EAGER: Managing Information Risk and Breach Discovery

Welcome

The healthcare industry has experienced increased scrutiny regarding inappropriate data access. However, increased demands for data access have thus far dominated privacy concerns, putting the data at risk.

We are working to better understand how privacy and security teams in healthcare approach risk management and breach discovery life cycles.  

Our Project

In collaboration with the National Science Foundation, we are conducting a research study on Healthcare organizations across the United States.

This multi-disciplinary effort aims to explore organizational risks and the security practices and technologies used to mitigate those risks.  Documenting both the practices and challenges experienced by privacy and security teams will help identify new technological functionality needed to maintain privacy and security in healthcare and provide organization guidance to better manage risk.

Why This Research Now?

Healthcare organizations face a difficult balance: providing clinicians, administrators, and research staff timely and simple access to medical records and other patient data , while protecting the increasingly valuable digitized health records from external theft or internal misuse.

Additionally, the volume, velocity, and variety of patient information continue to grow exponentially through the evolution of medical tools, equipment, mobile devices, and applications. This growth of health-related information increases the risk of inappropriate use and technological vulnerabilities.

Compliance offices are faced with challenge of mitigating the risk of beaches, leaks, and misuse, while simultaneously providing convenient access to a variety of hospital personnel, navigating complex legal landscapes, and managing patient perspectives.

Despite the increasingly complex and critical function of safety and security offices, there is little research exploring how teams address and reduce external threats, combat internal misuse of information, or even how teams approach safety and security practices in their organization. 

Our research aims to improve the understanding of the limits and constraints of data safety as expressed by those working in the field. By talking to data management specialists, the research will help understand current challenges and foster better approaches to breach management.

How to Get Involved:

Since our research is focused on how teams and organizations develop and maintain security and privacy practices, we are looking to talk to professionals working in privacy, security and compliance:  senior executives, security managers, compliance officers, human resources managers or any other staff with an active role in data management, or breach management activities.

The research involves a short survey and a one hour phone interview, scheduled at your convenience.  Both the survey and interviews are confidential; no identifiable information shared outside the research team. If you choose to be interviewed, you will be entered into a drawing for an Apple ipad.

To participate – simply click this link to the initial survey. It should take about 5 minutes. If you provide us with your email at the end of the survey, we will contact you to set up an interview time that works for you.

If you would like further information please email us at: Hammad.Jilani@owen.vanderbilt.edu

Who We Are:

NSF

Vanderbilt Department of Bioinformatics

Our investigators:

PI: Dan Fabbri Daniel.fabbri@vanderbilt.edu
PI:  Laurie Novak Laurie.novak@vanderbilt.edu
RA:  Hammad Jilani Hammad.Jilani@owen.vanderbilt.edu
RA:  Courtney VanHouten Courtney.vanhouten@vanderbilt.edu