PACIS 2019 Proceedings


In light of the recent high-profile data breach incidents, and newly updated mandatory data breach notification laws, considerable global attention is forming around the protection of Personal health information (PHI). PHI breaches, generally described as an impermissible use or disclosure of protected personal health information, are extremely consequential for healthcare organizations and their patients and customers. This paper reports on a scoping review and thematic analysis of the literature studying the causes and impacts of PHI breaches. We started our review by identifying over 900 relevant articles, and through a rigorous process, included 28 articles for a detailed synthesis. Our findings highlight a number of direct and indirect causes of PHI breaches and their behavioral and operational impacts. Based on these findings, gaps in the literature are identified and implications for future research are discussed.