RESEARCH ARTICLE Open Access

Professional culture, information securityand healthcare quality—an interview studyof physicians’ and nurses’ perspectives onvalue conflicts in the use of electronicmedical recordsMaria Skyvell Nilsson1, Marianne Törner2* and Anders Pousette2

Abstract

Background: Digital healthcare information systems impose new demands on healthcare professionals, andinformation security rules may induce stressful value conflicts, which the professional culture may help professionalsto handle.The aim of the study was to elucidate physicians’ and registered nurses’ shared professional assumptions and values,grounded in their professional cultures, and how these assumptions and values explain and guide healthcare professionals’handling of value conflicts involving rules regulating the use of electronic medical records.

Methods: Healthcare professionals in five organisations in two Swedish healthcare regions were interviewed.

Results: The study identified ensuring the patients’ physical health and well-being as the overarching value and a sharedbasic assumption among physicians and registered nurses. A range of essential professional and organisational values wereidentified to help attain this goal. In value conflicts, different values were weighted in relation to each other and to theelectronic information security rules.

Conclusions: The results can be used to guide effective design and implementation of electronic medical records andinformation security regulations in healthcare.

Keywords: Healthcare quality, Organisational culture, Value conflicts, Information security, Rule compliance,Information management

BackgroundWeb-based electronic medical records (EMRs) can im-prove healthcare by ensuring the completeness and coord-ination of patient information, but they also entailchallenges to information security and to the quality ofcare. Information security is often defined by (a) confiden-tiality, i.e. that the information is available only toauthorised individuals, units, or processes; (b) integrity,protecting the accuracy and completeness of the

information; and (c) availability, i.e. that the information isaccessible and usable on demand by authorised users. In-formation security is further defined by authenticity,accountability, non-repudiation and reliability [1].EMRs facilitate availability but also imply new threats

to information security. The electronic infrastructuremakes patient data technically available to professionalswho are not allowed such access. Access must thereforebe regulated through rules. However, information secur-ity rules are not always heeded. They may pose ethicalvalue conflicts when healthcare professionals must con-sider them in relation to other professional needs andvalues [2]. Value conflicts in healthcare commonlyinvolve issues in which organisational demands are

* Correspondence: marianne.torner@amm.gu.se2Occupational and Environmental Medicine, Institute of Medicine,Sahlgrenska Academy, University of Gothenburg, P.O. Box 414, SE 405 30Gothenburg, SwedenFull list of author information is available at the end of the article

© The Author(s). 2018 Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, andreproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link tothe Creative Commons license, and indicate if changes were made. The Creative Commons Public Domain Dedication waiver(http://creativecommons.org/publicdomain/zero/1.0/) applies to the data made available in this article, unless otherwise stated.

Skyvell Nilsson et al. Safety in Health (2018) 4:11 https://doi.org/10.1186/s40886-018-0078-9

perceived to conflict with healthcare staff ’s professionalethics. Ethical values are strongly related to the mean-ingfulness of work and therefore important for workers’psychological health [3]. Ethical dilemmas, which maycause moral distress, occur when health professionalsare unable to adhere to their professional ethics [4] orknow that acting on their professional ethics implies abreach of formal rules [5]. Kälvemark et al. definedmoral distress in healthcare as ‘traditional negative stresssymptoms that occur due to situations that involve eth-ical dimensions and where the health care provider feelsshe/he is not able to preserve all interests and values atstake’ [5]. A study among some 600 physicians andnurses found that moral distress was a problem in bothprofessions and that there was a strong relation betweenmoral distress and intention to leave the profession [6].A literature survey showed that nurses who often feltmoral distress were more emotionally exhausted andemotionally distanced from the patients [7]. Theseresults indicate that moral distress caused by ethical di-lemmas may not only jeopardise healthcare profes-sionals’ own health and pose a risk factor for exit, butthat it may also induce a threat to the healthcare qualityand patient safety. Organisational demands imposed byrules to ensure information security in the use of elec-tronic information management systems are a possiblesource of ethical value conflicts in healthcare.Johnson [8] stated that paradox or value conflicts in

organisations could not be managed by prioritising onevalue before the other, since such values are inter-dependent. Consistently prioritising one value willincrease the need for the other value. Coping with valueconflicts may instead be facilitated by construing a per-spective that accommodates opposing values. Such aframing of the value conflict allows a broader behav-ioural repertoire and active and flexible handling ofparadoxical demands [9]. The organisational or profes-sional culture may provide such a framing of value con-flicts and thus help professionals to cope with them.Schneider and colleagues defined organisational cultureas ‘the shared values and basic assumptions that explainwhy organisations do what they do and focus on whatthey focus on; it exists at a fundamental, perhaps pre-conscious, level of awareness, is grounded in history andtradition and is a source of collective identity and com-mitment.’ [10]. The culture thus provides a shared logicthat sets limits for what may happen in the group, and ifmade visible, that logic may explain much of what hap-pens. Professional culture is a concept related to organ-isational culture. Professional cultures often developwithin communities with a long education and thereforea long period of professional socialisation [11]. In themedical and nursing professions, where the work ishighly impregnated with emotions since it deals every

day with issues of life and death, one may expect a par-ticularly salient professional culture grounded in profes-sional ethical values.In one of the few empirical studies of professionals’

perspectives on value conflicts in healthcare informationsecurity [12], Hedström and colleagues concluded that acontrol-based system would not work to introducesecurity procedures in an organisation where such valueconflicts exist. To achieve better compliance with infor-mation security rules, the authors stated, one must studythe meaning of what people say and do to better under-stand the interests and values that affect the practice ofinformation security. Vaast [13] stated that informationsecurity issues are deeply embedded in the overall socialand physical context of work and concluded that it isvital for security managers to get a grasp of these mean-ings to effectively design and implement security pol-icies. We suggest that a cultural perspective on howvalue conflicts, involving information security in the useof EMRs in healthcare, are perceived and resolved mayhelp to develop information security systems and pol-icies that are better aligned with professional needs andthus better support the provision of high-quality, safeand efficient healthcare. Studying critical incidents in thework of healthcare professionals could illuminatecultural elements and explain behaviours within the pro-fessions. The present study aimed at elucidating physi-cians’ and registered nurses’ shared professionalassumptions and values, grounded in their professionalcultures, and how these assumptions and values explainand guide healthcare professionals’ handling of valueconflicts involving rules regulating the use of EMRs.

