Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice

Ebenezer, Catherine and Bath, Peter and Pinfield, Stephen Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice., 2016 . In Health Libraries Group, Scarborough (United Kingdom), 15-16 September 2016. (Submitted) [Presentation]

[img] Slideshow
CME-HLG-conference-presentation-0916-v2.3.pptx - Presentation

Download (694kB)
[img] Slideshow
CME-HLG-conference-presentation-0916-v2.3.pdf - Presentation

Download (496kB)

English abstract

1. Introduction The research project as a whole examined the factors that bear on the accessibility of online published professional information within the National Health Service (NHS) in England, and the implications that these have for library and information services. The overall aim of this study was to investigate the apparent disjunction between stated policy regarding evidence-based practice and professional learning, and actual IT (information technology) strategy, service delivery and security practice at NHS trust level, from both technical and organisational perspectives. The presentation discusses the following specific issues: 1) the nature and extent of restrictions on access to websites and web applications within NHS organisations; 2) the impacts of these on professional information seeking and working practices; 3) the technical and organisational factors which bear on how web security is implemented within NHS trusts, in relation to overall organisational priorities and strategies. 2. Methods The study adopted a qualitative case study method, taking three NHS trusts of different types for its setting. The lead researcher [CE] conducted a total of 40 semi-structured interviews with library and workforce development staff, IT managers, information governance managers, and clinical professionals. Interview findings are set in the context of the trusts’ and other relevant reports, policies, strategies and standards. 3. Results Staff in the teaching hospital trust experienced the greatest number of obstacles to information seeking caused by the blocking of legitimate websites (‘false positives’). This affected the work of clinical educators in particular. Much decision-making in relation to information security issues seemed to be tacit. IT security managers reported not having the time to evaluate the effectiveness or impact of the web security devices they deploy on NHS networks. They were likely to accept the default configurations and categorisations of content offered by the suppliers. The focus of their attention appeared to be on the potential security risks posed by ‘recreational’/non-work use of the web. 4. Conclusions Little attention has been paid within the NHS information systems community to the issue of access to legitimate published information. The focus is heavily on the secure and appropriate management of clinical records and systems. Community-based staff appeared to be more likely (than their hospital-based colleagues) to be significantly disadvantaged by restrictive access control policies.

Item type: Presentation
Keywords: web filtering, secure web gateways, National Health Service, acceptable use policies, information security risk, personal web use at work
Subjects: D. Libraries as physical collections. > DK. Health libraries, Medical libraries.
E. Publishing and legal issues. > EF. Censorship.
L. Information technology and library technology > LC. Internet, including WWW.
L. Information technology and library technology > LH. Computer and network security.
Depositing user: Ms Catherine Ebenezer
Date deposited: 22 Sep 2016 08:01
Last modified: 22 Sep 2016 08:02
URI: http://hdl.handle.net/10760/30016

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item