Objectives: Healthcare organizations that maintain and process Electronic Medical Records are at risk of cyber-attacks, which can lead to breaches of confidentiality, financial harm, and possible interference with medical care. State-of-the-art methods in cryptography have the potential to offer improved security of medical records; nonetheless, healthcare providers may be reluctant to adopt and implement them. The objectives of this study were to assess current data management and security procedures; to identify attitudes, knowledge, perceived norms, and self-efficacy regarding the adoption of advanced cryptographic techniques; and to offer guidelines that could help policy-makers and data security professionals work together to ensure that patient data are both secure and accessible. Methods: We conducted 12 in-depth semi-structured interviews with managers and individuals in key cybersecurity positions within Israeli healthcare organizations. The interviews assessed perceptions of the feasibility and benefits of adopting advanced cryptographic techniques for enhancing data security. Qualitative data analysis was performed using thematic network mapping. Results: Key data security personnel did not perceive advanced cybersecurity technologies to be a high priority for funding or adoption within their organizations. We identified three major barriers to the adoption of advanced cryptographic technologies for information security: barriers associated with regulators; barriers associated with healthcare providers; and barriers associated with the vendors that develop cybersecurity systems. Conclusions: We suggest guidelines that may enhance patient data security within the healthcare system and reduce the risk of future data breaches by facilitating cross-sectoral collaboration within the healthcare ecosystem.
Bibliographical noteFunding Information:
The authors would like to thank everyone who participated in the interviews, and all the organizations that hosted us. The study was fully supported by The Center for Cyber Law & Policy (CCLP) in conjunction with the Israel National Cy-ber Directorate and the University of Haifa.
© 2022 The Korean Society of Medical Informatics.
- Computer Security
- Data Protection
- Information Science
- Medical Records
ASJC Scopus subject areas
- Biomedical Engineering
- Health Informatics
- Health Information Management