MethodsThe present study was based on interviews in twophases. Phase 1 was performed to create the basis forphase 2, by describing common healthcare situations in-volving conflicts between information security rules andother professional values. The description of these situa-tions was used as vignettes guiding the interviews inphase 2.

Participating organisations and contextThe participating healthcare organisations were stra-tegically selected to provide variation in location, size,medical specialty, digital software systems and organisa-tion of EMRs. Swedish healthcare is organised into 21geographic regions. Chief physicians in two caregivingorganisations providing secondary and tertiary care intwo such regions were contacted and agreed to partici-pate. One region was represented by a university hos-pital organisation with two hospitals (310 and 673 beds)and the other region by three hospitals (498, 469 and133 beds). Managers at the participating hospitals and

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 2 of 12

units arranged contact with the interviewees, all ofwhom gave their informed consent to participate. All in-terviews were performed and recorded in secludedrooms at the participants’ workplaces.In phase 1, informants from the two participating

regions, who upheld work tasks specifically related tothe implementation of EMR systems, were purposefullyselected to represent a variety of healthcare professionalsand functions. The participants were well acquaintedwith different types of information security problemsrelated to the use of EMRs. Two physicians, five nurses,two IT system developers and two healthcare managers(n = 11) were interviewed in phase 1.In phase 2, new informants were selected. They

were strategically selected registered nurses and physi-cians with varying degrees of experience and no spe-cific responsibilities for implementing EMRs. Theywere selected from different medical specialties inhospital somatic and psychiatric care. Four physiciansand four nurses from region 1 and three in eachcategory from region 2 participated (n = 14). Formore information about participants in phase 2, seeTable 1.

Characteristics of the EMR systems in each participatingregionIn region 1, the Cosmic EMR system allowed all hospi-tals in the region, as well as publicly owned primary careand eldercare access to the EMRs. The access betweenorganisations was limited to viewing, but not altering,information entered by another organisation. In region2, the Melior EMR system served only hospitals and wasnot linked to primary healthcare EMRs. All hospitals inthe region had viewing access to the EMRs.

Procedure and analysisPhase 1The semi-structured interviews in this phase, carried outin the spring of 2013, aimed to describe situations wherevalue conflicts occurred in day-to-day work with EMRs.Sample questions were ‘What are the information tech-nology’s main contributions to efficiency and quality ofcare?’ and ‘What obstacles do you perceive to the EMRs’ability to ensure information security?’ The participantswere e-mailed to collect their consent to participate andset times for the interviews. The interviews were re-corded, and all expressions of values and basic assump-tions related to information security were documented,coded and categorised. Situations in which healthcareprofessionals commonly experience value conflictsrelated to information security were identified and de-scribed. Based on this analysis, vignettes were con-structed to illustrate 10 common day-to-day situationsencountered by physicians or nurses and that repre-sented dilemmas involving information security rulesand professional needs to provide high-quality health-care (see the Appendix for vignette examples).

Phase 2The phase 2 interviews were performed from September2013 to December 2014. Participants were asked to readthe vignettes and select situations that were relevant andfamiliar to them. Each informant selected six to eightvignettes and for each vignette was asked to expandupon the following questions: ‘How would you haveacted in a situation like this?’, ‘What speaks for acting insuch a way?’ and ‘What speaks against acting in such away?’ The participants were encouraged to reflect openlyand to answer each question as completely as possible.

Table 1 Participants in phase 2 interviews

Geographical region Professional position Age (years) Work experience (years) Experience of EMR (years) Professional specialty

I Nurse 43 15 7 Internal medicine

I Nurse 51 4 7 Surgery

I Nurse 50 27 7 Surgery

I Nurse 49 10 10 Psychiatric care

I Physician 29 1 5 Surgery/orthopaedics//urology

I Physician 32 5 5 Internal medicine

I Physician 56 25 15 Orthopaedics

I Physician 59 25 12 Psychiatric care

II Nurse 49 26 6 Surgery; thorax

II Nurse 47 10 5 Nephrology

II Nurse 27 2 4 Nephrology

II Physician 35 8 8 Surgery; urology

II Physician 28 1 1 Surgery

II Physician 48 22 13 Nephrology

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 3 of 12

The interviewer asked follow-up questions to induceparticipants to clarify or expand upon their answers. Atthe end of each interview, the participants were askedwhether they could recall and describe any other rele-vant type of situation that would add furtherinformation.A grounded theory methodology was applied to the

data acquisition and analysis, providing a systematic, in-ductive and comparative approach to constructing the-ory [14]. The first step of the analysis was taken duringdata collection. After each interview, memos were cre-ated to record ideas about participants’ values and as-sumptions about information security issues and theirinterrelationships. In this way, it was possible to con-tinue to devise better-informed follow-up questions forthe next interview and thus obtain a more detailed de-scription of the phenomenon in focus. The interviewslasted 40 to 60 min, and recordings were transcribedverbatim (a total of about 200 pages of text). All authorsread all transcripts. The first author was responsible forthe primary analysis, but emerging results were dis-cussed continually within the research team. When allinterviews had been transcribed, we conducted aline-by-line coding of the text, which required close andrepeated reading of the text. Meaning units, expressingvalues and basic assumptions related to information se-curity were detected and coded. The next step of theanalysis established the codes that best explained the

empirical phenomena. Preliminary codes were testedagainst the text, and codes with the best ‘carrying cap-acity’ were distinguished [15]. A core category was con-structed by pulling together tentative categories thatexplained this core category in a way that ensured theor-etical significance and was traceable back through thedata [16].

