Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches

In stock
SKU
48.3.02

Publication History

Received: March 21, 2021
Revised:
March 16, 2022; November 30, 2022; July 11, 2023
Accepted: September 9, 2023
Published Online as Accepted Author Version: June 12, 2024
Published Online as Articles in Advance: August 8, 2024
Published Online in Issue: September 1, 2024

https://doi.org/10.25300/MISQ/2023/17479 

Downloadable File
$15.00
Abstract

This paper examines the information security implications of hospitals participating in health information exchanges (HIE). While data security threats may increase when hospitals join HIEs to share data across organizational boundaries, HIEs institute “secure exchange” and promote security practices among participants. Due to these countervailing effects, it is unclear how joining an HIE affects hospitals’ data breach risk. This study seeks to understand the security implications of HIEs from the lens of governance and coordination. We compiled a panel dataset of more than 3,000 hospitals over six years. By leveraging different identification strategies, including difference-in-differences design, matching, and instrumental variables, we found that the likelihood of a hospital experiencing a data breach decreased by more than 35.37 % after joining an HIE. We further show that the effect was more pronounced among HIE member hospitals with more sophisticated clinical IT systems or after HIE security laws were enacted. We discuss the implications for research and practice.

Additional Details
Author Leting Zhang, Sunil Wattal, and Min-Seok Pang
Year 2024
Volume 48
Issue 3
Keywords Information security, data breaches, health information exchange, inter-organizational system, IT governance
Page Numbers 873-898
Copyright © 2024 MISQ. All rights reserved.