system theory (WST) to frame the results, thereby illustrating why the mere existence of corporate security policies or general security training often is insufficient for establishing and maintaining information security.
Design/methodology/approach
This research was designed to produce a better appreciation and understanding of potential issues or gaps in security practices in SMEs. The research team interviewed 187 employees of 39 SMEs in the UK. All of those employees had access to sensitive information. Gathering information through interviews (instead of formal security documentation) made it possible to assess security practices from employees’ point of view.
Findings
Corporate policies that highlight information security are often disconnected from actual work practices and routines and often do not receive high priority in everyday work practices. A vast majority of the interviewed employees are not involved in risk assessment or in the development of security practices. Security practices remain an illusory activity in their real-world contexts.
Research limitations/implications
This paper focuses only on closed-ended questions related to the following topics: awareness of existing security policy; information security practices and management and information security involvement.
Practical implications
The empirical findings show that corporate information security policies in SMEs often are insufficient for maintaining security unless those policies are integrated with visible and recognized work practices in work systems that use or produce sensitive information. The interpretation based on WST provides guidelines for enhancing information system security.
Originality/value
Beyond merely reporting empirical results, this research uses WST to interpret the results in a way that has direct implications for practitioners and for researchers.
Details