Paper ID
3259
Paper Type
full
Description
This paper examines the security implications of participation in inter-organizational systems (IOS) in the context of the healthcare industry. Specifically, we ask - how does joining in a Health Information Exchange (HIE) affect hospitals’ data breach risks? On one hand, the hospitals in the HIE would have more data accesses thus be more attractive targets to intruders, and they may not have sufficient incentives to substantially invest in information security because of the interdependent risks. However, the HIE requires the participating hospitals to implement strong information technology (IT) governance to lower the participants’ breach risks. We study this issue using a six-year panel data from multiple sources on HIE participation and incidences of security breaches in hospitals. Our results show that joining in an HIE decreases a hospital’s probability of a data breach. Also, the effect is stronger for hospitals with higher IT security capability. This paper contributes to the information systems literature by studying information security in IOS and the effectiveness of IT governance.
Recommended Citation
Zhang, Leting and Pang, Min-Seok, "Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches" (2019). ICIS 2019 Proceedings. 41.
https://aisel.aisnet.org/icis2019/cyber_security_privacy_ethics_IS/cyber_security_privacy/41
Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches
This paper examines the security implications of participation in inter-organizational systems (IOS) in the context of the healthcare industry. Specifically, we ask - how does joining in a Health Information Exchange (HIE) affect hospitals’ data breach risks? On one hand, the hospitals in the HIE would have more data accesses thus be more attractive targets to intruders, and they may not have sufficient incentives to substantially invest in information security because of the interdependent risks. However, the HIE requires the participating hospitals to implement strong information technology (IT) governance to lower the participants’ breach risks. We study this issue using a six-year panel data from multiple sources on HIE participation and incidences of security breaches in hospitals. Our results show that joining in an HIE decreases a hospital’s probability of a data breach. Also, the effect is stronger for hospitals with higher IT security capability. This paper contributes to the information systems literature by studying information security in IOS and the effectiveness of IT governance.