Under the WI-IAIMS initiative, the University of Wisconsin's Department of Family Medicine (DFM) determined the need for secure electronic mail. Currently, DFM does not use email for provider-provider communication. Despite its conveniences and accessibility, email with the existing system is not equipped with a security system to ensure the confidentiality, integrity, or authenticity of the communication. Communication must be confidential and protected from unauthorized outside parties. No unexpected modifications should occur during transmission to ensure the communication's integrity. In addition, users need a means to authenticate their transmission by confirming their identity through means like a password or key. The IAIMS-PKI project will identify the technical requirements for an email system to ensure rapid, secure electronic communication.
The PKI (Private Key Infrastructure) Usability Study is a part of the WI-IAIMS initiative. The research is being conducted with the cooperation of both the UW Department of Family Medicine and the UW Division of Information Technology (DoIT). There are two phases to this project.
In Phase I, IAIMS-PKI project will identify the technical requirements for an email system to ensure rapid, secure electronic communication. Through February 2001, in-depth, 30-minute interviews were conducted with employees of the University of Wisconsin-Department of Family Medicine. From these interviews, several categories of information will be recorded, analyzed, and developed into technical requirements: usability requirements, technical comprehension of the current email system, and liability requirements governed by patient privacy issues. It was concluded that PKI would be a feasible means for secure provider-to-provider email communication.
Phase II of the study involves the installation and maintenance of the PKI project by the DoIT technical administrators as well as the use of the PKI system among actual clinicians. The purpose of this pilot study is to determine how the proposed secure e-mail solution will affect the work processes of the clinicians and technical administrators and to understand their attitudes and comprehension of e-mail security. In order to use all the security functions of PKI, both the e-mail sender and receiver must have a PKI account. The PKI solution will be implemented for one work group of doctors and nurses to study the effects it has on communication patterns and habits. E-mail surveys will be sent out over a four-month period, and it will be protected by the PKI security functions. This will ensure the participants remember how to use the solution during the study, and eliminating paper survey handouts will protect privacy. The PKI administrators will also participate in interviews and/or surveys to study the administrative work process and work load.