ResultsThe participants in the phase 2 interviews are presentedin Table 1.The analysis resulted in descriptions of one core cat-

egory, four subcategories of professional values andthree subcategories of internalised organisational value,and a theoretical model was constructed illustrating theinteractions between these fundamental cultural ele-ments (Fig. 1).Ensuring the patients’ physical health and well-being

emerged as the core category, describing the commonoverarching value among the healthcare professionals.With this as a shared basic assumption, different inter-nalised professional and organisational values and valuesunderpinning prescribed information security rules wereweighted relatively in the professionals’ reasoning in de-cisions to act in dilemma situations. Such decisions weremoderated by (a) assessments of the legitimacy of the in-formation security rule(s); (b) situation-specific factorssuch as own competence, the competence of others

Fig. 1 The model illustrates the essential values among physicians and nurses, as they emerged in the study, and how different values are weighed inrelation to each other, thus guiding adherence to formally prescribed information security rules. To keep an acceptable balance between differentdesirable phenomena (values and rules), the pivot point in the decision to act in a dilemma shifts dynamically, as the weight of each specific desirabledepends on an evaluation of the entire situational context, and always in relation to the overarching value of ensuring the patients’ physical healthand well-being

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 4 of 12

involved and the patient’s needs; and (c) the risk of sanc-tions if information security rules were breached. Tobalance the different values and rules acceptably, deci-sions on how to act in dilemma situations shifted dy-namically, as the weight of each specific desirabledepended on an evaluation of the entire context in eachspecific situation. The evaluations were always made tosupport the basic assumption that the highest value is toensure the patients’ physical health and well-being.Figure 1 presents a model of the results.The resulting categories were persistently coherent be-

tween physicians and nurses and across specialties andorganisations. Some differences between nurses’ andphysicians’ professional roles could be discerned, how-ever, as nurses stressed their coordinating function whilephysicians emphasised their medical function. Eachquote below is marked with a code describing the infor-mant’s professional role of nurse (N) or physician (P).

The core category: ensuring patients’ physical health andwell-beingThe overarching goal of healthcare emerged as protect-ing the physical health and well-being of the patients.Values that can ensure this overarching goal are pro-tected, which may imply that information security rulesare rated lower: ‘The things that can kill you are moreimportant than the ones that offend you.’ (P)

Professional valuesThese values define what it means to act as a professional.

Work using reliable and exhaustive informationReliable, relevant and complete information is consid-ered a prerequisite to ensure patients’ physical healthand well-being. Completeness requires a clear division ofresponsibilities to secure the relevance and accuracy ofthe information as well as the rapid transfer of informa-tion between care professionals.The information must be written distinctly and unam-

biguously. The patients’ right to access their own med-ical records may then become a problem, since sensitiveinformation such as unconfirmed or stigmatising suspi-cions can cause the patient anxiety and suffering. If suchsensitive information has not yet been discussed withthe patient, professionals may consider ‘codifying’ it.Patient privacy is thus weighted against the complete-ness, accuracy and lucidity of the text: ‘It may be thatthe patient has access [to his/her electronic chart], so it’sprobably more important to express yourself in a waythat is not hurtful.’ (P)Inadequacies in digital technology and software usabil-

ity may also jeopardise information security. Accessingdifferent types of patient information from different soft-ware applications requires the use of different computer

display windows. The complete view of these is not asevident as it is in paper records, and some informationmay be unobserved. Also, multiple patient charts may beopen on the computer simultaneously, which may causeconfusion. Such inadequacies could cause healthcareprofessionals to base their decisions on incorrect or in-complete information. The source of the informationmust be possible to trace quickly and reliably, and EMRsdo not always allow this.

Be well informed and work safelyBeing well informed and working safely requires workingconditions that allow professionals to summarise theirobservations and opinions and complete their documen-tation in peace and quiet. For example, physicians de-scribed that when they work in the emergencydepartment, they do not always have enough time to en-sure a well-informed decision. They therefore need toreturn to the information in the patient chart to come tomore carefully considered opinions. Further, to gain anadequate summary of the patient’s condition, a physicianmay also need access to medical records that are consid-ered particularly sensitive, or even classified, such asthose from psychiatric or gynaecological departments.The physicians also described that it may be difficult tospecify in advance the information they need, as its sig-nificance may become clear only after a general searchof the assessments and workups of other care providers.In some cases, no important information is gained fromsuch searches and it may be difficult in retrospect todefend the decision to access the information. ‘That’swhat you do to get a background of the patient’s illness,so I don’t just go into the internal medicine folder, butalso the surgery folder and other folders that are neces-sary to get the patient’s medical history.’ (P)Junior professionals may need to be advised in their

medical decisions by more experienced colleagues. Thismay mean that the actual decision-maker is not docu-mented in the EMR and traceability is compromised.

