Health Information Exchange and Related IT-security Practices in European Hospitals

Alongside other health information technologies (HIT), several projects aimed at implementing electronic health information exchange (HIE) have been initiated in European countries, with the hope of improving the coordination, safety, and efficiency in healthcare systems. However, the electronic exchange exposes health data to information technology (IT)-related vulnerabilities and threats, raising concerns among patients, health care providers, and policy-makers. Drawing on data from a sample of 1123 European hospitals, we conducted a cluster analysis to determine to what extent hospitals do live up to the IT security and privacy challenges of electronic HIE. We produced two sets of clusters, one related to HIE usage and another related to the implementation of IT-security practices. Through a cross-comparison, we proceeded to a match/mis-match analysis. The results of this study depict a mixed situation: even though most of surveyed hospitals (79.2%) have implemented IT-security practices consistent with their HIE usage levels, hospitals that have failed to do so (20.8%) pose a threat to the entire healthcare system which is becoming more and more interconnected.