SoK: Analyzing Privacy and Security of Healthcare Data from the User Perspective

Interactions in healthcare, by necessity, involve sharing sensitive information to achieve high-quality patient outcomes. Therefore, sensitive data must be carefully protected. This article explores existing privacy and security research conducted in the context of healthcare organizations. We conducted a systematic literature review of N=1,553 articles that examine the security and privacy of healthcare data and focus on 80 articles addressing human factors. Key findings show that much of the healthcare security and privacy research is focused on technology (44.11%, 712 articles), with a lack of emphasis on the human element (4.96%, 80 articles). In the subset of user studies, we find that patients and the general public express concerns about privacy and security with technologies like electronic health records (EHRs). Furthermore, our analysis shows that healthcare professionals often have low awareness of risks related to data security. Additionally, our analysis revealed that most research focuses narrowly on large hospitals, neglecting private practices and the unique challenges they face. We conclude by identifying research gaps and providing potential solutions to enable robust data security for sensitive patient data.


INTRODUCTION
Security and privacy integration in the healthcare domain is essential to protect patients' data [1], considering medical records include sensitive health and personal information.A collection of such personal information has a potential for identity theft [2].The healthcare industry is often a prime target for cybercriminals considering fundamental principles of healthcare privacy and security can positively impact risk awareness and technology adoption.
Our study has the following contributions to the research community: -This study pioneers a comprehensive Systematization of Knowledge (SoK) centered around security and privacy in healthcare organizations.While there have been SoK articles focused on specific healthcare technologies, our work is unique in its broad and systematic approach, encapsulating a larger spectrum of concerns, especially aligning with users' perspectives as studied by prior works.-Our SoK offers a holistic evaluation of security and privacy in healthcare, shedding light on crucial gaps in the current protective measures for patient health data.This extensive overview is instrumental for both industry professionals and researchers aiming to secure healthcare data, especially when it comes to patient data.-Our research stands out as it is.To the best of our knowledge, this is the first SoK to not only focus on the technical aspects but also offer a comprehensive overview of research related to the privacy and security of patient data from a human-centered perspective.This dimension is crucial as it acknowledges the significance of understanding and addressing human factors in ensuring robust healthcare data protection.-Methodologically, we have incorporated the card-sorting technique [13,14] into our article analysis, which involves the collective insights of all authors to synthesize knowledge.The adoption of the card-sorting technique for SoK represents a novel methodological enhancement.
We conclude that: (1) Technological solutions are outpacing the foundational analysis of the ways the healthcare workforce is using and protecting patient data today; and (2) Existing research focuses on a narrow scope of medical settings, which neglects the large population of patients and healthcare workers engaged in private healthcare practices.

RELATED WORK
Several prior works considered research on various aspects of privacy and security in healthcare.One major category of systematic reviews in the field of security and privacy are works that focus on aggregating research about the usability of technological solutions such as blockchain, encryption, the internet of things, and biometrics and their applicability and effectiveness in the privacy and security of healthcare organizations.For example, Clayton et al. looked at genetic privacy in particular and aggregated survey studies that have gathered perceptions from different members of the society [15].Alrazaq et al. looked at electronic personal health records and the factors that affect patient uptake of these records through a systematic review of research that has captured patient preferences [16].Kruse et al. aggregated patient and healthcare professional perspectives on using patient portals for chronic disease in particular [17].Security and privacy are often a category of interest among other interests within this category of reviews.
Another major category of systematic reviews is studies examining the overall state of cybersecurity within healthcare organizations.These focused on the overall organization, device, or mode of care.Privacy and security form a subcategory when studying the overall security of a healthcare system.There is also less focus on the user perspective, and the primary focus is the organizational perspective.Kruse et al. reviewed works that document cybersecurity attacks on hospitals [3].The work by Jalali et al. conducted a thematic analysis of 472 articles that were discussions of cybersecurity in healthcare [18].The work by Nifakos et al. looked at works that focused and studied the human factors of cybersecurity in healthcare organizations [19].The authors recognized the need for improved training of healthcare professionals to improve security in healthcare organizations.While their work focused on the organizational perspective, our emphasis is on the human perspective and specifically relating to patients and healthcare professionals.

