Health Information Exchange and Related IT-security Practices in European Hospitals

Sylvestre Uwizeyemungu, Placide Poba-Nzaou


Alongside other health information technologies (HIT), several projects aimed at implementing electronic health information exchange (HIE) have been initiated in European countries, with the hope of improving the coordination, safety, and efficiency in healthcare systems. However, the electronic exchange exposes health data to information technology (IT)-related vulnerabilities and threats, raising concerns among patients, health care providers, and policy-makers. Drawing on data from a sample of 1123 European hospitals, we conducted a cluster analysis to determine to what extent hospitals do live up to the IT security and privacy challenges of electronic HIE. We produced two sets of clusters, one related to HIE usage and another related to the implementation of IT-security practices. Through a cross-comparison, we proceeded to a match/mis-match analysis. The results of this study depict a mixed situation: even though most of surveyed hospitals (79.2%) have implemented IT-security practices consistent with their HIE usage levels, hospitals that have failed to do so (20.8%) pose a threat to the entire healthcare system which is becoming more and more interconnected.


  1. Absolute Software Corporation, 2015. The Cost of a Data Breach: Healthcare Settlements Involving Lost or Stolen Devices. Austin, Texas: Absolute Software Corporation.
  2. Ancker, J. S., Edwards, A. M., Miller, M. C., & Kaushal, R., 2012. Consumer perceptions of electronic health information exchange. American Journal of Preventive Medicine, 43(1), 76-80.
  3. Bahtiyar, S., & Çaglayan, M. U., 2014. Trust Assessment of Security for e-Health Systems. Electronic Commerce Research and Applications, 13(3), 164-177.
  4. Berwick, D.M., Nolan, T. W., & Whittington, J., 2008. The Triple Aim: Care, health, and cost. Health Affairs, 27(3), 759-769.
  5. Bitton, A., Flier, L. A., & Jha, A. K., 2012. Health information technology in the era of care delivery reform: To what end? The Journal of the American Medical Association, 307(24), 2593-2594.
  6. Cochran, G. L., Lander, L., Morien, M., Lomelin, D. E., Sayles, H., & Klepser, D. G., 2015. Health care provider perceptions of a query-based health information exchange: barriers and benefits. Journal of Innovation in Health Informatics, 22(2), 302-308.
  7. Dehling, T., & Sunyaev, A., 2014. Secure provision of patient-centered health information technology services in public networks--leveraging security and privacy features provided by the German nationwide health information technology infrastructure. Electronic Markets, 24(2), 89-99.
  8. European Commission, 2014. European hospital survey: Benchmarking deployment of eHealth services (2012- 2013). Luxembourg: JRC Scientific and Policy Reports - Institute for Prospective Technological Studies.
  9. Häyrinen, K., Saranto, K., & Nykänen, P., 2008. Definition, Structure, Content, Use and Impacts of Electronic Health Records: A Review of the Research Literature. International Journal of Medical Informatics, 77(5), 291-304.
  10. HIMSS, 2015. 2015 HIMSS Cybersecurity Survey. Chicago, IL: HIMSS.
  11. Hwang, H.-G., Han, H.-E., Kuo, K.-M., & Liu, C.-F., 2012. The differing privacy concerns regarding exchanging electronic medical records of Internet users in Taiwan. Journal of Medical Systems, 36(6), 3783-3793.
  12. ISMG, 2014. Healthcare Information Security Today. 2014 Survey Analysis: Update on HIPAA Omnibus Compliance, Protecting Patient Data (pp. 38). Retrieved from http://6dbf9d0f8046b8d5551a7164cafcaac68bfd3318486ab257f999.r57.cf1.rackcdn. com/2014-healthcare-information-security-todaysurvey-pdf-5-h-53.pdf.
  13. Kaelber, D. C., & Bates, D. W., 2007. Health information exchange and patient safety. Journal of Biomedical Informatics, 40(6 SUPPL), S40-S45.
  14. Ketchen, D. J., & Shook, C., 1996. The Application of Cluster Analysis in Strategic Management Research: An Analysis and Critique. Strategic Management Journal, 17(6), 441-458.
  15. O'Donnell, H. C., Patel, V., Kern, L. M., Barrón, Y., Teixeira, P., Dhopeshwarkar, R., & Kaushal, R., 2011. Healthcare consumers' attitudes towards physician and personal use of health information exchange. Journal of General Internal Medicine, 26(9), 1019-1026.
  16. Ponemon Institute, 2016. Sixth annual benchmark study on privacy & security of healthcare data. Traverse City, MI, USA: Ponemon Institute.
  17. Simon, S. R., Benjamin, A., Delano, D., & Bates, D. W., 2009. Patients' attitudes toward electronic health information exchange: Qualitative study. Journal of Medical Internet Research, 11(3), e30.
  18. Tejero, A., & de la Torre, I., 2012. Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective. Journal of Medical Systems, 36(5), 3019-3027.
  19. Vogel, J., Brown, J. S., Land, T., Platt, R., & Klompas, M., 2014. MDPHnet: Secure, distributed sharing of electronic health record data for public health surveillance, evaluation, and planning. American Journal of Public Health, 104(12), 2265-2270.
  20. von Solms, S. H., 2005. Information security governance: Compliance management vs operational management. Computers & Security, 24(6), 443-447.
  21. White, P., 2004. Privacy and security issues in teleradiology. Seminars in Ultrasound, CT and MRI, 25(5), 391-395.
  22. Yaraghi, N., 2015. An empirical analysis of the financial benefits of health information exchange in emergency departments. Journal of the American Medical Informatics Association, 22(6), 1169-1172.
  23. Zwaanswijk, M., Ploem, M. C., Wiesman, F. J., Verheij, R. A., Friele, R. D., & Gevers, J. K., 2013. Understanding health care providers' reluctance to adopt a national electronic patient record: an empirical and legal analysis. Medicine And Law, 32(1), 13-31.

Paper Citation

in Harvard Style

Uwizeyemungu S. and Poba-Nzaou P. (2017). Health Information Exchange and Related IT-security Practices in European Hospitals . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 538-545. DOI: 10.5220/0006263305380545

in Bibtex Style

author={Sylvestre Uwizeyemungu and Placide Poba-Nzaou},
title={Health Information Exchange and Related IT-security Practices in European Hospitals},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},

in EndNote Style

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Health Information Exchange and Related IT-security Practices in European Hospitals
SN - 978-989-758-209-7
AU - Uwizeyemungu S.
AU - Poba-Nzaou P.
PY - 2017
SP - 538
EP - 545
DO - 10.5220/0006263305380545