An Activity Theory Approach to Leak Detection and Mitigation in Personal Health Information (PHI)

The migration to Electronic Health Records (EHR) has raised issues with respect to security and privacy. One such issue that has become a concern for the healthcare providers, insurance companies and pharmacies is Patient Health Information (PHI) leak. Borrowing from Document Control Domain (DCD) literature, in this paper, we develop a methodology for detection and mitigation of PHI leaks by employing Activity Theory to elucidate the complex activities in the transitive workflow

Dying of a hundred good symptoms: why good security can still fail - a literature review and analysis

Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with businesses. We believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) – will deliver substantial benefits. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach with 8 domains for ensuring critical factors are considered when building an EISA framework

A review of behavioural research on data security

Protection of confidential information or data from being leaked to the public is a growing concern among organisations and individuals. This paper presents the results of the search for literature on behavioural and security aspects of data protection. The topics covered by this review include a summary of the changes brought about by the EU GDPR (General Data Protection Regulation). It covers human and behavioural aspects of data protection, security and data breach or loss (threats), IT architectures to protect data (prevention), managing data breaches (mitigation), risk assessment and data protection audits. A distinction is made between threats and prevention from within an organisation and from the outside

The Trajectory of IT in Healthcare at HICSS: A Literature Review, Analysis, and Future Directions

Research has extensively demonstrated that healthcare industry has rapidly implemented and adopted information technology in recent years. Research in health information technology (HIT), which represents a major component of the Hawaii International Conference on System Sciences, demonstrates similar findings. In this paper, review the literature to better understand the work on HIT that researchers have conducted in HICSS from 2008 to 2017. In doing so, we identify themes, methods, technology types, research populations, context, and emerged research gaps from the reviewed literature. With much change and development in the HIT field and varying levels of adoption, this review uncovers, catalogs, and analyzes the research in HIT at HICSS in this ten-year period and provides future directions for research in the field