Information Security Problems and Needs in Healthcare — A Case Study of Norway and Finland vs Sweden

  • Rose-Mharie Åhlfeldt
  • Eva Söderström


In healthcare, the right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is also common for patients to visit more than one healthcare provider, which implies the need for crossborder healthcare and a focus on the patient process. Countries work differently with these issues. This paper is focused on three Scandinavian countries, Norway, Sweden and Finland, and their information security problems and needs in healthcare. Data was collected via case studies, and the results were compared to show both similarities and differences between these countries. Similarities include the too wide availability of patient information, an obvious need for risk analysis, and a tendency to focus more on patient safety than on patient privacy. Patients being involved in their own care, and the approach of exchanging patient information are examples of differences.


Information security healthcare informatics patient safety patient privacy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Norden, (2005). Health and Social Sectors with an “e”. A study of the Nordic countries. TemaNord 2005:531. Nordic Council of Ministers, Copenhagen. ISBN 92-893-1157-6.Google Scholar
  2. [2]
    Computer Sweden, 2006. Computer Sweden/Dagens Medicin, IT i vården, 2006-11-22 (in Swedish).Google Scholar
  3. [3]
    Ministry of Health and Social Affairs, 2006. Nationell IT-strategi för vård-och omsorg. ISBN 91-631-8541-5 (in Swedish).Google Scholar
  4. [4]
    Åhlfeldt, R-M. and Söderström, E. 2007. Information Security Problems and Needs in a Distributed Healthcare Domain-A Case study. In Proceedings of The Twelfth International Symposium on Health Information Management Research (iSHIMR 2007), Sheffield, UK, July 18–20, 2007, pp 97–108. ISBN: 0 903522 40 3.Google Scholar
  5. [5]
    SIS, 2003. SIS Handbok 550. Terminologi för informationssäkerhet. SIS Förlag AB. Stockholm (in Swedish).Google Scholar
  6. [6]
    National Board of Health and Welfare, 2004. Patientsäkerhet vid elektronisk vårddokumentation. Rapport från verksamhetstillsyn 2003 i ett sjukvårdsdistrikt inom norra regionen. Artikelnr: 2004-109-11 (in Swedish).Google Scholar
  7. [7]
    Data Inspection Board, 2005. Ökad tillgänglighet till patientuppgifter. Rapport 2005:1 [on-line]. Available from: [Accessed 1 November 2005] (in Swedish).Google Scholar
  8. [8]
    CEN TC 251, prENV 13729, 1999 Health Informatics Secure User Identification-Strong Authentication using Microprocessor Cards (SEC-ID/CARDS), 1999.Google Scholar
  9. [9]
    Smith, E. and Eloff, J. H. P. 1999. Security in healthcare information systems-current trends. International Journal of Medical Informatics 54, pp. 39–54.CrossRefGoogle Scholar
  10. [10]
    Blobel, B. and Roger-France, F., 2001. A systematic approach for analysis and design of secure health information systems. International Journal of Medical Informatics 62, pp. 51–78.CrossRefGoogle Scholar
  11. [11]
    Poulymenopoulou, M., Malamateniou, F. and Vassilacopoulos, G., 2003 Specifying Workflow Process Requirements for an Emergency Medical Service. Journal of Medical Systems, 27(4), pp. 325–335.CrossRefGoogle Scholar
  12. [12]
    Louwerse, K., 1998. Availability of health data; requirements and solutions Chairpersons’ introduction. International of Medical Informatics, 49, pp. 9–11.CrossRefGoogle Scholar
  13. [13]
    Utbult, M., Holmgren, A., Larsson, R., and Lindwall, C. L., 2004. Patientdata-brist och överflöd i vården. Teldok rapport nr 154. Almqvist & Wiksell, Uppsala (in Swedish).Google Scholar
  14. [14]
    KITH, 2007, Web-page. Available from: [Accessed sep, 2007].Google Scholar
  15. [15]
    STAKES, 2007, Web-page. Available from: http;// [Accessed sep, 2007].Google Scholar
  16. [16]
    ISO/IEC 17799, 2000. Information Technology — Code of practice for information security management. Technical Report. International organization for standards, Geneva, Switzerland.Google Scholar
  17. [17]
    ITIL, 2008, Web-page. Available from: [Accessed Jan, 2008].Google Scholar

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  • Rose-Mharie Åhlfeldt
    • 1
  • Eva Söderström
    • 1
  1. 1.School of Humanities and InformaticsUniversity of SkövdeSkövdeSweden

Personalised recommendations