Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient Privacy

Abstract: In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.This thesis is focused on information security in healthcare when patient information has to be managed and communicated between various healthcare actors and organizations. The work takes a practical approach with a set of investigations from different perspectives and with different professionals involved. Problems and needs have been identified, and a set of guidelines and recommendations has been suggested and developed in order to improve patient safety as well as patient privacy.The results show that a comprehensive view of the entire area concerning patient information management between different healthcare actors is missing. Healthcare, as well as patient processes, have to be analyzed in order to gather knowledge needed for secure patient information management.Furthermore, the results clearly show that there are deficiencies both at the technical and the administrative level of security in all investigated healthcare organizations.The main contribution areas are: an increased understanding of information security by elaborating on the administrative part of information security, the identification of information security problems and needs in cross border healthcare, and a set of guidelines and recommendations in order to advance information security measures in healthcare.