Gestão & Produção
Gestão & Produção
Thematic Section: Digital Transformation, Intelligent Manufacturing and Supply Chain Management 4.0

Information security in healthcare supply chains: an analysis of critical information protection practices

Tiago Murer Furlanetto; Edimara Mezzomo Luciano; Odirlei Antonio Magnagnagno; Rafael Mendes Lübeck

Downloads: 0
Views: 76


Abstract: Because of their vital role and the need to protect the patient information, interest in information security in Healthcare Supply Chains (HSCs) is growing. This study analyzes how decisions related to information security practices in HSCs contribute to protecting patient information. Eleven semi-structured interviews were performed. The interviewees were managers from Brazilian HSC organizations. Four dimensions and 14 variables identified in a literature review were used to perform categorical content analysis. The findings suggest organizations, while aware of their critical information and internal processes, lack the necessary metrics to measure the impacts of possible failures. It seems organizations tend to invest in standard security measures, while apparently ignoring the specificity and complexity of information in HSCs.


Supply chain management, Healthcare supply chain, Information security, Information security investments, Healthcare supply chain information


Ayers J. B. Handbook of supply chain management.. 2006.

Ballou R. H. Gerenciamento da cadeia de suprimentos/logística empresarial. 2006.

Bardin L., Reto L. A., Pinheiro A. Análise de conteúdo.. 1979.

Bhakoo V., Chan C. Collaborative implementation of e‐business processes within the health‐care supply chain: the Monash Pharmacy Project. Supply Chain Management. 2011;16(3):184-93.

Bojanc R., Jerman-Blažič B. An economic modeling approach to information security risk management. International Journal of Information Management. 2008;28(5):413-22.

Bojanc R., Jerman-Blažič B., Tekavčič M. Managing the investment in information security technology by use of a quantitative modeling. Information Processing & Management. 2012;48(6):1031-52.

Boss S. R., Kirsch L. J., Angermeier I., Shingler R. A., Boss R. W. If someone is watching, I’ll do what I’m asked: mandatoriness, control, and information security. European Journal of Information Systems. 2009;18(2):151-64.

Bragança C. E. B. A. Privacidade em informações de saúde: uma análise do comportamento percebido por profissionais de saúde de instituições hospitalares do Rio Grande do Sul. 2010.

CERT. 2015.

Chamikara M. A. P., Bertok P., Liu D., Camtepe S., Khalil I. Efficient privacy preservation of big data for accurate data mining. Information Sciences. 2020;527:420-43.

Chen D. Q., Preston D. S., Xia W. Enhancing hospital supply chain performance: a relational view and empirical test. Journal of Operations Management. 2013;31(6):391-408.

Christopher M. Logística e gerencimento da cadeia de suprimentos: criando redes que agregam valor. 2007.

Cooper M. C., Lambert D. M., Pagh J. D. Supply chain management: more than a new name for logistics. International Journal of Logistics Management. 1997;8(1):1-14.

Croom S., Romano P., Giannakis M. Supply chain management: an analytical framework for critical literature review. Journal of Purchasing and Supply Management. 2000;6(1):67-83.

Flick U., Netz S. Uma introdução à pesquisa qualitativa.. 2004.

Gaunt N. Practical approaches to creating a security culture. International Journal of Medical Informatics. 2000;60(2):151-7.

Gibbs G. Análise de dados qualitativos: coleção pesquisa qualitativa.. 2009.

Gomes C. F. S., Ribeiro P. C. C. Gestão de cadeia de suprimentos integrada à tecnologia da informação. 2004.

Gordon L. A., Loeb M. P. The economics of information security investment. ACM Transactions on Information and System Security. 2002;5(4):438-57.

Gordon L. A., Loeb , Sohail . Market value of voluntary disclosures concerning information security. Management Information Systems Quarterly. 2010;34(3):567-94.

Gordon L. A., Loeb M. P., Lucyshyn W., Zhou L. externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model. Journal of Information Security. 2015;6(1):24-30.

Gunasekaran A., Ngai E. W. T. Information systems in supply chain integration and management. European Journal of Operational Research. 2004;159(2):269-95.

Gunasekaran A., Patel C., McGaughey R. E. A framework for supply chain performance measurement. International Journal of Production Economics. 2004;87(3):333-47.