11:4 • F. Tazi et al.
The third review category is studies that investigate some particular aspect or subdivision of healthcare and examine works of security and privacy within that umbrella.For example, some examined the security and privacy aspects of patient portals, electronic health record (EHR) systems, and telemedicine.These bodies of work typically focus on the security and privacy problems specific to that particular niche within healthcare.For example, Hameed et al. conducted a systematic review of security and privacy issues in the internet of medical things (IoMT) with a particular focus on the sophistication of machine learning techniques employed within this domain [20].Aljedaani et al. focused on security challenges in mobile health (mHealth) applications in particular [21].Kolasa et al. reviewed privacy and security concerns in applications used for contact tracing early in the COVID-19 pandemic [22].Finally, Watzlaf et al. conducted a systematic review of the security and privacy challenges within the domain of telemedicine [23].
The current systematic review of literature on privacy and security in healthcare primarily focuses on technological solutions.There need to be more studies that review the user perspective (either that of the healthcare professional or the patient) in this domain.Thus, in our study, we have chosen to focus on the human aspect of privacy and security in healthcare organizations by identifying bodies of work that capture the human perspective on the subject matter.Some examples include surveys, interviews, and focus groups of patients, healthcare professionals, or other stakeholders in the healthcare organization.

METHOD
In order to better understand the landscape of the existing research on data security and privacy preservation in healthcare organizations, we conducted a systematic literature review following the "preferred reporting items for a systematic review and meta-analysis" (PRISMA) guideline [24].Our systematic literature review includes a corpus of 1, 553 articles published up to December 10, 2021, collected from different digital libraries.The literature review comprised six steps: (i) database search, (ii) title screening, (iii) abstract screening, (iv) fulltext screening, (v) data extraction, and (vi) thematic analysis.
Inclusion Criteria: Articles were included if they were: (1) Published in a peer-reviewed publication, including journals and conferences; (2) Written and available in English, and (3) Focused on the security and privacy of data in healthcare organizations.
Exclusion Criteria: Articles were excluded if: (1) Articles were presented as a work-in-progress (posters, extended abstracts, etc.); (2) The content analysis showed that the research was not directly related to patient/consumer health-related data security and/or privacy in healthcare organizations; and (3) The collected articles were part of patents or book chapters.
Figure 1 details all the steps carried out throughout this analysis.

Database and Keyword-based Search
We conducted our search by exploring seven digital technology and medical databases: ACM Digital Library (ACMDL), Google Scholar, Social Science Research Network (SSRN), ScienceDirect, IEEE Xplore, PubMed, and MEDLINE.Our selection process was based on an iterative evaluation.We started by defining appropriate keywords for our subject matter.This was followed by filtering the results to meet our requirements.Subsequently, we systematically analyzed the final collection of research articles.This procedure was adapted from previous literature reviews by Stowell et al. [25], Das et al. [26,27], and other related works [28][29][30][31].
After the initial search to obtain the keywords, we collected the articles through a keyword-based search as mentioned above, using the Publish or Perish1 software for retrieving articles from Google Scholar.After that, we explored individual digital libraries to collect articles relevant to this research.Boolean search strings were developed for searching databases including "AND/OR" operators as well as NOT operators across the following keyword terms: Healthcare Data Security, Healthcare Data Breach, Healthcare Data Theft, Medical Data Theft,

