Safeguarding Confidentiality in Electronic Health Records

Shenoy, Akhil; Appel, Jacob M.

doi:10.1017/s0963180116000931

Cited by 41 publications

(46 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Ongoing publicity associated with large breaches may compromise patient trust which could result in less willingness to share data. This is particularly problematic for patients with stigmatising conditions such as sexual or mental health conditions [3].…”

Section: What Threats and Consequences Is Healthcare Currently Facing?mentioning

confidence: 99%

“…Interconnected technology outside of the clinical environment allow health professionals to monitor and adjust implanted devices without the need for a hospital visit or invasive procedures. EHRs can improve patient care by making health information more broadly available [3]. Unfortunately, interconnection introduces new cybersecurity vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

2018

View full text Add to dashboard Cite

Electronic healthcare technology is prevalent around the world and creates huge potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns relating to the security of healthcare data and devices. Increased connectivity to existing computer networks has exposed medical devices to new cybersecurity vulnerabilities. Healthcare is an attractive target for cybercrime for two fundamental reasons: it is a rich source of valuable data and its defences are weak. Cybersecurity breaches include stealing health information and ransomware attacks on hospitals, and could include attacks on implanted medical devices. Breaches can reduce patient trust, cripple health systems and threaten human life. Ultimately, cybersecurity is critical to patient safety, yet has historically been lax. New legislation and regulations are in place to facilitate change. This requires cybersecurity to become an integral part of patient safety. Changes are required to human behaviour, technology and processes as part of a holistic solution.

show abstract

Section: What Threats and Consequences Is Healthcare Currently Facing?mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

2018

View full text Add to dashboard Cite

show abstract

“…How health information is shared within systems has been a subject of study, particularly when patient charts include information about stigmatized conditions such as mental illness, substance abuse, or sexual health [ 26 ]. In addition, Caine and Hanania and Schwartz et al showed that patients want granular control over which health care stakeholders see what parts of their medical data [ 27 , 28 ].…”

Section: Introductionmentioning

confidence: 99%

Insights Into Older Adult Patient Concerns Around the Caregiver Proxy Portal Use: Qualitative Interview Study

Latulipe¹,

Quandt²,

Melius³

et al. 2018

J Med Internet Res

View full text Add to dashboard Cite

BackgroundElectronic patient portals have become common and offer many potential benefits for patients’ self-management of health care. These benefits could be especially important for older adult patients dealing with significant chronic illness, many of whom have caregivers, such as a spouse, adult child, or other family member or friend, who help with health care management. Patient portals commonly contain large amounts of personal information, including diagnoses, health histories, medications, specialist appointments, lab results, and billing and insurance information. Some health care systems provide proxy accounts for caregivers to access a portal on behalf of a patient. It is not well known how much and in what way caregivers are using patient portals on behalf of patients and whether patients see any information disclosure risks associated with such access.ObjectiveThe objective of this study was to examine how older adult patients perceive the benefits and risks of proxy patient portal access by their caregivers.MethodsWe conducted semistructured interviews with 10 older adult patients with chronic illness. We asked them about their relationship with their caregivers, their use of their patient portal, their caregiver’s use of the portal, and their perceptions about the benefits and risks of their caregiver’s use of the portals. We also asked them about their comfort level with caregivers having access to information about a hypothetical diagnosis of a stigmatized condition. Two investigators conducted a thematic analysis of the qualitative data.ResultsAll patients identified caregivers. Some had given caregivers access to their portals, in all cases by sharing log-in credentials, rather than by setting up an official proxy account. Patients generally saw benefits in their caregivers having access to the information and functions provided by the portal. Patients generally reported that they would be uncomfortable with caregivers learning of stigmatized conditions and also with caregivers (except spouses) accessing financial billing information.ConclusionsPatients share their electronic patient portal credentials with caregivers to receive the benefits of those caregivers having access to important medical information but are unaware of all the information those caregivers can access. Better portal design could alleviate these unwanted information disclosures.

show abstract

“…Trust in technology has been shown to increase the adoption of new technologies and has frequently been used in IS literature [63,64]. Such reliance and trust in technology is also seen in health care settings as medical professions constantly introduce or utilize programs that allow most convenient-as well as easy-access to patient records [65]. This is done to ensure that physicians can offer the best care for their patients.…”

Section: Principal Findingsmentioning

confidence: 99%

Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals

et al. 2019

View full text Add to dashboard Cite

Background: Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients. Objective: This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data. Methods: We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrating trust theories. We then conducted a survey in hospitals and used structural equation modeling to investigate the components of compliance intention. We matched employees' survey results with their actual clicking data from phishing campaigns. Results: Our analysis (N=397) reveals that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, are positively related to compliance intention. However, compliance intention is not significantly related to compliance behavior. Only the level of employees' workload is positively associated with the likelihood of employees clicking on a phishing link. Conclusions: This is one of the few studies in information security and decision making that observed compliance behavior by analyzing clicking data rather than using self-reported data. We show that, in the context of phishing emails, intention and compliance might not be as strongly linked as previously assumed; hence, hospitals must remain vigilant with vulnerabilities that cannot be easily managed. Importantly, given the significant association between workload and noncompliance behavior (ie, clicking on phishing links), hospitals should better manage employees' workload to increase information security. Our findings can help health care organizations augment employees' compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links.

show abstract

Safeguarding Confidentiality in Electronic Health Records

Cited by 41 publications

References 4 publications

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

Cybersecurity in healthcare: A narrative review of trends, threats and ways forward

Insights Into Older Adult Patient Concerns Around the Caregiver Proxy Portal Use: Qualitative Interview Study

Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals

Contact Info

Product

Resources

About