DOES SHARING MAKE MY DATA MORE INSECURE ? AN EMPIRICAL STUDY ON HEALTH I NFORMATION EXCHANGE AND DATA BREACHES

Article

Zhang, Leting; Wattal, Sunil; Pang, Min-Seok

University of Delaware; Pennsylvania Commonwealth System of Higher Education (PCSHE); Temple University; University of Wisconsin System; University of Wisconsin Madison

MIS QUARTERLY

0276-7783

2024

This paper examines the information security implications of hospitals participating in health information exchanges (HIE). While data security threats may increase when hospitals join HIEs to share data across organizational boundaries, HIEs institute secure exchange and promote security practices among participants. Due to these countervailing effects, it is unclear how joining an HIE affects hospitals' data breach risk. This study seeks to understand the security implications of HIEs from the lens of governance and coordination. We compiled a panel dataset of more than 3,000 hospitals over six years. By leveraging different identification strategies, including difference-in-differences design, matching, and instrumental variables, we found that the likelihood of a hospital experiencing a data breach decreased by more than 35.37 % after joining an HIE. We further show that the effect was more pronounced among HIE member hospitals with more sophisticated clinical IT systems or after HIE security laws were enacted. We discuss the implications for research and practice.