Patients' privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in security but they are, many times, part of the solution when they are involved in systems' design. In the healthcare domain, the focus is to treat patients (many times with scarce technological, time and human resources) and not to secure their information. Therefore, security must not

more »

... with this process but be present, nevertheless. Security usability issues must also be met with interdisciplinary knowledge from human-computer-interaction, social sciences and psychology. The main goal of this paper is to raise security and usability awareness with the analysis of users' interaction logs of a BreakTheGlass (BTG) feature. This feature is used to restrict access to patient reports to a group of healthcare professionals within an EHR but also permit access control override in emergency and/or unexpected situations. The analysis of BTG user interaction logs allows, in a short time span and transparently to the user, revealing security and usability problems. This log analysis permits a better choice of methodologies to further apply in the investigation and resolution of the encountered problems. 1999), (Sasse, 2003) . According to healthcare legislation, both the North American Health Insurance Portability and Accountability Act (HIPAA) (Break Glass, 2012) and the United Kingdom National Health Service (NHS) documentation (NHS, 2012) specify the need for Break-The-Glass (BTG) or overriding situations (break the seal) as described in (Break Glass, 2004) . BTG is required when static access controls are insufficient and there is the need to override those controls in emergency and/or unexpected situations. BTG permits the use of a more flexible and dynamic access control policy, which can be adapted to the users' needs at the point of care.