Title Screening
We conducted title-based searches for relevant articles in several digital libraries.Google Scholar, ACMDL, and IEEE Xplore yielded substantial results, so we focused our search efforts on those databases.For the other digital libraries, we used a simplified yet broad search strategy to capture the most relevant articles.
In Google Scholar, we searched for articles with "Healthcare Data Security, " "Healthcare Data Breach, " "Healthcare Data Theft, " "Medical Data Theft, " "Medical Data Security, " "Medical Data Breach, " "Patient Data Security, " "Patient Data Theft, " or "Patient Data Breach" in the title.We excluded patents and citations, conducting multiple searches and aggregating the results to maximize coverage.This yielded 352 articles.
For ACMDL and IEEE Xplore, we used their advanced search filters to restrict our search to titles, abstracts, and keywords of journals and peer-reviewed conferences.In ACMDL, this reduced our results from over 30,000 to 2,477 relevant matches.As for IEEE Xplore, we reduced the results from over 7,000 articles to 63 articles.
In the remaining digital libraries, we used the search string: "Healthcare Data Security" OR "Healthcare Data Breach" OR "Healthcare Data Theft" OR "Medical Data Theft" OR "Medical Data Security" OR "Medical Data Breach" OR "Patient Data Security" OR "Patient Data Theft" OR "Patient Data Breach" and further constrained the parameters to limit the result set to the most relevant articles possible.
Table 1 provides the specifics of our search approach in each digital library database, including search terms used, number of articles returned, and the search filters applied.

Duplicate and Work-in-Progress Removal
In this phase, we proceeded to remove duplicate articles.First, we removed any duplicate articles from the different databases.We also removed any articles which were a work in progress, such as posters and extended abstracts.Finally, we screened out self-identified work-in-progress articles or reviewed the article to see if the articles were works-in-progress.Due to the varying nature of the publication of these works, we could not demarcate the articles based on their page numbers with an assumption that work-in-progress articles are short.However, we removed any articles which were shorter than four pages.After this procedure, we were left with a dataset of 2, 032 articles.

Abstract Screening
We assessed the 2, 032 research articles in our corpus to determine their relevance to our research topic by reviewing the abstract.Three researchers trained in qualitative coding determined the relevance of the individual articles to the research by analyzing the abstract.When there were discrepancies in determining the relevance of the article, all researchers discussed these articles in more detail to resolve the issue, only articles that addressed the security or privacy of healthcare data were included.Thus, 479 articles were excluded in this phase.After this screening, there remained a total of N = 1, 553 articles on which we conducted two phases of thematic analysis [26].

Analysis
First, we conducted a thematic analysis of the abstract to classify and evaluate the articles within significant themes.After that, we conducted a detailed analysis of the user studies to understand more about the user issues as per the goal of this work.3.5.1 Thematic Analysis: Twenty articles were randomly selected to generate overarching themes, after which three researchers evaluated the remainder of the articles.All the researchers agreed upon the themes which included: "User Studies, " "Technical Solutions, " "Frameworks, " "SOKs and Overviews, " and "Security Reviews." Any article that included any form of user study, even if that was not the article's primary theme, was marked in the user study category.This was specified given the user-focused aspect of the article.After conducting the first set of analyses, we performed a more detailed set of thematic analyses to categorize the user studies; following this step, we conducted a card-sorting exercise on the most relevant user studies.

User Study Analysis.
After the two phases of thematic analysis, we conducted a detailed user study analysis on 129 user studies.After a thorough analysis of the complete text, 49 articles were excluded from this set for various reasons, including needing more focus on the privacy and security of healthcare patients' data throughout the methodology, results, and discussion.For the remaining N = 80 articles, we extracted the quantitative and qualitative findings to assess what technical perspectives of the healthcare-focused research were conducted by the prior studies as well as the type of participant these studies were interested in such as medical professionals, patients, technical experts, or general public.Nine publications were selected at random for the purpose of conducting inter-rater reliability.Each article was categorized across five distinct categories.A team of three researchers meticulously evaluated these articles to ensure a comprehensive classification.Given that the inter-rater reliability rates exceeded 0.81 for all categories, as indicated in Table 2, the remaining publications were allocated to two out of the three researchers for coding purposes ensuing the same categorization.
Of these 80 articles, we consolidated a set of 26 articles centered around healthcare data privacy and security from all aspects, including the objective itself, the methods, the results, and the discussion.Furthermore, we conducted a card sorting exercise involving all authors on these 26 articles.This allowed us to understand these articles better and find connections and similarities between these articles.The first author started by identifying the 26 articles and generating the themes; afterward, two groups of two authors each organized the articles into the existing themes.The themes were not mutually exclusive, and groups were able to add themes when deemed necessary.For each of the articles in our corpus, we combine the card sorting results from all the authors.

