Advanced search
Publication Cover
Informatics for Health and Social Care Volume 48, 2023 - Issue 1
Submit an article Journal homepage
835
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Information security and privacy in hospitals: a literature mapping and review of research gaps

Steve Ahouanmenoua Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, BelgiumCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-7260-7982View further author information
ORCID Icon,
Amy Van Looya Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, BelgiumORCID Iconhttps://orcid.org/0000-0002-7992-1528View further author information
ORCID Icon &
Geert Poelsa Faculty of Economics and Business Administration, Department of Business Informatics and Operations Management, Ghent University, Ghent, Belgium;b FlandersMake@UGent – core lab, CVAMO, Ghent, BelgiumORCID Iconhttps://orcid.org/0000-0001-9247-6150View further author information
ORCID Icon
Pages 30-46 | Published online: 17 Mar 2022
 
Sample our Health and Social Care journals, sign in here to start your FREE access for 14 days

ABSTRACT

Information security and privacy are matters of concern in every industry. The healthcare sector has lagged in terms of implementing cybersecurity measures. Therefore, hospitals are more exposed to cyber events due to the criticality of patient data. Currently, little is known about state-of-the-art research on information security and privacy in hospitals. The purpose of this study is to report the outcome of a systematic literature review on research about the application of information security and privacy in hospitals. A systematic literature review following the PRISMA methodology was conducted. To reference our sample according to cybersecurity domains, we benchmarked each article against two cybersecurity frameworks: ISO 27001 Annex A and the NIST framework core. Limited articles in our papers referred to the policies and compliance sections of ISO 27001. In addition, most of our sample is classified by the NIST function “Protect,” meaning activities related to identity management, access control and data security. Furthermore, we have identified key domains where research in security and privacy are critical, such as big data, IOT, cloud computing, standards and regulations. The results indicate that although cybersecurity is a growing concern in hospitals, research is still weak in some areas. Considering the recrudescence of cyber-attacks in the healthcare sector, we call for more research in hospitals in managerial and non-technical domains of information security and privacy that are uncovered by our analysis.

Author contributions

Conceptualization, S.A. and A.V.L.; methodology, A.V.L. and S.A.; writing—original draft preparation, S.A.; writing—review and editing, A.V.L. and G.P.; supervision, A.V.L. and G.P. The authors have read and agreed to the published version of the manuscript.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Data availability statement

The underlying data for the Systematic Literature Review are available at the following location: https://data.mendeley.com/datasets/w69674f3hy/draft?a=3b61f725-8414-4ee5-be87-8fcfce45a830

Notes

1 New to Framework | NIST

2 ISO 27001: The 14 Control Sets of Annex A Explained (itgovernance.co.uk).

3 Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (nist.gov).

Additional information

Funding

The author(s) reported there is no funding associated with the work featured in this article.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.