Interesting quote from an article that I was reading this morning:
“When creating a patient portal that provides access to electronic health records, healthcare organizations must educate patients about the need for authenticating their identities, says Sharp HealthCare CIO Bill Spooner. [â€¦] Spooner notes that some patients have complained that the authentication method for its patient portal is cumbersome.”
Itâ€™s not the fault of the user, theyâ€™ve not been educated as to why the bar should be higher (and they donâ€™t necessarily understand the potential consequence of a low bar). Itâ€™s not the fault of the business, after all things have been “good enough so far” so why spend money changing something that doesnâ€™t look like itâ€™s broken?
Itâ€™s (almost) nice to know there are others struggling with the balance between usability, user acceptance, funding and the changing landscape of threat.