Uwizeyemungu Sylvestre, Poba-Nzaou Placide, Cantinotti Michael
Accounting Department, Université du Québec à Trois-Rivières, Trois-Rivières, QC, Canada.
Department of Organization and Human Resources Management, École des Sciences de la Gestion, Université du Québec à Montréal, Montréal, QC, Canada.
JMIR Med Inform. 2019 Mar 25;7(1):e11211. doi: 10.2196/11211.
Traditionally, health information has been mainly kept in paper-based records. This has deeply changed throughout approximately the last three decades with the widespread use of multiple health information technologies. The digitization of health care systems contributes to improving health care delivery. However, it also exposes health records to security and privacy breaches inherently related to information technology (IT). Thus, health care organizations willing to leverage IT for improved health care delivery need to put in place IT security and privacy measures consistent with their use of IT resources.
In this study, 2 main objectives are pursued: (1) to assess the state of the implementation of IT security and privacy practices in European hospitals and (2) to assess to what extent these hospitals enhance their IT security and privacy practices as they move from paper-based systems toward fully electronic-based systems.
Drawing on data from the European Commission electronic health survey, we performed a cluster analysis based on IT security and privacy practices implemented in 1723 European hospitals. We also developed an IT security index, a compounded measure of implemented IT security and privacy practices, and compared it with the hospitals' level in their transition from a paper-based system toward a fully electronic-based system.
A total of 3 clearly distinct patterns of health IT-related security and privacy practices were unveiled. These patterns, as well as the IT security index, indicate that most of the sampled hospitals (70.2%) failed to implement basic security and privacy measures consistent with their digitization level.
Even though, on average, the most electronically advanced hospitals display a higher IT security index than hospitals where the paper system still dominates, surprisingly, it appears that the enhancement of IT security and privacy practices as the health information digitization advances in European hospitals is neither systematic nor strong enough regarding the IT-security requirements. This study will contribute to raising awareness among hospitals' managers as to the importance of enhancing their IT security and privacy measures so that they can keep up with the security threats inherently related to the digitization of health care organizations.
传统上,健康信息主要保存在纸质记录中。在过去大约三十年里,随着多种健康信息技术的广泛使用,这种情况发生了深刻变化。医疗保健系统的数字化有助于改善医疗服务的提供。然而,它也使健康记录面临与信息技术(IT)固有相关的安全和隐私泄露风险。因此,希望利用信息技术改善医疗服务的医疗机构需要制定与其IT资源使用相一致的IT安全和隐私措施。
本研究追求两个主要目标:(1)评估欧洲医院IT安全和隐私实践的实施状况;(2)评估这些医院在从纸质系统向完全电子化系统转变过程中,在多大程度上加强其IT安全和隐私实践。
利用欧盟委员会电子健康调查的数据,我们基于1723家欧洲医院实施的IT安全和隐私实践进行了聚类分析。我们还开发了一个IT安全指数,这是对已实施的IT安全和隐私实践的综合衡量,并将其与医院从纸质系统向完全电子化系统转变的水平进行比较。
共揭示了3种明显不同的与健康IT相关的安全和隐私实践模式。这些模式以及IT安全指数表明,大多数抽样医院(70.2%)未能实施与其数字化水平相一致的基本安全和隐私措施。
尽管平均而言,电子信息化程度最高的医院的IT安全指数高于纸质系统仍占主导的医院,但令人惊讶的是,随着欧洲医院健康信息数字化的推进,在IT安全要求方面,IT安全和隐私实践的增强既不系统也不够有力。本研究将有助于提高医院管理者对加强其IT安全和隐私措施重要性的认识,以便他们能够应对与医疗保健机构数字化固有相关的安全威胁。