Build a trustful patient–caregiver relationshipBuilding and maintaining a trustful care relationship is aprecondition of a healthcare professional’s ability to pro-vide, and the patients’ ability to receive, appropriate care.To protect the relationship, it may be necessary to pro-tect sensitive information from the patient’s relatives.For example, if the information is considered highlysignificant, but the patient’s consent to access it cannotbe obtained without disclosing its existence to a relative,the healthcare professional may breach the accessrestriction. In such cases, the patient’s approval is some-times sought afterwards.Patients’ privacy rights may also conflict with protect-

ing the relationship. A caregiving relation includes

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 5 of 12

empathy and commitment, and professionals may con-sider it a human need to follow up on former patients tobe updated on the patients’ medical situation for a laterappointment. This could mean breaching safety rules.

Let us say that I have a patient with breast cancer thatI may have followed now for two or three years. Andthen I get a mammogram report on her, let us say,and I write a reply and think ‘Oh, how nice that thispatient is doing well.’And then maybe I see in thesurgery chart that the patient has presented as anemergency ... and has had surgery. And then there isgreat suspicion of relapse, and then I am like ‘No, nother!’And maybe she’s transferred to internal medicine,so we can do a work-up. Then I might go in and readthe internal medicine chart because I want to seewhat’s happening. It’s wrong, I know it’s wrong... It’sabout interest in how she’s doing and for the future,because I might be seeing her at an appointment later.What happens then—should I call her? (N)

Develop as a professionalHealthcare professionals learn constantly through a var-iety of clinical situations and peer opinions. Such learn-ing requires following up on patients and readingassessments from other caregivers after the care rela-tionship has ended. Such access to information couldconflict with information security rules.

Why do I do it? To learn, so that I can become abetter doctor for all of my future patients. I canunderstand that the patient does not want people togo in and read their charts. I agree with that... But,just for follow-up purposes, I think it’s different... So ittakes years before you become a good physician... Andthen I can make better decisions the next time I getexactly the same kind of patient. (P)

Internalised organisational valuesThese values related to being a responsible organisa-tional team member and being efficient and productive.

Be efficient and productiveMaintaining care efficiency and productivity is integralto the professional role. This requires taking decisionsand actions in complex situations where time is oftenlimited, and it entails a need to prioritise tasks. Some-times efficiency conflicts with information security. Forexample, patients in pain or who need their insulin mustget medication immediately, but it is not always consid-ered possible to document such measures at the timethey are carried out, as required by the rules.

The professionals also described how conflicts be-tween information security rules and efficiency couldoften arise through inadequate access to computers andinadequate usability, such as software that requirestime-consuming management. Maintaining efficient careunder such circumstances may compromise traceabilityin the EMRs. Poor usability also restricts the availabilityof the EMRs. Since using the EMR software can be com-plicated and time-consuming, it may be considered moreefficient for the professional who is most experienced insuch use to take care of the documentation. This cansave time, but it compromises traceability.The need to provide efficient care and ensure patient

welfare implies that a patient should not be kept waitingfor important drugs. Medication deemed necessary maythen be administered by the nurse even if the prescrip-tion information in the EMR is incomplete. In such situ-ations, the accuracy of the prescription is not checkedwith the responsible physician until afterwards, whichposes a risk to both the patient and the nurse adminis-tering the drug.

Yes, but you have to work pragmatically, I think, towork smoothly. You cannot just contact the on-callphysician every time someone forgets to sign off on aprescription. That is not sustainable. (P)

In the absence of an EMR that is shared between care-giving organisations, physicians sometimes use a fax,order printed copies or make telephone calls to getup-to-date information from other healthcare providers.These procedures avoid delaying treatment decisions butjeopardise information security.

Be cooperativeProfessionals cooperate to provide continuity of care,support each other, learn from one another and makeuse of each other’s expertise. Collaboration is based oninformal agreements on how medical care should beorganised efficiently and on their shared responsibility toprotect the patients’ physical health and well-being. Suchcollaboration requires knowledge of each other’s respon-sibilities and skills and functions as a control by whichhealthcare professionals can ensure that important inter-ventions are carried out correctly and promptly. This in-cludes warning others about any deviance from careprocedures. For example, an experienced nurse whoknows the procedures may remind the attending phys-ician of a forgotten drug or question a prescription.Healthcare professionals described how the EMR soft-ware did not always support such cooperation, since it isnot easy to follow interventions by those in other profes-sional categories and how security rules sometimes haveto be breached to ensure patients’ health and well-being.

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 6 of 12

Collaboration creates opportunities to ensure and con-firm the accuracy of personal actions. Less experiencedphysicians may need to consult experienced colleagues,who then need to log in to the patient’s EMR withouthaving a formal care relationship. Such log-ins may befrequent, and the reason for them is often not docu-mented. Similarly, nurses described how they help eachother with work on the ward, which entails reading themedical records of patients for whom they are not re-sponsible. Further, treatment decisions are often taken incollaboration, where only the person who is logged inbecomes formally responsible. Unclear delineation ofwhat is authorised access to information does not sup-port collaboration in healthcare, and the logs that areregistered do not always mirror the actual work.

It is unsustainable to work if we are not going to beable to help each other across boundaries when weneed to do so. […] If my colleague goes to thebathroom and the patient is doing poorly, then I getthe care relationship. (N)

Ensure continuity of careHealthcare professionals described having personal re-sponsibility for maintaining continuity of care in patienttransfers between different healthcare providers to avoidpatients ‘falling through the cracks’. They described fol-lowing up on interventions and work-ups carried out atother healthcare facilities to ensure that planned and im-portant problems and interventions were addressed. Insome cases, such conduct is in conflict with EMR accessrules.

