Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Apr 18, 2024
Date Accepted: Sep 15, 2024
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Analyzing Hospital Breaches to Guide Best Practices for Healthcare Infrastructure
ABSTRACT
The security and privacy of hospital healthcare information have implications for the societal value of healthcare systems as a public good. Governance of such e healthcare data systems has not been efficient despite stringent enforcement, and we see that both HIPAA regulations, separate state regulations and the ombudsman rule do not reduce breaches faced by healthcare systems in the USA. Though systems have become more secure with the enforcement of the law, breaches have become even more frequent and impactful in recent years. We theorize this in the context of major types of breaches observed from data and argue that best practices based off data are plausible solutions. Using both qualitative data generated via human and AI-guided coding, as well as quantitative data curated from over 15 years of publicly available breach reports, we analyze the effect of HIPAA changes (e.g., omnibus rule) on the number of breaches , and later categorize different types of security breaches. Using this analysis, we provide detailed guidelines by seeking industry best practices by citing exemplars for each security value we derive.
Citation
The author of this paper has made a PDF available, but requires the user to login, or create an account.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.