UNSTRUCTURED
The security and privacy of hospital healthcare information have implications for the societal value of healthcare systems as a public good. Governance of such e healthcare data systems has not been efficient despite stringent enforcement, and we see that both HIPAA regulations, separate state regulations and the ombudsman rule do not reduce breaches faced by healthcare systems in the USA. Though systems have become more secure with the enforcement of the law, breaches have become even more frequent and impactful in recent years. We theorize this in the context of major types of breaches observed from data and argue that best practices based off data are plausible solutions. Using both qualitative data generated via human and AI-guided coding, as well as quantitative data curated from over 15 years of publicly available breach reports, we analyze the effect of HIPAA changes (e.g., omnibus rule) on the number of breaches , and later categorize different types of security breaches. Using this analysis, we provide detailed guidelines by seeking industry best practices by citing exemplars for each security value we derive.