Security and Privacy Practices in Healthcare Information Systems: A Cluster Analysis of European Hospitals

Sylvestre Uwizeyemungu, Placide Poba-Nzaou

Abstract

In the past years, increasing efforts have been made toward the implementation of healthcare information technology with the aim of improving patient care and safety, while lowering healthcare systems’ costs. However, the transition from a paper-dominant system toward a fully electronically-based system brings with it major challenges in healthcare systems. It particularly exposes healthcare providers and users to more security and privacy risks which come with the digitization of health records. Drawing on data from 1723 European hospitals, we identified, through a cluster analysis, four distinct patterns of health information technology-related security and privacy practices. We found that most European hospitals fail to implement basic security measures consistent with the use of health information technology (HIT). This study contributes to raise awareness on HIT-related security and privacy issues that can negatively affect healthcare users’ trust and impede the effective delivery of healthcare services. An appropriate response to the HIT-related security and privacy concerns will increase the acceptability of the digitization of healthcare services.

References

  1. Absolute Software Corporation. (2015). The Cost of a Data Breach: Healthcare Settlements Involving Lost or Stolen Devices. Austin, Texas: Absolute Software Corporation.
  2. Adler-Milstein, J., Ronchi, E., Cohen, G. R., Winn, L. A. P., & Jha, A. K. (2014). Benchmarking Health IT among OECD Countries: Better Data for Better Policy. Journal of the American Medical Informatics Association, 21(1), 111-116.
  3. Agrawal, R., Grandison, T., Johnson, C., & Kiernan, J. (2007). Enabling the 21st Century Health Care Information Technology Revolution. Communications of the ACM, 50(2), 34-42. doi: http://dx.doi.org/10.1145/1216016.1216018
  4. Bahtiyar, S., & Çaglayan, M. U. (2014). Trust Assessment of Security for e-Health Systems. Electronic Commerce Research and Applications, 13(3), 164-177. doi: http://dx.doi.org/10.1016/j.elerap.2013.10.00
  5. Dehling, T., & Sunyaev, A. (2014). Secure Provision of Patient-Centered Health Information Technology Services in Public Networks - Leveraging Security and Privacy Features Provided by the German Nationwide Health Information Technology Infrastructure. Electronic Markets, 24(2), 89-99. doi: http://dx.doi.org/10.1007/s12525-013-0150-6
  6. Demurjian, S., Algarín, A., Bi, J., Berhe, S., Agresta, T., Wang, X., & Blechner, M. (2014). A Viewpoint of Security for Digital Health Care in the United States: What's There? What Works? What's Needed? International Journal of Privacy and Health Information Management, 2(1), 1-21.
  7. European Commission. (2014). European Hospital Survey: Benchmarking Deployment of eHealth Services (2012- 2013): JRC Scientific and Policy Reports.
  8. Fetter, M. S. (2009). The Electronic Health Record. Issues in Mental Health Nursing, 30(5), 345-347.
  9. Häyrinen, K., Saranto, K., & Nykänen, P. (2008). Definition, Structure, Content, Use and Impacts of Electronic Health Records: A Review of the Research Literature. International Journal of Medical Informatics, 77(5), 291-304.
  10. HIMSS. (2015). 2015 HIMSS Cybersecurity Survey. Chicago, IL: HIMSS.
  11. ISMG. (2014). Healthcare Information Security Today. 2014 Survey Analysis: Update on HIPAA Omnibus Compliance, Protecting Patient Data (pp. 38). Retrieved from http://6dbf9d0f8046b8d5551a-7164 cafcaac68bfd3318486ab257f999.r57.cf1.rackcdn.com/ 2014-healthcare-information-security-today-surveypdf-5-h-53.pdf
  12. Jung, Y., Park, H., Du, D.-Z., & Drake, B. L. (2003). A Decision Criterion for the Optimal Number of Clusters in Hierarchical Clustering. Journal of Global Optimization, 25(1), 91-111.
  13. Ketchen, D. J., & Shook, C. (1996). The Application of Cluster Analysis in Strategic Management Research: An Analysis and Critique. Strategic Management Journal, 17(6), 441-458.
  14. Kwon, J., & Johnson, M. E. (2013). Security Practices and Regulatory Compliance in the Healthcare Industry. Journal of the American Medical Informatics Association, 20(1), 44-51.
  15. Mackintosh, I. P., & Norris, D. E. (1985). Expanding Role of Information Technology in UK Hospitals. Information Age, 7(3), 133-138.
  16. Poba-Nzaou, P., Uwizeyemungu, S., Raymond, L., & Paré, G. (2014). Motivations Underlying the Adoption of ERP Systems in Healthcare Organizations: Insights from Online Stories. Information Systems Frontiers, 16(4), 591-605.
  17. Tejero, A., & de la Torre, I. (2012). Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective. Journal of Medical Systems, 36(5), 3019-3027. doi: 10.1007/s10916-011-9779-x
  18. Vogel, J., Brown, J. S., Land, T., Platt, R., & Klompas, M. (2014). MDPHnet: Secure, Distributed Sharing of Electronic Health Record Data for Public Health Surveillance, Evaluation, and Planning. American Journal of Public Health, 104(12), 2265-2270.
  19. von Solms, S. H. (2005). Information Security Governance: Compliance Management vs Operational Management. Computers & Security, 24(6), 443-447.
  20. Williams, F. G., Netting, F. E., & Engstrom, K. M. (1991). Implementing Computer Information Systems for Hospital-Based Case Management. Hospital & Health Services Administration, 36(4), 559-570.
Download


Paper Citation


in Harvard Style

Uwizeyemungu S. and Poba-Nzaou P. (2016). Security and Privacy Practices in Healthcare Information Systems: A Cluster Analysis of European Hospitals . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 37-45. DOI: 10.5220/0005654800370045


in Bibtex Style

@conference{icissp16,
author={Sylvestre Uwizeyemungu and Placide Poba-Nzaou},
title={Security and Privacy Practices in Healthcare Information Systems: A Cluster Analysis of European Hospitals},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={37-45},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005654800370045},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Security and Privacy Practices in Healthcare Information Systems: A Cluster Analysis of European Hospitals
SN - 978-989-758-167-0
AU - Uwizeyemungu S.
AU - Poba-Nzaou P.
PY - 2016
SP - 37
EP - 45
DO - 10.5220/0005654800370045