“Jekyll and Hyde ” embodies how information security affects today’s healthcare ecosystem. When security works, it promotes patient health and a smooth operating ecosystem (Dr. Jekyll); when it doesn’t, privacy and health compromises can occur (Mr. Hyde). In this paper, we argue that unusable security triggers this split personality and in doing so, compromises the heart of the healthcare ecosystem: the trust relationships that comprise the system. This compromise creates a trust void that ecosystem participants fill with more unusablesecurity further reinforcing the split personality. To encourage Dr. Jekyll to oust his alter ego and hence, avoid this reinforcement, we postulate a set of usable-security axioms and propose supporting areas of research. We consider both policy and mechanism as important components of usable information security.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.