Journal of Industrial Engineering and Management Studies

Human error in data breaches of Electronic Health Records (EHR): Systematic literature review

Document Type : Original Article

Authors

Wilmer Alvarado 1
Konstantinos Triantis 2

1 Grado Department of Industrial and Systems Engineering, Virginia Polytechnic Institute and State University, Falls Church, VA USA

2 Grado Department of Industrial and Systems Engineering, Virginia Polytechnic Institute and State University, Falls Church, VA, USA.

https://doi.org/10.22116/jiems.2024.418211.1533
Abstract
Human errors are a growing threat to EHR technology adoption and information sharing. Healthcare data breaches and criminal attacks continue to increase in volume and complexity. To achieve the full benefits of EHR technology, the industry must place the protection of health information as its highest priority. This paper presents the results of a systematic literature review of socio-technical system (STS) factors that influence human error in EHR data breaches. We present a conceptual framework of the STS factors that are hypothesized to reduce human error data breaches in the healthcare sector. The existing literature highlights a research gap in terms of understanding and modeling of human-computer interactions and the consideration of STS factors when developing solutions, signifying a need for further research in this domain. Hence, we recommend future research into the formulation and implementation of a STS approach to mitigate human error in information security, aiming to enhance the resilience of EHR and make them less attractive to cybercriminals.

