Traditionally, health information has been mainly kept in paper-based records before transitioning to the widespread use of information technologies over the last three decades as part of the drive towards improving healthcare delivery, known as ehealth or digital health. This paper (March 2019) highlights the increase of cybersecurity risks due to digitisation with a focus on Europe.
Abstract: While digital health brings significant improvements to healthcare, the use of IT also increases the risks of security and privacy breaches. Healthcare organisations leveraging information technology to improve healthcare delivery therefore need to put in place IT security and privacy measures consistent with their use of IT resources.
Objective: This study is revolved around two main objectives: (1) Assessing the state of the implementation of IT security and privacy practices in European hospitals and (2) Evaluating to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems.
Methods: Drawing on data from the European Commission electronic health survey, this study carried out a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. It also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system.
Results: A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitisation level.
Conclusions: Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitisation advances in European hospitals is neither systematic nor strong enough in terms of IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitisation of health care organisations.
PANACEA Research Perspectives: As part of Europe's H2020 programme, PANACEA is aimed at filling the gap in healthcare IT security through the development of a toolkit, covering, among other aspects, dynamic risk assessment and mitigation, security-by-design approaches, and secure information sharing, as well as tools to increase awareness and trigger best security practices across the entire healthcare organisation.
Keywords: data security; electronic health records; health information technology; health services; patient data privacy.
Lookout Watch entry date: 07/08/2019