The increasing digitisation of healthcare has introduced both opportunities and challenges. While digital systems have improved access to medical records, enabled remote care and supported patient monitoring, they have also created new vulnerabilities. Cybersecurity breaches can endanger patient privacy and the integrity of healthcare services. Prevailing security models often view users—clinicians and patients alike—as risks to be managed. This narrow framing neglects the complex social practices of care that are integral to effective healthcare delivery. A more constructive approach sees end users not as obstacles to security but as active participants in shaping secure, functional systems.
Tensions Between Technical Security and Care Practices
Traditional cybersecurity paradigms in digital health tend to prioritise technical safeguards, such as robust authentication protocols, secure system architecture and stringent access controls. These mechanisms, although critical for protecting data and infrastructure, often ignore the daily realities of clinical care. In many settings, healthcare professionals circumvent security protocols to deliver timely and compassionate care. In Swedish hospitals, for example, staff shared passwords or left systems logged in to maintain workflow efficiency. These actions, while violating prescribed protocols, reflected informed decisions aimed at balancing patient care with operational demands.
Such deviations from formal security policies are not simply lapses in compliance but illustrate the nuanced judgement exercised by healthcare providers. Sensitive information may be withheld from digital records to preserve patient trust, or documentation delayed when immediate care takes precedence. These behaviours suggest a value-based conflict between rigid security frameworks and the fluid, interpersonal nature of caregiving. By treating non-compliance solely as a problem, existing security models overlook the possibility that users are enacting an alternative, care-informed logic that merits integration into security design.
Patients’ Perspectives and the Ambiguity of Smart Technology
Patients also encounter the intersection of security and care in their interactions with digital systems. In the case of the SPHERE smart home pilot, older adults generally responded positively to health-monitoring technologies. However, participants expressed concerns about their data being exploited or used to target them as vulnerable individuals. These apprehensions were not merely about hypothetical cyber threats but about the broader implications of data surveillance and misuse. Participants feared being identified as weak or alone, which could attract malicious attention.
Must Read: Securing Healthcare’s Digital Future with Blockchain
Such experiences reveal that even well-intentioned technologies designed to enhance care may inadvertently introduce feelings of insecurity. This duality complicates the notion of what constitutes a safe system. It also highlights that user perceptions and experiences play a central role in determining the effectiveness and acceptability of digital health tools. Therefore, any effort to develop secure systems must consider not only technical resilience but also the emotional and relational dimensions of care. Ignoring these elements risks undermining patient trust and engagement.
Towards Inclusive and Participatory Security Design
To reconcile care and security, digital health systems must shift from control-oriented compliance models to inclusive, participatory frameworks. This involves three interlinked steps. First, care practices should inform security innovation. Instead of discarding or punishing workarounds, designers can learn from them, recognising the practical competence they reflect. This mirrors broader shifts in patient safety approaches, such as the move from Safety-I, which views deviations as errors, to Safety-II, which sees them as adaptive responses to complex environments.
Second, end users should be recognised as contributors to secure systems rather than liabilities. The healthcare professionals in Sweden and the older adults in the SPHERE trial demonstrated valuable insights and behaviours that could enhance system resilience if formally acknowledged and supported. Their experiences underscore the need for security frameworks that are flexible, context-sensitive and informed by lived realities.
Third, participatory design should be adopted to integrate user perspectives throughout the development process. Unlike traditional usability testing, participatory methods engage users as experts in their own experience. This approach helps surface hidden conflicts between security protocols and care values and can lead to more effective, acceptable solutions. Though resource-intensive, such practices are essential in designing technologies that support both security and care without compromising either.
Digital health technologies operate at the intersection of technical infrastructure and human relationships. While securing these systems against cyber threats is vital, doing so at the expense of care values risks alienating the very people they are meant to serve. The experiences of clinicians and patients alike show that current security protocols often clash with the lived realities of healthcare. By recognising the contextual wisdom embedded in everyday care practices and involving users in the co-creation of security solutions, a more balanced and resilient digital health ecosystem can emerge. Ultimately, sustainable security in healthcare cannot be achieved without care.
Source: npj digital medicine
Image Credit: Vecteezy