FINDINGS AND DISCUSSIONS
In this section, we first provide the results of the thematic analysis, and after that, we provide details and evaluation of the user studies.

Thematic Analysis
In the following sections, we provide results for each of the five themes into which we have classified our corpus, while focusing mainly on user studies.Sections 4.1.1 to 4.1.4present four of the themes, but the fifth theme: "User Studies" is presented in Section 4.2.

Technical Solutions.
Nearly half of the collection, 712 (45.85%) out of N = 1, 553 articles, focused on proposing a technology-based solution for the privacy and security issues of the healthcare sector.The authors have proposed several technological solutions to enhance the privacy and security of the data transferred and accessed in the healthcare sector; for instance, Gupta and Metha discussed the importance of transmitting medical data over an unsecured network and proposed a chaos-based encryption scheme to secure medical images.In their algorithm, they use a combined key sequence of logistic map and Duffing map by shuffling the adjacent pixels of the medical data where the encryption and decryption keys are combined using the XOR function to obtain a single key sequence.Their proposed scheme was proven functional against access-control-based attacks [32].Another critical focus on the technological solutions found in our collected sample was on the blockchain.For instance, Brunese et al. proposed a blockchain-based technology aimed at protecting information exchanges in hospital networks, with particular regard to magnetic resonance images by implementing formal equivalence checking to validate the network of the transiting data [33].On a different note, Tian et al. looked into clinical prognosis prediction models based on EHR data.They developed a web service based on multi-center clinical data called POPCORN.The PrognOsis Prediction based on multi-center clinical data CollabORatioN (POPCORN) focused on the standardization of clinical data expression, the preservation of patient privacy during model training using a multivariable meta-analysis, and a Bayesian framework [34].

Healthcare Frameworks.
Of the 1, 553 articles collected, 390 (25.11%) articles studied or introduced new healthcare data management frameworks.We considered an article under the theme of healthcare frameworks if the main subject of its study is a security, privacy, or design framework, or if it introduced or analyzed a legal or ethical framework.These articles mainly describe methods to design a secure and private technology for healthcare data usage.One such article, "A Security Framework for Mobile Health Applications, " introduced a security framework for mobile healthcare applications, taking usability and security into consideration [35].Ibrahim et al. introduced a framework for securely sharing EHRs over the cloud between different healthcare professionals.This framework ensures the confidentiality, integrity, authenticity, availability, and auditability of EHRs [36].Similarly, Zalloum and Alamlah proposed a privacy-preserving framework for medical data sharing in their article; they also designed a digital information system that restricts access to medical information unless the patient approves the access [37].Jia et al. followed a different approach with their privacy-preserving medication adherence framework.In their proposed framework patients are given control over how their information is transmitted and shared [38].

Systematic Literature Reviews and Overviews.
Of the 1, 553 articles analyzed, 228 (14.68%) were systematic literature reviews or overviews.These studies gave an overview of the current standards and practices followed in the healthcare sectors or consolidated the prior work on this sector while mentioning the importance of the focus on healthcare privacy and security.However, these studies should have focused on or explored the user perspective.For example, Walker et al. implemented a mixed-method systematic review by analyzing about 300, 000 articles and found evidence of high heterogeneity across crude data indicating that the effectiveness of security measures varies significantly in healthcare but concluded without a solution for insider attack [39].Similarly, Paksuniemi et al. give an overview of the wireless technologies devices and reveal the importance of implementing security measures in these technologies to enable secure patient monitoring [40].Moreover, Wang provides an overview of the security threats imposed by smart devices which monitor patients through internetconnected technologies.Wang details two primary security-related issues for internet-based telemedicine systems that need to be addressed: (1) medical data protection needs; and (2) system design issues [41].

