Skip to main content

Advertisement

SpringerLink
Log in

Factors Associated with Information Breach in Healthcare Facilities: A Systematic Literature Review

  • Review
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

This systematic review aimed to identify the factors associated with information breaches in healthcare settings. We searched electronic databases, including PubMed, Embase, Scopus, and Wiley, for all publications until March 6, 2022 (no start date restriction) and outlined the eligibility criteria framework using Population, Concept, and Context (PCC). Our search strategies yielded 2,156 results, with nine studies included in the final review. We grouped the factors attributed to data breaches into four categories: organizational, information technology (IT), professionals/employees, and clients/patients. Hospital type, hospital size (more beds), higher operationalexpenses and revenue, higher admissions and discharges, and higher Electronic Medical Record (EMR) use, being at earlier phases of EMR adoption, were associated with higher information breaches. Professional factors such as the type of personnel involved and the hospital area can potentially impact the breaches' frequency and magnitude. Patients' sociodemographic, clinical, and behavioral characteristics, such as gender and educational attainment, appear to influence the perceived breach of confidentiality in healthcare settings. Identifying different factors contributing to health information breaches is crucial to protecting healthcare organizations and patients from the devastating consequences of data breaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Availability of supporting data

The data used and/or analyzed during the current study are available from the corresponding author upon reasonable request.

Abbreviations

DHHS:

Department of Health and Human Services

ED:

Emergency Department

EHR:

Electronic Health Record

EMR:

Electronic Medical Record

HIMSS:

Health Information and Management Systems Society

HIPAA:

Health Insurance Portability and Accountability Act

IT:

Information Technology

OCR:

Office of Civil Rights

PHI:

Protected Health Information

SLR:

Systematic Literature Review

References

  1. Chernyshev, M., S. Zeadally, and Z. Baig, Healthcare Data Breaches: Implications for Digital Forensic Readiness. J Med Syst, 2018. 43(1): 7. DOI: https://doi.org/10.1007/s10916-018-1123-2.

    Article  Google Scholar 

  2. Bansal, G., F.M. Zahedi, and D. Gefen, The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst, 2010. 49(2): 138–150. DOI: https://doi.org/10.1016/j.dss.2010.01.010.

    Article  Google Scholar 

  3. Seh, A.H., et al., Healthcare Data Breaches: Insights and Implications. Healthcare (Basel), 2020. 8(2): 133. DOI: https://doi.org/10.3390/healthcare8020133.

    Article  Google Scholar 

  4. Gupta, M. and R. Sharman, Determinants of Data Breaches: A Categorization-Based Empirical Investigation. J Appl Secur Res, 2012. 7(3): 375–395. DOI: https://doi.org/10.1080/19361610.2012.686098.

    Article  Google Scholar 

  5. K Pool, J., et al. Causes and impacts of personal health information (PHI) breaches: a scoping review and thematic analysis. in Twenty-Third Pacific Asia Conference on Information Systems, China July. 2019.

  6. Cresswell, K.M. and A. Sheikh, Health information technology in hospitals: current issues and future trends. Future Hosp J, 2015. 2(1): 50–56. DOI: https://doi.org/10.7861/futurehosp.2-1-50.

    Article  Google Scholar 

  7. U.S. Department of Health & Human Services. The HIPAA Privacy Rule. 2021 [cited 2022; Available from: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html.

  8. Dolezel, D. and A. McLeod, Managing Security Risk: Modeling the Root Causes of Data Breaches. Health Care Manag (Frederick), 2019. 38(4): 322–330. DOI: https://doi.org/10.1097/hcm.0000000000000282.

    Article  Google Scholar 

  9. Shapiro, R., Breaking the code: is a promise always a promise. Ward Ethics: Dilemmas for Medical Students and Doctors in Training. J R Soc Med, 2001. 94(10): 545–546.

    Article  Google Scholar 

  10. Choi, S.J. and M.E. Johnson, Understanding the relationship between data breaches and hospital advertising expenditures. Am J Manag Care, 2019. 25(1): e14-e20.

    Google Scholar 

  11. Kamoun, F. and M. Nicho, Human and organizational factors of healthcare data breaches: The swiss cheese model of data breach causation and prevention. Int J Healthc Inf Syst Inform, 2014. 9(1): 42–60.

    Article  Google Scholar 

  12. Lee, I., An analysis of data breaches in the U.S. healthcare industry: diversity, trends, and risk profiling. Inf Secur J, 2021. 31:3, 346–358. DOI: https://doi.org/10.1080/19393555.2021.2017522.

    Article  Google Scholar 

  13. Phua, C., Protecting organisations from personal data breaches. Comput Fraud Secur, 2009. 2009(1): 13–18. DOI: https://doi.org/10.1016/S1361-3723(09)70011-9.

  14. Blanke, S.J. and E. McGrady, When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist. J Healthc Risk Manag, 2016. 36(1): 14–24. DOI: https://doi.org/10.1002/jhrm.21230.

    Article  Google Scholar 

  15. Wikina, S.B., What caused the breach? An examination of use of information technology and health data breaches. Perspect Health Inf Manag, 2014. 11(Fall): 1 h-1 h.

    Google Scholar 

  16. Sarah Coble. Report Reveals Worst State for Healthcare Data Breaches in 2019. 2020 [cited 2022; Available from: https://www.infosecurity-magazine.com/news/report-healthcare-data-breaches-in/.

