Security in Health Information Systems: An Exploratory Comparison of U.S. and Swiss Hospitals

Various reports of information security breaches [1, 2], unintended information disclosures of confidential patient information, and computer attacks have raised the awareness about security issues of health information systems (HIS). This paper explores the interrelation between the use of information systems and information system security in the hospital sector of the Health Industry. It analyzes organizational, regulatory, and technological factors as well as difficulties inherent to health care organizations such as patient safety concerns and the use of these systems by clinicians who rely on timely and correct clinical information about their patients. Technical and organizational security capabilities are discussed with reference to case studies of two academic medical centers and two hospital groups in the United States and Switzerland. It is shown how the practicability of information security controls is limited by the heterogeneous and decentralized nature of HIS and the way in which clinicians use them.