Keywords

Healthcare-Data Breaches
Electronic Health Records
Cybersecurity-Human Error
Risk-Methods
Socio-Technical Systems
Ahola, M., (2020). The Role of Human Error in Successful Cyber Security Breaches. Newspaper-Usecure Blog.
Ajami, S., Arab-Chadegani, R., (2013). Barriers to Implement Electronic Health Records (EHR). Avicena Publisher.
Armitage, A., Keeble-Ramsay, D., (2009). The Rapid Structured Literature Review as a Research Strategy. US-China Education Review.
Basset, G., Hylender, C.D., Langlois, P., Pinto, A., Widup, S., (2021). Data breach Investigation Report. Verizon Corporation.
Beitollahi, H., Deconinck, G., (2012). A Four-Step Technique for Tackling Distributed Denial of Service Attacks. Scopus Elsevier.
Bowman, S., (2013). Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications. AHIMA.
Bump, J.B., Fan, V.Y., Lanthron, H.E., Yavuz, E.N., (2012). In The Global Fund’s Court: Experimentation, Evaluation, and The Affordable Medicine Family. The Lancet.
Callahan, M.E., (2013). Cybersecurity and Hospitals. American Hospital Association.
Carayon, P., (2006). Human Factors of Complex Socio-Technical Systems. Scopus Elsevier.
Charitoudi, K., Blyth, A., (2013). A Socio-Technical Approach to Cyber Risk Management and Impact Assessment. Scientific Research.
Chena, W., Lia, J., Zhang, J., (2011). An Approach to Service Adaptation for Exploratory Application Construction. Scopus Elsevier.
Crema, M., Verbano, C., (2013). Guidelines for Overcoming Hospital Managerial Challenges: A Systematic Literature Review. Dove Press.
Davis, D.R., Kurti, A.N., Skelly, J.M., Redner, R., White, T.J., Higgins, S.T., (2014). A Review of the Literature on Contingency Management in the Treatment of Substance Use Disorders, 2009-2014. Europe PubMed Central (PMC).
Di Nella, A., Mansourian, A., (2021). The Human Error in Cybersecurity. NMS Consulting.
Evans, M., He, Y., Luo, C., Yevseyeva, I., Janicke, H., Maglaras, L., (2019). Employee Perspective on Information Security Related Human Error In Healthcare: Proactive Use Of IS-CHEC In Questionnaire Form. Research Gate.
Franke, U., Brynielsson, J., (2014). Cyber Situational Awareness: A Systematic Review of the Literature. Scopus Elsevier.
Garrity, M., (2019). 5% of Hospital IT Budgets Go to Cybersecurity Despite 82% of Hospitals Reporting Breaches. Global Research.
Gesulgaa, J.M., Berjameb, A., Moquialac, K.S., Galidod, A., (2018). Barriers to Electronic Health Record System Implementation and Information Systems Resources: A Structured Review. Scopus Elsevier.
Health Informatics & Health Information Management, (2020). Cybersecurity: How Can It Be Improved in Health Care? University of Illinois, Chicago.
Health Insurance Portability and Accountability Act (HIPAA), (2021). Guide to Privacy and Security of Health Information. Department of Health and Human Services- Health IT.Gov.
Health Insurance Portability and Accountability Act (HIPAA), (2022). Healthcare Data Breach Statistics. Department of Health and Human Services.
Hofmey, S.A., (1999). An Immunological Model of Distributed Detection and Its Application to Computer Security. University Research- University of the Witwatersrand.
Hung, P.C.K., (2010). Towards a Privacy Access Control Model for e-Healthcare Services. University of Ontario Institute of Technology (UOIT).
Information Technology Laboratory, NIST, (2015). Measuring Strength of Identity Proofing. National Institute of Standandards and Technology (NIST).
Isaac, J.T., Zeadally, S., (2011). An Anonymous Secure Payment Protocol in a Payment Gateway Centric Model. Scopus Elsevier.
Jalali, M.S., Kaiser, J.P., (2018). Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Render Internet Publishing.
Katharakisa, G., Katharakib, M., Katostaras, T., (2013). SFA vs. DEA for Measuring Healthcare Efficiency: A Systematic Review. University Research-International Journal of Statistics and Medical Research.
Keathley-Herring, H., Van Aken, E., Gonzalez-Aleu, F., Deschamps, F., Letens, G., Cardenas Orlandini, P., (2016). Assessing the Maturity of a Research Area: Bibliometric Review and Proposed Framework. Springer.
Khan, F., Kim, J.H., Mathiassen, L., Moore, R., (2019). Data Breach Management: An Integrated Risk Model. Scopus Elsevier.
Khan, N.A., Brohi, S.N., Zaman, N., (2020). Ten Deadly Cyber Security Threats Amid COVID-19 Pandemic. IEEE Computer Society.
Liginlal, D., Sim, I., Khansa, L., (2008). How Significant is Human Error as a Cause of Privacy Breaches? An Empirical Study and a Framework for Error Management. Scopus Elsevier.
Maalem Lahcen, R.A., Caulkins, B., Mohapatra, R., Kumar, M., (2020). Review and Insight on the Behavioral Aspects of Cybersecurity. Open Access.
Malatji, M., Von Solms, S., Marnewick, A., (2019). Socio-Technical Systems Cybersecurity Framework. Emerald Publishing Limited.
Meeks, D.W., Smith, M.W., Taylor, L., Sittig, D.F., Scott, J.M., Singh, H., (2014). An Analysis Of Electronic Health Records Related Patient Safety Concerns. Open Access Publishing.
Megas, K., Lam, P., Nadeau, E., (2015). NSTIC Pilots: Catalyzing the Identity Ecosystem. National Institute of Standards Technology (NIST).
Menear, M., Doré, I., Cloutier, A.M., Perrier, L., Roberge, P., Duhoux, A., Houle, J., Fournier, L., (2014). The Influence of Comorbid Chronic Physical Conditions on Depression Recognition in Primary Care: A Systematic Review. Scopus Elsevier.
