Network security vulnerabilities and personal privacy issues in healthcare information systems: A case study in a private hospital

Abstract

Healthcare industry has become widely dependent on information technology and internet; as it moves from paper to electronic records. Despite the benefits of electronic system, good quality may not be totally achieved unless its risks to security are mitigated. Working in collaboration with a 150 bed private hospital in Turkey; this study aims to present a secure healthcare network infrastructure while presenting the security vulnerabilities in the current hospital information systems. The regulation criteria in Turkey and counterparts in USA and EU are compared according to their privacy approach and a list of items for common security controls from different industries is proposed as a best practice. The study shows that the hospital is not compliant with known healthcare standards like HIPAA or ISO 80001. Management's attitude against privacy and security shows that the responsibility is totally to IT and Biomedical Engineering Departments. As hospitals are adopting electronic transactions, consideration must be given to protect public electronic health records in terms of personal privacy aspects. Healthcare industry in Turkey should benefit from best practices in other industries and applications in other countries. This study can lead the pathway for policy makers in healthcare organizations and regulation authorities to implement a more secure environment for every citizen.