Information security and privacy in the healthcare sector is an issue of growing importance but much remains to be done to address the various issues raised by healthcare consumers regarding privacy and security and the providers' perspective of regulatory compliance.
Writing in the International Journal of Internet and Enterprise Management, Ajit Appari and Eric Johnson of Dartmouth College, Hanover, New Hampshire, USA, explain that the adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. Without it patient privacy could be seriously compromised at great cost to individuals and to the standing of the healthcare industry.
Anecdotal evidences from recent years suggest that a lack of adequate security measures has resulted in numerous data breaches, leaving patients exposed to economic threats, mental anguish and possible social stigma, the team explains. They also highlight a recent US survey that suggests that three-quarters of patients are concerned about health websites sharing information without their permission. This patient perception may have been fuelled by the fact that medical data disclosures are the second highest reported data security breach.
Appari and Johnson have critically surveyed the research literature in the area of information security and privacy in healthcare as well as information from related disciplines including health informatics, public health, law, medicine, the trade press and industry reports and have determined that many issues remain to be addressed. They provide a holistic view that could allow improvements to be made.
"Healthcare information systems are largely viewed as the single most important factor in improving US healthcare quality and reducing related costs," the researchers say. "According to a recent RAND study, the USA could potentially save $81 billion each year by switching to a universal Electronic Health Record (EHR) system." Government initiatives have pushed for wide-scale adoption of universal EHR by 2014 but information technology spending in the healthcare sector is lagging behind many other industries leaving holes in security that must be plugged.
"We believe that the increasing importance of information security and the need for managerial insights to these problems offer an exceptional opportunity for debate and cross fertilization within the IS research community. Certainly, there is a substantial need for new ideas that could guide practitioners through this time of change within the industry," the researchers conclude.
"Information security and privacy in healthcare: current state of research" in Int. J. Internet and Enterprise Management, 2010, 6, 279-314