For me it’s patient safety ... that what you ask forreally gets done, that it will not be forgotten. It’shappened when referring to a larger clinic thatproblems have been delayed which really need to beaddressed faster... And I do not think it helps thepatient in any way that I do not get to look. (P)

Healthcare professionals stated that the existing infor-mation technology systems cannot always ensure effect-ive transfer of information and described how they usetheir own informal solutions to ensure continuity ofcare, such as a fax or hard copy chart passed along bythe patient.

Decision moderatorsLegitimacy of prescribed information security rulesInformation security was generally considered a basicvalue in good healthcare, and the professionals were wellaware of the information security rules. However, intheir decisions on how to act, information security rules

were weighted in relation to their legitimacy, to the pro-fessional’s general attitudes toward regulatory compli-ance and to their interpretation of the concept ofinformation security. However, violation of informationsecurity rules is legitimate only if based on professionalneeds, and there are clear limits to how far one may goin violating the rules.

No, no. You cannot sign in using someone else’s log-in. But on the other hand, [I] would spontaneously sayshe can check in on someone else’s log-in, and thensign in afterwards using her own log-in. (P)

Various concepts in the information security regula-tions allowed some personal interpretation, related tothe specific situation, individual role and professionalneeds.

For me, the care relationship involves the patient thatI am taking care of on this particular day. Or a patientwho I have to call next week, when the patient and Ihave agreed to do so. That’s how I see a carerelationship. So, I hope that’s right? (N)

Healthcare professionals said that patients are notaware of the limitations that apply to the professionals’access to patient information and that patients may notunderstand the medical consequences of personallyrestricting access to their EMRs. Healthcare profes-sionals described ambiguities in individual assessmentsof how to handle restricted access and protected infor-mation: ‘If they come to the emergency room, they wanthelp; then I can break protection.’ (P)Nevertheless, restricted access imposed by the patient

retains high legitimacy. Healthcare professionals de-scribed how they organise their work to try to follow theinformation security regulations. For example, one phys-ician described how he, while the patient is still in theemergency room, asks for the patient’s general consentto his accessing the chart notes later, to follow up on thecase.

Fear of sanctions for breaching rulesHealthcare professionals described how it may be diffi-cult to remember the reason for being logged on a spe-cific patient. One physician described a need to ‘lookaround’ in different medical records to be able to analysea patient’s problems. Such an approach, which is intui-tive and related to tacit knowledge, can be difficult tojustify formally according to linear thinking. Anotherphysician was concerned about breaking informationsecurity rules when consulted by other colleagues. Insuch consultations, physicians may access medical re-cords without actually having any formal care

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 7 of 12

relationship with the patients who are discussed. ‘If theywere to start asking, I couldn’t answer why I was lookingin the chart at the time. I didn’t enter any documenta-tion.’ (P)Discomfort with accountability also emerged in de-

scriptions of how poor usability of the technology mayresult in accidental violations. For example, charts fordifferent patients may be open on the computer at thesame time, and the documentation could then be en-tered accidently on the wrong chart and/or by anon-authorised professional.Traceability was perceived as both a threat to staff in-

tegrity and a means to ensure such integrity. It was con-sidered a threat because of the risk of being accused ofbreaching the rules, because what is (un)authorised ac-cess to data was often unclear. However, it was also con-sidered to protect the individual from being blamed forerrors committed by others. Traceability enabled indi-viduals to prove that they had met their obligations, ifquestioned.Healthcare professionals also described behavioural

circumventions and norms that support professionalneeds such as ensuring continuity of care or learning byaccessing possibly restricted data but are not traceable.For example, the physician may read additional chartdata while electronically signing a referral. This allowsaccess to the medical records written by colleagues. An-other example involves directly contacting the physicianwho took over the care of a patient with whom one’sown care relationship has formally ended and askingquestions. Such behaviour is considered acceptable, be-cause the responding physician can sift through the in-formation that is transferred.

I would have called the surgeon who had received thereferral and found out how the patient was doingthrough that channel... because then at least thesurgeon would have an opportunity to say ‘It’s none ofyour business’. (N)

Situation-specific factorsA number of situation-specific factors were consideredand influenced professionals’ decisions to act. Examplesof such factors were one’s own competence, knowledgeof the competence and trustworthiness of others in-volved in the situation, the urgency of the patient’s needsand organisational and technical restrictions. Every deci-sion was guided by the basic value of ensuring the pa-tients’ physical health and well-being.

If I have known A for a long time, and I know that Ais good and does not usually make any mistakes, I’dlet A borrow my log-in. Of course, it depends on the

patient. If it’s a patient where it’s important to admin-ister insulin quickly, or if there usually is not any rea-son to hurry, that also makes a difference. That canalways be evaluated. Obviously, it’s the best interestsof the patient that determine how you are going to actin a given situation. (P)

DiscussionEnsuring the patients’ physical health and well-beingemerged as the overarching value among physicians andnurses. We identified the need to satisfy this value as ashared basic assumption constituting the core of theprofessional culture [11]. In general, the professional andorganisational values among nurses and physicians, andacross organisations, were quite coherent. These findingssupport the existence of a largely shared professionalculture, grounded in professional ethical values, andreaching beyond the organisational borders. The care ofa patient often requires progression from one caregiverto another, within and between organisations.High-quality and efficient care then requires coordin-ation between professionals, departments and organisa-tions [17]. A shared professional culture is likely tofacilitate this. Ensuring continuity of care also emergedas an internalised organisational value.Information security was in accord with professional

values such as ensuring patients’ integrity and building atrustful relation with the patient. However, the EMR in-formation security rules were considered too restrictive.This indicates that although the underlying values arecoherent, the formal rules may cause stressful ethicaldilemmas. Uncertainty about the interpretation of therules, particularly regarding legitimate access to data,also posed problems for the care professionals.Previous research on the pros and cons of introducing

electronic information systems in healthcare have largelyfocused on the usability aspects of the technology, andrecommendations to improve usability have been sug-gested [18, 19]. Healthcare professionals’ concerns abouttheir ability to use EMR technology illuminate the us-ability aspects of ease of use and interoperability anddemonstrate that such aspects affect productivity, deci-sion processes and individual priorities [20–23]. Thepresent study also showed that EMR usability influencedusers’ reasoning and behaviour concerning compliancewith information security rules. Although the optimalsolution would be to eliminate all usability constraints,this is probably unrealistic due to differences betweenindividual users and frequency of use, multiple systemsin parallel use in different organisations, systems evolu-tion with the integration of new subsystems and limitedresources. Also, updates to information technology sys-tems, even when they imply improvements, place an

