Risk perceptions of electronic health records

The increasing use of electronic health record (EHR) systems and networked medical devices by health institutions has put cyber security at the forefront of the healthcare landscape. Cyber security aims to prevent criminals from gaining access to networks to use stolen information for profit and/or to terrorise.1 EHR systems, which contain patients’ personal health information including their demographics, are becoming especially attractive to cybercriminals, and professionals who use EHR systems are largely unaware of many cyber-related risks. Unfortunately, the consequences could be extremely serious for both institutions and patients when sensitive patient information is released or devices are tampered with. Using a ten-question survey, this study investigates how professionals, ranging from physicians to emergency managers to information technology (IT) specialists, access and use EHR systems and medical devices, how they perceive cyber security risk in healthcare, and determines any significant differences between the survey choices among the respondent groups. Due to the size of the respondent groups, non-emergency managers’ opinions are compared to emergency managers’ opinions. An emergency manager leads mitigation, planning, response and recovery efforts for natural, technological and man-made disasters. These findings will then be compared to what is known of the reality of cyber security vulnerabilities. In the results, it was found that there were discrepancies between the perceptions and realities of EHR end users, although these discrepancies varied by question and user group.