Security Evaluations and Data
Breaches.We classified 143 articles as a security evaluation or data breach theme if they provided an insight or assessment of the security state of the healthcare sector and the technologies used in this area.Articles were also included in this theme if they provided the state, history, or technical details on security violations in the healthcare sector.For example, one such article documents cyber security threats and methodologies in the healthcare domain, pointing out how to analyze and manage them [42].Furthermore, Spanakis et al. introduce a multi-layer attack model providing a new attack and threat identification and analysis method.In a similar vein, Lopatina et al. analyze possible risks associated with the IoMT devices and systems and evaluate the threat impact and the cyber threat consequences on patients and the medical organizations using them as a whole [43].Furthermore, Romanovs et al. analyze the cybersecurity healthcare situation in the world and examine the principal integration problems in telemedicine that prevent healthcare professionals from affording remote medical help safely and efficiently [44].

Analysis of User Studies
In addition to our analysis of the technical solutions discussed in the collection, we performed a detailed analysis of the user studies (N = 80).Our goal was to understand and assess the studies that evaluated human factors of data security and privacy in healthcare.Therefore, we thoroughly analyzed the user studies and specific aspects of the study, such as the type of study conducted, study populations, duration, and medical settings.
Among the 80 user studies, only two assessed a proposed technological intervention.For example, Abd-alrazaq and colleagues measured the efficiency and convenience of a mobile app for managing diabetes evaluation [120].In this work, participants noted that one advantage of it was compliance with hospital regulations for patient data security.On the other hand, Haggstrom et al. assessed the usability of the MyHealtheVet program, where participants expressed concerns about the privacy of reviewing medical data at home [8].
One qualitative study conducted a comparison analysis on smart contract blockchains for healthcare applications [108].Yu et al. recruited three students with no former experience in blockchain technologies to construct and test three pre-selected blockchain platforms and examined the practical aspects of the experiments.Through their study, Yu et al. established that the choice of an appropriate platform is contingent upon the specific needs of the application.