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 8 of 12

extra cognitive and emotional load on users. Usabilityaspects should be considered when developing informa-tion security procedures for the use of EMRs. But thepresent study widens the perspective beyond usability is-sues. It illuminates value conflicts in the use of EMRsand how such conflicts are handled within the profes-sional culture in healthcare. This perspective is import-ant because it may help healthcare managers andsystems developers to understand why informationsecurity rules are sometimes breached and why coercivebehavioural demands will not solve this. If they are notsensitive to important aspects of the professional culture,such demands may create ethical dilemmas that induceharmful moral distress. Information security rules andthe organisation of work must accommodate a range ofvalues essential to healthcare professionals’ abilities toprovide high-quality, safe and cost-effective healthcare.The professionals described workarounds. They may

ensure future access to information without breaking theinformation security rules by asking for the patient’sgeneral consent to do so. This may solve some concernsabout the patient’s autonomy, but it raises other ethicalproblems. For example, for how long is such consentconsidered valid? When is it right to ask such a questionto a patient in need or dependency? The study alsoshows that there are several situations when it is notrealistic to get consent from the patients, for examplewhile cooperating with other professional team membersor when a senior physician is consulted about a patient.In line with other research [20], the participants de-

scribed that the EMRs provide more complete docu-mentation than analogous systems, but for someprofessionals and in specific situations, information se-curity rules restrict the availability of the data in a waythat is counter to high quality care. The study alsoshowed how concerns such as the need to maintain atrustful relationship with the patient may compromiseinformation security in terms of completeness, rele-vancy, and timeliness. Reliable and exhaustive informa-tion is crucial, but the professionals were concernedabout the validity and quality of data in the EMRs, ashas been found by others [24].The information security rules themselves, or uncer-

tainty about the interpretation of these rules, werefound to restrict opportunities for professional devel-opment. Professionals may also need to access the pa-tients’ medical records after handing over the patientto other healthcare providers, to reflect on and learnfrom their own and other professionals’ decisions.The professionals were uncertain about when suchaccess to data was allowed under the information se-curity rules. The Swedish Patient Data Act (SPDA)[25] in this respect is vague, and such ambiguity con-tributes to moral distress.

The professional values were essential for satisfyingthe basic shared assumption that the patients’ physicalhealth and well-being must be ensured. It is, however,interesting to note that important values were notgrounded solely in professional ethics. Organisationalvalues in terms of being efficient and cooperative werealso highly internalised. The ‘product’ in healthcare workis care. The professionals are well aware that resourcesare sparse and must be used efficiently to accomplishhigh-quality care for all those who need it. Using re-sources in a careful manner is thus related to meaning-fulness, role definition and cultural assumptions.The results showed that healthcare professionals might

sometimes breach information security rules to be able tocooperate and work efficiently. Prioritising cooperationamong healthcare professionals at the cost of informationsecurity was also described in an observational study [26].Such teamwork makes it possible to assimilate compre-hensive competence and stimulates organisational learn-ing [27].In highly complex and varied work, such as healthcare,

the rules regulating work performance must be formu-lated such that they allow professionals autonomy andadaptive behaviour in situations that cannot be well pre-defined [28]. It is important that when developing andimplementing behavioural rules, processes and software,healthcare managers and designers of electronic infor-mation management systems acknowledge that informa-tion security is not a value that can be considered inisolation from other professional values in healthcare.Such recognition will allow the development of EMRsystems that work in synergy with the professional ethicsand culture. This would facilitate the healthcare profes-sional’s ability to accommodate different values and pro-mote healthcare quality and performance, including ahigh level of information security.

Implications for practiceThe need to ensure the patients’ physical health andwell-being emerged as a shared basic assumption withinthe professional cultures of physicians and nurses. Arange of competing and sometimes conflicting valueswere considered in relation to this basic assumption andguided the professionals’ decisions and actions. It is im-portant that politicians, managers and others involved inorganising and developing processes and procedures inhealthcare understand and acknowledge this culturalassumption as an essential prerequisite for quality andequity in healthcare. Taking a stance on professional eth-ics in the design and implementation of new technology,such as EMR systems, and when developing rules regu-lating its use will allow professionals to accommodate arange of different values and improve their ability tocope effectively with value conflicts. Such alignment

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 9 of 12

would not only reduce moral distress among the profes-sionals, but also improve both healthcare quality and in-formation security.

