Electronic patient data use and handling are critical issues in terms of privacy, confidentiality, security, and the Health Insurance Portability and Accountability Act (HIPAA) regulations. The risks associated with electronic patient data are not limited to identity theft but rather include a person's social, economic, and psychological well-being. However, there have not been many studies that have focused on the associated risk factors that could lead to these situations. This paper identifies those risks related to electronic patient data breaches by means of a grounded theory approach and develops a systemic risk management plan that enables engineering managers and risk managers to more effectively and efficiently overcome risks associated with electronic patient data. Purpose: The purpose of this paper is to identify the risks associated with electronic patient data breach using a grounded theory approach and also to recommend a set of guidelines to support a better, effective, and efficient system and thereby overcome these risks. Patients and methods: No patients were involved either to participate in this study or any of their opinions are reflected with this research.
Keywords: Electronic medical records (EMR); health insurance portability and accountability act (HIPAA); protected health information (PHI); risks; systems.