Research Output

A novel methodology for the monitoring of risks within health care data.

  This paper presents an overview of possible risks to the security of health care data. These risks were detected with a novel approach to information security. It is based on the philosophy that information security risk monitoring should include human and societal factors, and that collaboration between organisations and experts is essential to gain knowledge about potential risks. The methodology uses a mixed methods approach including a quantitative analysis of historical security incident data and expert elicitation through a Delphi study. The result is an overview of the main risks that are likely to materialise in health care organisations in the near future. These main risks include (amongst others): staff leaving data-assets unattended on the premises and these assets consequently go missing, staff sharing passwords to access patient data and staff sending email containing personal patient data to the wrong addressee thus disclosing data to unauthorised persons.

  • Type:


  • Publication Status:


  • Publisher


  • DOI:


  • ISSN:


  • Library of Congress:

    QA76 Computer software

  • Dewey Decimal Classification:

    004 Data processing & computer science


Hazelhoff Roelfzema, N., Buchanan, W. J. & Duff, A. (2012). A novel methodology for the monitoring of risks within health care data. Computers and Security. 37, 31-45. doi:10.1016/j.cose.2013.04.005. ISSN 0167-4048



Delphi method; Health care; Information security; Patient privacy; Risk management; Sociotechnical information security;

Monthly Views:

Available Documents