LimitationsThe study was confined to two healthcare regions inSweden, which may limit the transferability of its results.However, the differences between the EMR systems’ de-sign and organisation of data in the two regions contrib-uted to descriptions of a variety of situations and thus toa deep understanding of the value categories and the re-liability and exhaustiveness of the information. It shouldalso be noted that the two different EMR software sys-tems used in these two regions are commonly used inother Swedish healthcare regions. We also believe thatmost of the usability aspects of the electronic technologywould be similar no matter the hardware or softwareused, since many design features are similar. Other stud-ies focusing on users’ behaviour and attitudes towardsEMRs show that professionals in healthcare organisa-tions in other countries have experiences similar tothose described here [17, 23, 24, 26], which supports thetransferability of our results.In phase 2, the vignettes we used might have restricted

the participants’ responses. However, the vignettes wereconstructed to comprehensively represent the salientvalues and dilemmas described in the phase 1 interviewswith participants with profound knowledge and experi-ence of the problem area. The participants in phase 2confirmed that the situations described in the vignetteswere relevant to their day-to-day work. In addition, thephase 2 participants were given the opportunity duringthe interviews to describe other situations significant tothe topic. No new categories emerged from their add-itional descriptions. The vignettes helped the informantsto focus on realistic and common critical incidents andthus minimised the risk of stereotyped answers byreminding them of situations they had actually experi-enced. The open questions allowed us to acquire com-prehensive descriptions of relevant phenomena.According to grounded theory, a small number of par-

ticipants could limit the theoretical saturation of theresulting categories [29]. In selecting participants, wesought as much variety as possible in the target popula-tion in terms of workplace, occupation, seniority, clinicalspecialty and geographical region. To ensure the satur-ation of the data, we returned to the two last analysedinterviews and ascertained that no new categories hademerged in their analysis. We therefore consider thedata exhaustive and thoroughly descriptive of the identi-fied categories [30]. The results were fed back to anddiscussed with managers, IT system developers andhealthcare professionals from the two participatinghealthcare organisations, some of whom had also been

informants in the study. The results made sense to thefeedback participants, which strengthens the validity ofthe results.

ConclusionsEnsuring patients’ physical health and well-being emergedas the core category and shared basic assumption of theprofessional culture of physicians and nurses. The studyalso identified professional needs and values to ensure thisbasic assumption. Values underpinning information secur-ity rules were largely internalised, as were the organisa-tional values of efficiency and cooperation. Althoughunproblematic when viewed individually, values some-times came into conflict with the security rules regulatingthe use of EMRs. In such situations, values and rules wereweighted dynamically in relation to each other in the pro-fessionals’ normative reasoning and decisions on how toact to best satisfy the shared basic assumption. A range ofsituation-specific factors was then considered, along withthe perceived legitimacy of the rules surrounding informa-tion security and the professionals’ fear of sanctions if theybreached those rules.It is important in the development of EMR systems to

view information security as one value among others, al-ways in relation to the basic and shared assumptionamong the healthcare professionals, that first and fore-most the physical health and well-being of the patientmust be ensured. It is also important to work towardsprocedures and rules that can reconcile different needsand values, work in synergy with the professional cultureand promote organisational performance. Such align-ment will reduce value conflicts and moral distressamong healthcare professionals and reduce the circum-vention of information security rules.

AppendixExamples of vignettes derived from phase 1 interviewsand used in phase 2

1. Nurse A is handing out morning medications onthe ward. One of the patients needs insulin beforebreakfast, so A is in a hurry. There is only onecomputer available in the medication room, and acolleague, who is also distributing medications, islogged in on that computer. A asks and receivespermission to go into the patient’s medication listvia the colleague’s login. Now the patient canreceive the medicine on time, but A, who took outand administered the medication, will not be able tosign off on administering the medication.

What would you do in this situation, if you were A?What would you do if you were the colleague? What

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 10 of 12

speaks for handling the situation in this way? Whatspeaks against handling the situation in this way?

2. K works as a physician on the internal medicineward. The day before yesterday, K met a patientwith problems that K could not completelyunderstand or solve. K believed that the patient’sproblems might have been surgical, so K referredthe patient to the surgery department. Now Kwants to follow up on this decision and see howthings went for the patient. K goes into the surgerymedical record system and finds that the patientwas referred to gynaecology. Even more puzzled bythe situation, K decides to read the chart note fromgynaecology to gain clarity on the patient’sproblem. K logs in to the patient’s gynaecologychart and reads it.

What would you do in this situation, if you were K?What speaks for handling the situation in this way?What speaks against handling the situation in this way?

AbbreviationsEMAs: Electronic medical records; SPDA: Swedish Patient Data Act

AcknowledgementsThe study was financially supported by the Swedish Civil ContingenciesAgency, grant no 2011-388, which is hereby gratefully acknowledged.

FundingThe study was financially supported by the Swedish Civil ContingenciesAgency, grant no 2011-388.

Availability of data and materialsThe datasets analysed in the current study are available from the correspondingauthor on reasonable request.

Authors’ contributionsMT and MSN recruited participating organisations and healthcare professionals.MT, AP and MSN conceived and designed the study, developed the interviewguide and participated in data analysis. MSN was primarily responsible for thedata analysis and performed the literature review. MSN and MT wrote the firstdraft of the manuscript. All authors reviewed, discussed and edited themanuscript and approved the final version.

Ethics approval and consent to participateThe study did not collect information defined as sensitive by the SwedishPersonal Data Act (i.e., data on race or ethnic origin, political opinions,religious or philosophical convictions, trade union membership, health, orsexuality) and therefore did not require approval from the Ethical ReviewBoard. All participants gave their informed consent to participate in thestudy.

Consent for publicationNot applicable.

Competing interestsThe authors declare that they have no competing interests.

Publisher’s NoteSpringer Nature remains neutral with regard to jurisdictional claims inpublished maps and institutional affiliations.

Author details1Department of Health Sciences, University West, Trollhättan, Sweden.2Occupational and Environmental Medicine, Institute of Medicine,Sahlgrenska Academy, University of Gothenburg, P.O. Box 414, SE 405 30Gothenburg, Sweden.

