Abstract
Health information security breaches continue to be a pervasive problem in a variety of health care environments. Security breaches compromise the integrity of sensitive health information and serve as a barrier to health care provider, stakeholder, and patient trust in the full integration of transformative health informatics tools (e.g. shareable electronic health records) into the US health care system. While the logistics of security breaches are technological in nature, security breach awareness and prevention require exploring the complex web of the health care environment and understanding how the environment itself paves a path for potential security problems. In an effort to better understand the nature of data security breaches in health care environments, the authors propose an innovative application of the Consolidated Framework for Implementation Research (CFIR) to security breach analysis. The authors build on their previous research on electronic health records engagement, breach analysis, and audit procedures in various health care settings. For the purpose of demonstration, the current paper analyzes the most relevant breach occurrences based on volume of patient records from the Health and Human Services (HHS.GOV) breach dataset. Breach types were mapped to relevant CFIR constructs. The authors present the results of the CFIR mapping and discuss the potential uses of the CFIR constructs to support health information security practitioners in their efforts to improve the health data security environment.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Liu, V., Musen, M.A., Chou, T.: Data breaches of protected health information in the United States. JAMA 313(14), 1471–1473 (2015)
Wikina, S. B.: What caused the breach? An examination of use of information technology and health data breaches. Perspect. Health Inform. Manag. 11(Fall) (2014)
Agaku, I.T., Adisa, A.O., Ayo-Yusuf, O.A., Connolly, G.N.: Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. J. Am. Med. Inform. Assoc. 21(2), 374–378 (2013)
Consolidated framework for implementation research guide. http://www.cfir.org. Accessed 3 Mar 2019
Damschroder, L.J., Aron, D.C., Keith, R.E., Kirsh, S.R., Alexander, J.A., Lowery, J.C.: Fostering implementation of health services research findings into practice: a consolidated framework for advancing implementation science. Implement. Sci. 4(1), 50 (2009)
Acharya, S., Werts, N.: Toward the design of an engagement tool for effective electronic health record adoption. Perspect. Health Inform. Manag. 16(Winter), 1g (2019)
HITECH Enforcement Act. https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html. Accessed 3 Mar 2019
HITRUST CSF. https://hitrustalliance.net/hitrust-csf/. Accessed 3 Mar 2019
NIST. https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)Overview. Accessed 3 Mar 2019
Nieles, M., Dempsey, K., Pillitteri, V.: An Introduction to Information Security (No. NIST Special Publication (SP) 800-12 Rev. 1 (Draft), National Institute of Standards and Technology (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix 1
Appendix 1
Best Practice Life cycle for Security and Privacy Aware IT Operation.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Werts, N., Acharya, S. (2019). A Framework for Enhancing Health Information Data Security: Application of the Consolidated Framework for Implementation Research to Breach Analysis. In: Stephanidis, C. (eds) HCI International 2019 - Posters. HCII 2019. Communications in Computer and Information Science, vol 1032. Springer, Cham. https://doi.org/10.1007/978-3-030-23522-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-23522-2_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23521-5
Online ISBN: 978-3-030-23522-2
eBook Packages: Computer ScienceComputer Science (R0)