  17. Dolezel, D. and A. McLeod, Cyber-Analytics: Identifying Discriminants of Data Breaches. Perspect Health Inf Manag, 2019. 16(Summer): 1a-1a.

    Google Scholar 

  18. Hwang, H.-G. and Y. Lin, Evaluating people’s concern about their health information privacy based on power-responsibility equilibrium model: A case of Taiwan. J Med Syst, 2020. 44(6): 112. DOI: https://doi.org/10.1007/s10916-020-01579-6.

    Article  Google Scholar 

  19. Luna, R., et al., Cyber threats to health information systems: A systematic review. Technol Health Care, 2016. 24(1): 1–9. DOI: https://doi.org/10.3233/thc-151102.

    Article  Google Scholar 

  20. Kruse, C.S., et al., Cybersecurity in healthcare: A systematic review of modern threats and trends. Technol Health Care, 2017. 25(1): 1–10. DOI: https://doi.org/10.3233/thc-161263.

    Article  Google Scholar 

  21. Page, M.J., et al., Updating guidance for reporting systematic reviews: development of the PRISMA 2020 statement. J Clin Epidemiol, 2021. 134: 103–112. DOI: https://doi.org/10.1016/j.jclinepi.2021.02.003.

    Article  Google Scholar 

  22. Beltran-Aroca, C.M., et al., Confidentiality breaches in clinical practice: what happens in hospitals? BMC Med Ethics, 2016. 17(1): 52. DOI: https://doi.org/10.1186/s12910-016-0136-y.

    Article  Google Scholar 

  23. Gabriel, M.H., et al., Data breach locations, types, and associated characteristics among US hospitals. Am J Manag Care, 2018. 24(2): 78–84.

    Google Scholar 

  24. McLeod, A. and D. Dolezel, Cyber-analytics: Modeling factors associated with healthcare data breaches. Decis Support Sys, 2018. 108: 57–68. DOI: https://doi.org/10.1016/j.dss.2018.02.007.

    Article  Google Scholar 

  25. Angst, C.M., et al., When do it security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly: Manag Inf Syst, 2017. 41(3): 893–916. DOI: https://doi.org/10.25300/misq/2017/41.3.10.

    Article  Google Scholar 

  26. Bayisa, L., et al., Are the Things Told to Care Providers Kept Confidential?: Perceived Breaches of Confidentiality and Associated Factors Among HIV/AIDS Clients on ART at Nekemte Specialized Hospital, Western Ethiopia, 2021. HIV AIDS (Auckl), 2022. 14: 1–12. DOI: https://doi.org/10.2147/HIV.S350091.

  27. Choi, S.J. and M.E. Johnson, The relationship between cybersecurity ratings and the risk of hospital data breaches. J Am Med Inform Assoc, 2021. 28(10): 2085–2092. DOI: https://doi.org/10.1093/jamia/ocab142/2 PMC8449620%M 34338786.

    Article  Google Scholar 

  28. Choi, S.J., M.E. Johnson, and J. Lee, An event study of data breaches and hospital IT spending. Health Policy Technol, 2020. 9(3): 372–378. DOI: https://doi.org/10.1016/j.hlpt.2020.04.008.

    Article  CAS  Google Scholar 

  29. Heath, M., T.H. Porter, and G. Silvera, Hospital characteristics associated with HIPAA breaches. Int J Healthc Manag, 2021: 1–10. DOI: https://doi.org/10.1080/20479700.2020.1870349.

  30. Kwon, J. and M.E. Johnson, Proactive Versus Reactive Security Investments in the Healthcare Sector. MIS Q, 2014. 38(2): 451-A3.

    Article  Google Scholar 

Download references

Acknowledgements

Not applicable.

Funding

No funding for this study.

Author information

Authors and Affiliations

  1. Department of Health Administration and Public Health, John G. Rangos School of Health Sciences, Duquesne University, 600 Forbes Avenue Pittsburgh, 15282, Pittsburgh, PA, USA

    Ahmad Khanijahani, Sarah Agoglia, Spencer Barber, Courtney Cox & Natalie Olivo

  2. Hospital Management Research Center, Health Management Research Institute, Iran University of Medical Sciences, Tehran, Iran

    Shabnam Iezadi

Authors
  1. Ahmad Khanijahani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shabnam Iezadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sarah Agoglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Spencer Barber
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Courtney Cox
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Natalie Olivo
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the research process in various forms, including original draft preparation, writing, review, and editing. AK conceptualized and designed the study, performed the database search, and outlined and critically revised the manuscript. SI performed quality appraisal, led the data extraction, and outlined the findings. SA, SB, CC, and NO identified the relevant studies and performed the data extraction.

Corresponding author

Correspondence to Ahmad Khanijahani.

Ethics declarations

Ethical Approval and Consent to participate

Not applicable.

Human Ethics

Not applicable.

Consent for publication

Not applicable.

Competing Interests

The authors declare no potential competing interests.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Electronic Supplementary Material

Below is the link to the electronic supplementary material.

Supplementary Material 1

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khanijahani, A., Iezadi, S., Agoglia, S. et al. Factors Associated with Information Breach in Healthcare Facilities: A Systematic Literature Review. J Med Syst 46, 90 (2022). https://doi.org/10.1007/s10916-022-01877-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-022-01877-1

Keywords

Search

Navigation