Information technology involves a risk of privacy violation in providing easy access to confidential information,such as personal information and medical information through the Internet. In this study, we investigated medical information security to gain a better understanding of trends in research related to medical information security.
We researched papers published on ‘의료정보’ and ‘medical information’ in various Korean journals during a 10-year period from 2005 to 2015. We also analyzed these journal papers for each fiscal year; these papers were categorized into the areas of literature research and empirical research, and were further subdivided according to themes and subjects.
It was confirmed that 48 papers were submitted to 35 academic journals. There were 33 (68.8%) literature review articles, and analysis of secondary data was not carried out at all. In terms of empirical research, 8 (16.7%) surveys and 7 (14.6%) program developments were studied. As a result of analyzing these papers according to the research theme by research method, 17 (35.4%) papers on laws, systems, and policies were the most numerous. It was found that among the literature research papers on medical personnel were the most common, and among the empirical research papers, research on experts in information protection and medical personnel were the most common.
We suggest that further research should be done in terms of social perception, human resource development, and technology development to improve risk management in medical information systems.
Modern daily life offers many conveniences due to the incredible speed of information and communication technology (ICT) and the Internet of Things (IoT), especially the ease of communication and access of information through the Internet and social network service (SNS). However, personal information can be leaked to the Internet and SNSs. To protect personal information, the Treaty of Personal Information Protection of the European Council (Treaty of the European Parliament for the Protection of Individuals Related to the Automatic Processing of Personal Information) was established in 1980 [
Although medical information should be protected in the Internet space, personal records created by medical institutions and medical treatment prescription computer networks can be infiltrated, resulting in spamming by commercial advertisements and product promotions. Thus, personal information is frequently misused. This problem must be addressed by laws and improvement of security of institutional equipment and systems used to handle personal information [
However, we must always consider the security of shared systems that collect, store, and transfer medical information. Medical information includes extremely personal health information as well as information about a patient's lifestyle habits and physical features. The importance of storing such sensitive information has been emphasized to prevent personal information security problems, such as information leakage, hacking, tampering, and so on [
In this study, we found that research on medical information was mainly focused on risk management of medical information systems at hospital-centered medical institutions rather than general agencies. We analyzed the contents of papers published in this area by theme, year, and research method. Our main objective was to produce results that would be useful for future research. Therefore, our research had the following aims: (1) to analyze medical information security-related papers based on theme and year and (2) to compare medical information security-related papers and analyze the research methods used.
The purpose of this research was to analyze the trends in research on the theme of medical information. Therefore, papers on medical information published in various domestic Korean journals from 2005 to 2015 were searched. On July 16, 2016, using academic research information service (RISS), a search site for published papers, 274 papers were obtained using the keywords of ‘의료정보’ (medical information in Korean) and ‘medical information’. Their information was extracted. On July 21, 2016, three experts reviewed these papers, and 74 papers were selected after this review. The list of studies was chosen by sorting out the last 48 of 60 articles (
In this study, we analyzed research papers related to medical information published from 2005 to 2015 to reveal the trends in current research approaches to guide the direction of future research. Based on 274 studies published, the research trends were classified. The results are shown in
Considering recent research references after analyzing the research trends of papers on medical information, the papers were divided into categories of literature research and empirical research. We prepared an analysis framework to facilitate our analysis.
More specifically, the field of medical information research cannot advance by only focusing on the sensitivity of the medical information of patients. Therefore, the papers were further classified into more specific research areas of computer systems, electronic medical records, and personal information protection.
To observe the trends in research investigating medical information security, we categorized the papers by methodology into literature research and empirical research categories. The results are as shown in
Literature research was found to have the highest number of published papers. There were 33 (68.8%) literature review papers published during the study period. The methodological approach adopted in empirical studies was to recruit groups and developed research and programs concurrently. Compared to the empirical study method, 8 (16.6%) survey research papers of 48 total papers were published, while 7 (14.6%) papers on methods of research in the practical field were published.
Detailed results are shown in
Results of our analysis on research on the management of medical information systems according to research methods and topics are shown in
According to the method of research, there were 33 (68.8%) papers on literature studies and 15 (31.3%) papers published on laws, systems, and policies. There was no paper published on recognition and satisfaction. Actual situation topic had 1 (2.1%) paper. Review discussion and trend topic had 9 (18.8%) papers while factor topic had 2 (4.2%) papers. However, there was no paper published on effect and influence. Topics of measures, applications (program), and utilization each had 2 (4.2%) papers published. However, there was no paper published on model development. The total number of empirical research paper was 15 (31.3%). Two papers (4.2%) were published on the topics of laws, systems, and policies. No papers were published on recognition and satisfaction. Four papers (8.3%) were published on the topic of actual situations. One paper (2.1%) was published on the topic of factors. No papers were published on review discussion, and trend, effect, influence, or measure topics. Application (program) topic had 7 (14.6%) papers while model development topic had 1 (2.1%) paper. However, utilization topic had no paper.