Miller, R.H., Sim, I., (2004). Physicians’ Use of Electronic Medical Records: Barriers and Solutions. Scopus Elsevier. Project Hope.
Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., (2009). Preferred Reporting Items for Systematic Reviews and Meta-Analyses: The PRISMA Statement. Annals of Internal Medicine.
Morgan, S., (2021). The 2020-2021 Healthcare Cybersecurity Report. HERJAVEC Group.
Nifakos, S., Chandramouli, K., Nikolaou, C.K., Papachristou, P., Koch, S., Panaousis, E., Bonacina, S., (2021). Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. Multidisciplinary Digital Publishing Institute (MDPI).
Ouksel, A., Lundquist, D., (2012). A Context-Aware Cross-Layer Broadcast Model for Ad-Hoc Networks. Scopus Elsevier.
Palabindala, V., Pamarthy, A., Jonnalagadda, N.R., (2016). Adoption Of Electronic Health Records And Barriers. Taylor & Francis Group.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T., (2017). The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies. Scopus Elsevier.
Perneger, T.V., (2005). The Swiss Cheese Model of Safety Incidents: Are There Holes in The Metaphor?. BMC Health Research.
Pfleeger, S.L., Caputo, D., (2012). Leveraging Behavioral Science to Mitigate Cyber Security Risk. Research Gate.
Ponemon Institute, (2022). Cost of a Data Breach Report. International Business Machines (IBM).
Quinn, R.E., (2012). Deep Change Field Guide. Jossey-Bass, John Wiley & Sons, Inc.
Qureshi, Z.H., (2008). A Review of Accident Modelling Approaches for Complex Critical Socio-Technical Systems. Defense Science and Technology Organization.
Rose, S., Borchert, O., Mitchell, S., Connelly, S., (2020). Zero Trust Architecture. National Institute of Standards Technology (NIST).
Rouached, M., Sallay, H., (2011). An Efficient Formal Framework for Intrusion Detection Systems. Scopus Elsevier.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T., (2015). Information Security Conscious Care Behaviour Formation in Organizations. Scopus Elsevier.
Sardi, A., Rizzi, A., Sorano, E., Guerrieri, A., (2020). Cyber Risk in Health Facilities: A Systematic Literature Review. Multidisciplinary Digital Publishing Institute (MDPI).
Schoen, C., Davis, K., How, S.K.H., Schoenbaum, S.C., (2006). USA Health System Performance: A National Scorecard. Project HOPE–The People-to-People Health Foundation.
Sector Coordinating Councils, (2017). Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. Department of Health and Human Services.
Seh, H.A., Zarour, M., Alenesi, M., Sarkar, A.K., Agrawal, A., Kumar, R., Ahmad Khan, R., (2020). Healthcare Data Breaches: Insights and Implications. Multidisciplinary Digital Publishing Institute (MDPI).
Smet, M., (1982). Cost Characteristics of Hospitals. Social Science & Medicine. Europe PubMed Central (PMC).
Snyder, H., (2019). Literature Review as a Research Methodology: An Overview and Guidelines. Scopus Elsevier.
The White House, (2021). Improving the Nation's Cybersecurity. Executive Order 14028.
Torraco, R.J., (2005). Writing Integrative Literature Reviews: Guidelines and Examples. SAGE Journals.
Torres-Tomas, J., Spolaˆora, N., Alvares-Chermana, E., Mona, M.C., (2014). A Framework to Generate Synthetic Multi-Label Datasets. Scopus Elsevier.
Tranfield, D., Denyer, D., Smart, P., (2003). Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. University Research-British Journal of Management.
Trist, E., Bamforth, K., (1951). Some Social and Psychological Consequences of the Longwall Method of Coal Getting. Human Relations.
Vargheese, R., Prabhudesai, P., (2014). Securing B2B Pervasive Information Sharing Between Healthcare Providers: Enabling the Foundation for Evidence Based Medicine. Scopus Elsevier.
Warkentin, M., Willison, R., (2009). Behavioral and Policy Issues in Information Systems Security: The Insider Threat. European Journal of Information Systems.
Warkentin, M., Willison, R., (2013). Beyond Deterrence: An Expanded View of Employee Computer Abuse. Journal Storage (JSTOR).
Whitworth, B., (2009). The Social Requirements of Technical Systems. University Research- IGI Global.
Williams, P.A.H., Woodward, A.J., (2020). Cybersecurity Vulnerabilities In Medical Devices: A Complex Environment And Multifaceted Problem. Publication Medication Central (PMC).
Wong, G., Greenhalgh, T., Westhorp, G., Buckingham, J., Pawson, R., (2013). RAMESES Publication Standards: Meta-Narrative Reviews. Open Access.
Workgroup for Electronic Data Interchange, (2017). The Rampant Growth of Cybercrime in Healthcare. FORTINET.
Yan, Z., Robertson, T., Yan, R., Park, S.Y., Bordoff, S., Chen, Q., Sprissler, E., (2018). Finding the Weakest Links in the Weakest Link: How Well Do Undergraduate Students Make Cybersecurity Judgment? Scopus Elsevier.
Yasnoff, W.A., (2016). A Secure and Efficiently Searchable Health Information Architecture. Scopus Elsevier. Scopus Elsevier.
Zimmermann, V., Renaud, K., (2019). Moving from a ‘Human-as-Problem” to a ‘Human-as-Solution” Cybersecurity Mindsetj. Scopus Elsevier.
Journal of Industrial Engineering and Management Studies
Volume 11, Issue 1
July 2024
Pages 19-40

Home

Guide for Authors

Publication Ethics

Submit Manuscript

Reviewers

Contact Us