Received: 21 August 2018 Accepted: 22 October 2018

References1. ISO (The International Organization for Standardization) and IEC (the

International Electrotechnical Commission). ISO/IEC 27002:2013. Informationtechnology Security techniques Code of practice for information securitymanagement. Geneva. [cited 10 May 2018]. Avaliable from: http://docplayer.net/668061-Information-technology-security-techniques-code-of-practice-for-information-security-controls.html

2. Fernando JI, Dawson LL. The health information system security threatlifecycle: an informatics theory. Int J Med Inform. 2009;78(12):815–26.

3. Antonovsky A. Unraveling the mystery of health: how people manage stressand stay well. San Francisco: Jossey-bass; 1987.

4. Corley MC, Elswick RK, Gorman M, Clor T. Development and evaluation of amoral distress scale. J Adv Nurs. 2001;33(2):250–6.

5. Kälvemark S, Höglund AT, Hansson MG, Westerholm P, Arnetz B. Living withconflicts-ethical dilemmas and moral distress in the health care system. SocSci Med. 2004;58(6):1075–84.

6. Whitehead PB, Herbertson RK, Hamric AB, Epstein EG, Fisher JM. Moraldistress among healthcare professionals: report of an institution-widesurvey. J Nurs Scholarsh. 2015;47(2):117–25.

7. Oh Y, Gastmans C. Moral distress experienced by nurses: a quantitativeliterature review. Nurs Ethics. 2015;22(1):15–31.

8. Johnson B. Reflections: a perspective on paradox and its application tomodern management. J Appl Behav Sci. 2014;50(2):206–12.

9. Lewis MW. Exploring paradox: toward a more comprehensive guide. AcadManag Rev. 2000;25(4):760–76.

10. Schneider B, González-Romá V, Ostroff C, West MA. Organizational climateand culture: reflections on the history of the constructs in the Journal ofApplied Psychology. J Appl Psychol. 2017;102(3):468.

11. Schein EH. Organizational culture and leadership. Third Edition ed. SanFransisco: Jossey-Bass; 2004.

12. Hedström K, Kolkowska E, Karlsson F, Allen JP. Value conflicts for informationsecurity management. J Strateg Inf Syst. 2011;20(4):373–84.

13. Vaast E. Danger is in the eye of the beholders: social representations ofinformation systems security in healthcare. J Strateg Inf Syst. 2007;16(2):130–52.

14. Bryant A, Charmaz K. The SAGE handbook of grounded theory. Los Angeles:SAGE; 2010.

15. Charmaz K. Grounded theory as an emergent method. In: Hesse-Biber SN,Leavy P, editors. Handbook of emergent methods. New York; London:Guilford; 2008. p. 155–72.

16. Glaser BG, Strauss AL. The discovery of grounded theory : strategies forqualitative research. Chicago: Aldine; 1967.

17. Lluch M. Healthcare professionals’ organisational barriers to healthinformation technologies—a literature review. Int J Med Inform. 2011;80(12):849–62.

18. Fernández-Alemán JL, Sánchez-Henarejos A, Toval A, Sánchez-García AB,Hernández-Hernández I, Fernandez-Luque L. Analysis of health professionalsecurity behaviors in a real clinical setting: an empirical study. Int J MedInform. 2015;84(6):454–67.

19. Lawler EK, Hedge A, Pavlovic-Veselinovic S. Cognitive ergonomics, socio-technical systems, and the impact of healthcare information technologies.Int J Ind Ergon. 2011;41(4):336–44.

20. Häyrinen K, Saranto K, Nykänen P. Definition, structure, content, use andimpacts of electronic health records: a review of the research literature. Int JMed Inform. 2008;77(5):291–304.

21. McGinn CA, Grenier S, Duplantie J, Shaw N, Sicotte C, Mathieu L, et al.Comparison of user groups’ perspectives of barriers and facilitators toimplementing electronic health records: a systematic review. BMC Med.2011;9:46.

22. Varpio L, Rashotte J, Day K, King J, Kuziemsky C, Parush A. The EHR andbuilding the patient’s story: a qualitative investigation of how EHR useobstructs a vital clinical activity. Int J Med Inform. 2015;84(12):1019–28.

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 11 of 12

23. Zwaanswijk M, Verheij RA, Wiesman FJ, Friele RD. Benefits and problems ofelectronic information exchange as perceived by health care professionals:an interview study. BMC Health Serv Res. 2011;11:256.

24. Salahuddin L, Ismail Z. Classification of antecedents towards safety use ofhealth information technology: a systematic review. Int J Med Inform. 2015;84(11):877–91.

25. The Swedish Patient data act (SOSFS 2008:355). [internet] Stockholm:Socialdepartementet [cited 10 May 2018]. Avaliable from: https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/patientdatalag-2008355_sfs-2008-355

26. Eikey EV, Murphy AR, Reddy MC, Xu H. Designing for privacy managementin hospitals: understanding the gap between user activities and IT staff’sunderstandings. Int J Med Inform. 2015;84(12):1065–75.

27. Skyvell Nilsson M, Pilhammar E. Professional approaches in clinicaljudgements among senior and junior doctors: implications for medicaleducation. BMC medical education. 2009;9:25.

28. Grote G. Promoting safety by increasing uncertainty–implications for riskmanagement. Saf Sci. 2015;71:71–9.

29. Charmaz K. Grounded theory: objectivist and constructivist methods. In:Denzin K, Lincoln Y, editors. Handbook of qualitative research. ThousandOaks: Sage; 2000. p. 509–35.

30. Malterud K. Qualitative research: standards, challenges, and guidelines.Lancet. 2001;358(9280):483–8.

Skyvell Nilsson et al. Safety in Health (2018) 4:11 Page 12 of 12