European Hospitals' Transition Toward Fully Electronic-Based Systems: Do Information Technology Security and Privacy Practices Follow?

data security electronic health records health information technology health services patient data privacy

Journal

JMIR medical informatics
ISSN: 2291-9694
Titre abrégé: JMIR Med Inform
Pays: Canada
ID NLM: 101645109

Informations de publication

Date de publication:
25 Mar 2019
Historique:
received: 02 06 2018
accepted: 29 12 2018
revised: 29 11 2018
entrez: 26 3 2019
pubmed: 26 3 2019
medline: 26 3 2019
Statut: epublish

Résumé

Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources. In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems. Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system. A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level. Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations.

Sections du résumé

BACKGROUND BACKGROUND
Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources.
OBJECTIVE OBJECTIVE
In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems.
METHODS METHODS
Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system.
RESULTS RESULTS
A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level.
CONCLUSIONS CONCLUSIONS
Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations.

Identifiants

DOI: 10.2196/11211 PMID: 30907732 PMC: PMC6452275
pubmed: 30907732
pii: v7i1e11211
doi: 10.2196/11211
pmc: PMC6452275
doi:

Types de publication

Journal Article

Langues

eng

Pagination

e11211

Informations de copyright

©Sylvestre Uwizeyemungu, Placide Poba-Nzaou, Michael Cantinotti. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 25.03.2019.

Références

Int J Med Inform. 2008 May;77(5):291-304
pubmed: 17951106
Perspect Health Inf Manag. 2006 Aug 14;3:5
pubmed: 18066363
J Med Syst. 2012 Oct;36(5):3019-27
pubmed: 21947856
Am J Manag Care. 2011 Dec;17(12 Spec No.):SP111-6
pubmed: 22216769
JAMA. 2012 Jun 27;307(24):2593-4
pubmed: 22735426
J Am Med Inform Assoc. 2013 Jan 1;20(1):44-51
pubmed: 22955497
J Am Med Inform Assoc. 2014 Jan-Feb;21(1):111-6
pubmed: 23721983
J Med Internet Res. 2013 Aug 21;15(8):e186
pubmed: 23965254
J Med Internet Res. 2013 Dec 16;15(12):e283
pubmed: 24342053
Ann Intern Med. 2014 Jan 7;160(1):48-54
pubmed: 24573664
J Am Med Inform Assoc. 2015 Apr;22(e1):e130-40
pubmed: 25059953
Biomed Instrum Technol. 2014 Sep-Oct;48(5):327-39
pubmed: 25244198
Am J Public Health. 2014 Dec;104(12):2265-70
pubmed: 25322301
JMIR Mhealth Uhealth. 2015 Jan 19;3(1):e8
pubmed: 25599627
J Am Med Inform Assoc. 2015 Jul;22(4):849-56
pubmed: 25882032
J Am Coll Cardiol. 2015 May 12;65(18):1973-5
pubmed: 25953749
BMC Med. 2015 Sep 07;13:214
pubmed: 26404673
J Med Internet Res. 2016 Apr 15;18(4):e66
pubmed: 27083521
Technol Health Care. 2017;25(1):1-10
pubmed: 27689562
J Med Internet Res. 2018 Feb 05;20(2):e41
pubmed: 29402759
Am J Manag Care. 2018 Feb;24(2):78-84
pubmed: 29461854
BMC Health Serv Res. 2018 Mar 21;18(1):192
pubmed: 29562898
J Med Internet Res. 2018 Apr 11;20(4):e107
pubmed: 29643052
J Med Internet Res. 2018 May 29;20(5):e185
pubmed: 29844010
Maturitas. 2018 Jul;113:48-52
pubmed: 29903648

Auteurs

Sylvestre Uwizeyemungu (S)

Accounting Department, Université du Québec à Trois-Rivières, Trois-Rivières, QC, Canada.
ORCID: 0000-0002-1532-8848

Placide Poba-Nzaou (P)

Department of Organization and Human Resources Management, École des Sciences de la Gestion, Université du Québec à Montréal, Montréal, QC, Canada.
ORCID: 0000-0002-7007-764X

Michael Cantinotti (M)

Psychology Department, Université du Québec à Trois-Rivières, Trois-Rivières, QC, Canada.
ORCID: 0000-0003-0521-2726

Classifications MeSH