Study Duration.
For the majority of the quantitative studies, the time taken for the completion of the study primarily occurred in a single session (Table 3) [45-59, 61, 62, 64-90, 92-96, 106], with the exception of three articles, where multiple surveys were deployed.In the first one, a survey of public perception of mobile phones' effect on healthcare was repeated in 2013 and 2014 [91].The findings of this study revealed a growing inclination among participants to believe that such utilization of mHealth will lead to improvements in the overall quality of healthcare.While there was no observed year-over-year growth in participants' privacy and security worries, it is evident that participants still have significant apprehensions in this regard.The second article also conducted two surveys with a one-year gap, the first of which consisted of a baseline survey in 2012 before an educational outreach intervention and a follow-up survey in 2013 to evaluate communication between healthcare professionals [60].This study found that the implementation of physician champion educational outreach initiatives resulted in a notable rise in the utilization of secure provider-to-provider EHR system messaging services.Finally, the last study implemented a survey on two separate occasions, initially in December 2013 and subsequently in September 2015 [63].This was done following a modification in the EHRs system utilized by the hospital where the study was conducted.The objective of the study was to assess the level of influence exerted by the three primary categories of clinical staff (physicians, paraprofessionals, and administrative personnel) on the intention to adopt an EHRs system, as well as its underlying factors.All of the hypotheses pertaining to the personnel are validated in this study.Specifically, anxiety, self-efficacy, and trust are found to have an influence on ease of use.Additionally, ease of use, misfit, self-efficacy, and data security are found to impact the intentions to use the EHR.However, the perception of ease of use of EHR among staff and assistants does not have a significant impact on their intentions to use EHRs.Such longitudinal studies are critical to understanding how user perspectives about security and privacy can change (or do not change) over time.
As for qualitative studies, all but one of the studies were conducted in a single session.The sole exception was an evaluation of a diabetes management app for 6 to 12 weeks where participants' interactions with the app were tracked and recorded [120].After this phase of the study, participants were then asked to take an interview to discuss their individual experiences with the app.
Similarly, the mixed methods studies consisted of few single-session studies [8,[102][103][104][105] and few comprehensive studies.One such extended study was particularly elaborate and included a postal survey to understand participants' perceptions towards the electronic transfer of medical prescriptions [66].This study revealed that the electronic transmission of prescription-related data is expected to be well-received by all participants.However, authors note that it is crucial to address apprehensions regarding patient confidentiality.In addition, participants accessed their EHRs for the first time and answered questions about their experience using the system.Finally, focus groups were conducted to assess participants' attitudes towards various aspects of the EHR system [98].Pyper et al. found that most participants were satisfied with the computer technology employed, furthermore, the majority of participants expressed that they found the act of reviewing their medical records to be beneficial and were able to comprehend the majority of the information included within, however, participants expressed apprehension on the aspects of security and confidentiality, particularly with regards to the possible exploitation of their records.Similarly, another comprehensive study used focus groups, a survey, case study cards, and co-creation workshops to measure the participants' attitudes toward data sharing and develop standards for acceptable data sharing [97].The participants of the focus group expressed their endorsement for the sharing of health and care data specifically to facilitate direct care, however, they were also apprehensive about the reliability and accuracy of their records, as well as potential social disapproval linked to certain diagnoses, particularly those related to mental health.Furthermore, participants expressed concerns regarding the identification of individuals, the constraints imposed by security measures, and the possibility of care allocation being influenced by information contained in their records, including their lifestyle preferences [97].In addition, one study used surveys and semi-structured interviews to evaluate patients' concerns about data sharing in the context of HIV patients [101].Maiorana et al. argue that both patients and healthcare professionals demonstrate a willingness to embrace the electronic exchange of HIV patient data as a means to enhance the quality of care for a disease that has been associated with social stigma.Authors also note that the acceptability of data sharing and confidentiality is contingent upon the level of work invested in comprehending and resolving possible problems, as well as the establishment of confidence among stakeholders regarding the characteristics of the systems and their intended use [101].This was similar to work that aimed at assessing participants' attitudes on privacy and security of medical technologies through focus groups and a standardized questionnaire survey [99].The results of this analysis indicated that the incorporation of medical assistive technology in home environments is contingent upon the consideration of both security and privacy factors.Particularly, the examination of data about gender, health state, and age unveiled that females and individuals in good health exhibit a greater need for stringent security and privacy measures, in comparison to men and older individuals who are experiencing health issues [99].Finally, one article used a triangular study including observations, focus groups, and exit interviews of a gradual EHR implementation [100].Shield et al. found that the prioritization of patient trust in physicians and the establishment of secure physician-patient interactions seem to outweigh the majority of patients' apprehensions regarding information technology [100].[48,49,57,78,98,117,120], furthermore five studies were conducted in a rural setting [102,103,107,121,123], and six studies reported mixed populations [50,52,91,96,97,113].No articles reported on an exclusively suburban population setting.
Seven articles studied non-medical experts such as IRB directors and information technology experts [53,62,81,96,104,115,122]; moreover, three articles studied both medical and non-medical experts [47,77,116].On the other hand, only four articles recruited students for their studies [49,78,95,108].
In addition to these studies, 15 articles studied the general public.However, in some articles, there were some conditions for the participants, such as a user of a specific technology or speaking a particular language [51, 52, .In contrast, seven other articles did not determine the types of participants they recruited for their studies [46,48,56,59,91,109,112].For these articles, we assumed that the participants were pooled from the general public.

Number of Participants.
The most participants reported in qualitative studies is 87 participants [110], whereas the average number of participants in these studies is 31.83.However, we noticed that studies that employed focus groups had more participants on average (55.67)than interview-based studies.The least number of participants for qualitative studies was three [108].As for mixed-method studies, the average number of participants is 259, whereas the maximum number of participants in one study is 1, 031 and the minimum number of participants is 16.Furthermore, only one quantitative study did not report the number of participants.As such, the average number of participants for the rest of the quantitative studies is 1, 215.46, and the maximum number of participants in a single study is 17, 000.In contrast, the minimum number of participants is six.