Gunasekaran A., Patel C., Tirtiroglu E. Performance measures and metrics in a supply chain environment. International Journal of Operations & Production Management. 2001;21(1-2):71-87.

Gupta M., Rees J., Chaturvedi A., Chi J. Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decision Support Systems. 2006;41(3):592-603.

Guttman B., Roback E. A. An introduction to computer security: the NIST handbook.. 1995.

Hedström K., Kolkowska E., Karlsson F., Allen J. P. Value conflicts for information security management. The Journal of Strategic Information Systems. 2011;20(4):373-84.

Huang C., Behara R. S., Goo J. Optimal information security investment in a Healthcare Information Exchange: an economic analysis. Decision Support Systems. 2014;61:1-11.

Kazemzadeh R. B., Sepehri M. M., Jahantigh F. F. Design and analysis of a health care supply chain management. Advanced Materials Research. 2012;433-440:2128-34.

Ketchen Jr. D. J., Hult G. T. M. Bridging organization theory and supply chain management: the case of best value supply chains. Journal of Operations Management. 2007;25(2):573-80.

Kraemer S., Carayon P. Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied ergonomics. 2007;38(2):143-54.

Kritchanchai D., Hoeur S., Engelseth P. Develop a strategy for improving healthcare logistics performance. Supply Chain Forum: An International Journal. 2018;19(1):55-69.

Landolt S., Hirschel J., Schlienger T., Businger W., Zbinden A. M. Assessing and comparing information security in Swiss hospitals. Interactive Journal of Medical Research. 2012;1(2).

Lee S. M., Lee D., Schniederjans M. J. Supply chain innovation and organizational performance in the healthcare industry. International Journal of Operations & Production Management. 2011;31(11):1193-214.

Luciano E. M., Bragança C. E. B., Testa M. G. Privacidade de informações de pacientes de instituiçoes de saúde: a percepção de profissionais da área de saúde. Revista Reuna. 2011;16(2):1-14.

Magnagnagno O. A. Mecanismos de proteção da privacidade das informações de prontuário eletrônico de pacientes de instituições de saúde. 2015.

Magnagnagno O. A., Luciano E. M., Britto-Da-Silva V. R. Mecanismos para Proteção da Privacidade das Informações do Prontuário Eletrônico de Pacientes de Instituições de Saúde.. 2015.

Marciano J. L. P. Segurança da Informação: uma abordagem social. 2006.

Min H., Zhou G. Supply chain modeling: past, present and future. Computers & Industrial Engineering. 2002;43(1-2):231-49.

Patel S. C., Graham J. H., Ralston P. A. S. Quantitatively assessing the vulnerability of critical information systems: a new method for evaluating security enhancements. International Journal of Information Management. 2008;28(6):483-91.

Safa N. S., Von Solms R., Furnell S. Information security policy compliance model in organizations. Computers & Security. 2016;56:70-82.

Sampieri R. H., Collado C. F., Lucio M. P. B. Metodologia de pesquisa.. 2013.

Samy G. N., Ahmad R., Ismail Z. Security threats categories in healthcare information systems. Health Informatics Journal. 2010;16(3):201-9.

Song F., Zhou Y.-T., Wang Y., Zhao T.-M., You I., Zhang H.-K. Smart collaborative distribution for privacy enhancement in moving target defense. Information Sciences. 2019;479:593-606.

Supply Chain Operations Reference (SCOR) model. 2010.

Ten C.-W., Liu C.-C., Manimaran G. Vulnerability assessment of cybersecurity for SCADA systems. Power Systems, IEEE Transactions on. 2008;23(4):1836-46.

Warren M., Hutchinson W. Cyber attacks against supply chain management systems: a short note. International Journal of Physical Distribution & Logistics Management. 2000;30(7/8):710-6.

Wieser P. From health logistics to health supply chain management. Supply Chain Forum: An International Journal. 2011;12(1):4-13.

Zafar H., Clark J. G. Current state of information security research in IS. Communications of the Association for Information Systems. 2009;24(34):557-96.

5ff70aec0e8825001d5aeabc gp Articles

Gest. Prod.

Share this page
Page Sections