A Framework for Enhancing Health Information Data Security: Application of the Consolidated Framework for Implementation Research to Breach Analysis

Health information security breaches continue to be a pervasive problem in a variety of health care environments. Security breaches compromise the integrity of sensitive health information and serve as a barrier to health care provider, stakeholder, and patient trust in the full integration of transformative health informatics tools (e.g. shareable electronic health records) into the US health care system. While the logistics of security breaches are technological in nature, security breach awareness and prevention require exploring the complex web of the health care environment and understanding how the environment itself paves a path for potential security problems. In an effort to better understand the nature of data security breaches in health care environments, the authors propose an innovative application of the Consolidated Framework for Implementation Research (CFIR) to security breach analysis. The authors build on their previous research on electronic health records engagement, breach analysis, and audit procedures in various health care settings. For the purpose of demonstration, the current paper analyzes the most relevant breach occurrences based on volume of patient records from the Health and Human Services (HHS.GOV) breach dataset. Breach types were mapped to relevant CFIR constructs. The authors present the results of the CFIR mapping and discuss the potential uses of the CFIR constructs to support health information security practitioners in their efforts to improve the health data security environment.