The results of our analysis of research on the management of medical information systems according to research methods and subjects are shown in
The results are as shown in
Based on research methodology, 165 (90.2%) studies were conducted as literature research, including 17 (9.3%) papers on doctors; 16 (8.7%) papers on nurses, persons in charge of medical record, security officers, and information handlers; 15 (8.2%) papers on radiological technologists, pharmacist, and clinical pathologist; 8 (4.3%) papers on medical information experts; 6 (3.3%) papers on laws; 2 (1.1%) papers on privacy information security and medical privacy information security; and 1 (0.6%) paper each for hospital administrative managers; occupational therapists; expert computer officers; individuals, organizations, businesses, and organizations that handle health information; policy (Ministry of Health and Welfare); various international norms on the protection and utilization of personal information (OECD, EU); and personal health information. There were no papers on physical therapists, students in the department of dental hygiene, information protection experts, healthcare managers, telemedicine users, hospital staff members, integrated medical information systems, or multidisciplinary approaches.
A total of 18 (9.8%) empirical studies were reported, including 4 (2.2%) papers on information protection experts; 2 (1.0%) papers each on physical therapists, hospital staff members, and integrated medical information systems; 1 (0.6%) paper each on doctors, nurses, students in the department of dental hygiene, information handlers, healthcare managers, telemedicine users, privacy information security and medical privacy information security, and multidisciplinary approaches. There were no papers on patients; radiological technologists; pharmacists; clinical pathologists; person in charge of medical records; hospital administrative managers; occupational therapists; expert computer officers; security officers; medical information experts; individuals, organizations, businesses, and organizations that handle health information policy (Ministry of Health and Welfare); various international norms on the protection and utilization of personal information (OECD, EU); personal health information; or law.
There were 48 articles on medical information published in journals from 2005 to 2015 in Korea. Looking at them year by year, one paper was published in 2005, whereas 10 papers had been published by 2009. However, 38 were published by various academic societies from 2010 to 2015. In terms of research methodology, 33 (68.8%) papers were based on literature review research, while 15 (31.2%) papers reported empirical research. Literature reviews were consistently carried out during the period from 2005 to 2015. However, secondary data analysis was not published. Surveys were published consistently every year; however, in-depth interviews were not conducted during that period. In addition, there has been no report of investigation and experiment in parallel since 2005. Research on medical information systems has been published during this time period, although these papers were fewer than literature review papers.
The results of the theme analysis of papers based on literature review are discussed below. Laws, systems, and policies were the focus of 15 (31.3%) papers. Review discussion and trend topics were the focus of 9 (18.8%) papers. Factor, measures, applications (programs), and utilization topics were the focus of 2 (4.2%) papers each. One (2.1%) paper was published on an actual situation topic. No papers were published on recognition of and satisfaction with medical information security, the effect and influence of medical information security, or model development topics. In empirical research, application (program) topic had 7 (14.6%) papers. Actual situation topic had 4 (8.3%) papers. Law, system, and policy topics had 2 (4.2%) papers. Factor and model development topics had 1 (2.1%) paper each. Recognition and satisfaction, review discussion and trend, effect and influence, measures, or utilization topic had no paper. The lack of prior research focusing on the reliability of medical information and its associated legal issues and the lack of revision of related clause made it difficult to derive a concrete identity policy proposal. Future study should establish a legal concept for the security of medical information. There is a need for more concrete preventive measures and countermeasures against breaches of medical information security through analysis of the reliability of medical information and infringement of platforms. Specific policies that can reduce the number of functional impairments can be proposed by searching for pure functions associated with the use of medical information [
For medical information in hospitals where human resources are utilized for various job types and operations, it is important to promote medical information protection in hospitals centering on electronic support. Efforts have been made to improve the level of information protection and information security in medical institutions by establishing measures to protect information, such as the establishment of administrative measures and countermeasures to have physical security and technical safeguards with information protection policies. It should be emphasized that all staff should take the initiative to make efforts to create a culture that protects medical information [
Although the scope of personal information has been considered in various fields, including economic, scientific, and technical fields, and this has provided an important foundation for future research, problems such as infringement on the private lives of individuals and society in general have arisen. We need to analyze processes that can handle one or more situations or problems while taking the specialization and specificity of medical information into account [
aA total of 183 papers. Because, there are more than one objects in 48 papers, and the number of papers increases.