Nicole van Deursen
Monitoring information security risks within health care
van Deursen, Nicole; Buchanan, William J.; Duff, Alistair
Abstract
This paper presents an overview of possible risks to the security of health care data. These
risks were detected with a novel approach to information security. It is based on the
philosophy that information security risk monitoring should include human and societal
factors, and that collaboration between organisations and experts is essential to gain
knowledge about potential risks. The methodology uses a mixed methods approach
including a quantitative analysis of historical security incident data and expert elicitation
through a Delphi study. The result is an overview of the possible socio-technical risks that
a panel of experts expect to materialise in health care organisations in the near future.
These risks include (amongst others): staff leaving data assets unattended on the premises
and these assets consequently go missing, staff sharing passwords to access patient data
and staff sending email containing personal patient data to the wrong addressee thus
disclosing data to unauthorised persons. The expert panel recognized risks from current
discussion topics such as outsourcing, but these risks are still considered to appear less
frequently than the more traditional information security risks. Furthermore, the panel did
not estimate a high frequency of occurrence of socio-technical information security risks
caused by new technologies such as cloud computing or RFID.
Citation
van Deursen, N., Buchanan, W. J., & Duff, A. (2013). Monitoring information security risks within health care. Computers and Security, 37, 31-45. https://doi.org/10.1016/j.cose.2013.04.005
Journal Article Type | Article |
---|---|
Acceptance Date | Apr 14, 2013 |
Online Publication Date | Apr 29, 2013 |
Publication Date | 2013-09 |
Deposit Date | Dec 4, 2013 |
Journal | Computers and Security |
Print ISSN | 0167-4048 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 37 |
Pages | 31-45 |
DOI | https://doi.org/10.1016/j.cose.2013.04.005 |
Keywords | Delphi method; Health care; Information security; Patient privacy; Risk management; Sociotechnical information security; |
Public URL | http://researchrepository.napier.ac.uk/id/eprint/6534 |
Publisher URL | http://dx.doi.org/10.1016/j.cose.2013.04.005 |
You might also like
HI-risk: A method to analyse health information risk intelligence
(2016)
Conference Proceeding
Trust-by-Design: Evaluating Issues and Perceptions within Clinical Passporting
(2020)
Journal Article
Castells versus Bell: A comparison of two grand theorists of the information age
(2022)
Journal Article
Privacy Fundamentalism: An Essay on Social Responsibility
(2020)
Journal Article
Computopia Revisited: Yoneji Masuda’s Realistic Utopianism
(2020)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search