Regulatory
Considerations.Through our corpus, a discerning analysis reveals a nuanced landscape of HIPAA integration within the study design of user studies.Only five scholarly articles [72,79,81,116,118] adeptly integrated HIPAA issues into their study methodology, thoroughly exploring the perceptions, and understanding of HIPAA and discerning patterns of compliance with HIPAA regulations.These research publications are notable for their thorough investigations into the convergence of healthcare data privacy and security from the perspective of users, adeptly negotiating the complexities of HIPAA rules.One such study [81] investigates the practices of information security and analyzes the patterns of behaviors that are linked to enhanced regulatory compliance.The research conducted in this study identified three distinct groups, which have been labeled as leaders, followers, and laggers.These clusters have been determined based on the observed variance in security practice patterns.According to the authors, the clusters exhibit notable distinctions in nontechnical practices as opposed to technical ones.Hospitals that used a balanced approach, encompassing both technical and non-technical practices, had the best degree of compliance.In contrast, a significant majority of the remaining studies opted for a cautious approach when discussing regulatory frameworks, with seven articles [55,56,58,84,101,104,122] briefly addressing HIPAA and only two [112,115] mentioning the General Data Protection Regulation (GDPR).The references encompassed a spectrum of topics, including a brief acknowledgment of the regulatory framework's role in regulating healthcare data management, or a concise assessment of the subjects' adherence or lack thereof to the specified regulations.

Card Sorting.
For the 26 articles most relevant to our subject matter, we conducted a card sorting exercise to reveal the specific human factor aspects studied thus far.Through this exercise, we identified a total of 12 labels about the human factors of information security in healthcare, namely: "Risk Perception, " "Data Sharing, " "EHR Interactions, " "Risk Awareness, " "Technology Adoption, " "Regulatory Compliance, " "Individual Differences, " "Secure Communications, " "Mobile Applications, " "Social Influence, " "Privacy, " and "Contact Tracing." In the following sections, we have provided details of both the significant labels identified in this work and the user studies classified under each label.More details on these articles are available in Table 5 as well as Appendix A.
Risk perception: According to Zou et al. [125], risk perception is "a person's subjective assessment of the probability that a specific event happens and how concerned they feel about its consequences".However, it is challenging to circumscribe the perception of risk as risks do not have the same meaning for everyone.That is why user studies focusing on risk perception are critical, especially for the subject of healthcare data.Articles were categorized in the risk perception label when part of the study or its entirety explored participants' attitudes, impressions, and opinions on risks related to healthcare data.Risk perception was the most frequent label in our corpus where 61.54% of the articles were labeled within this category [46,58,62,74,80,81,83,90,91,99,106,109,111,112,114,117].The results of these articles show that participants have different perceptions of risk.Shnall et al. [111] claim that several participants perceived the mobile application being tested as risky and were apprehensive about data storage, leaks, and tracking.However, the participants also declared that these risks are inevitable.
On the other hand, 85% of participants in Giguere et al. 's study did not express any concerns about data privacy [106].This study analyzed users' perception of the risk of using SMS for communication that consisted of several tiers of privacy-preserving safeguards, which may have caused the participants to express lower concern about data privacy.However, it was worrying to learn that few participants in the study declared passwords were obsolete, suggesting an underestimation of risk while interacting with a system misconceived to be privacypreserving.These studies suggest that future work should further test how risk and privacy communication impact users' perception of healthcare systems.
Data sharing: Articles were classified within this label if they explored the subject of healthcare data use and sharing either with healthcare professionals for the purposes of examining patients and diagnosis or with the research community through healthcare information commons.The 14 articles [54,62,64,68,73,90,91,97,99,106,109,114,115,121] generally aimed at understanding the perspective of participants on responsible data sharing practices that would be acceptable to the patients but also beneficial to the research communities.Similar results were found in these articles, which indicate that patients support data sharing as long as it allows for the greater good-it benefits the public, or in case the data is shared with a healthcare professional for personal health purposes.Nonetheless, people still have reservations about the privacy and confidentiality of sensitive data, data breaches, and bias.
EHR: Electronic healthcare records systems collect essential and private data about patients' medical history and the subsequent care they have received; as such, they store an extensive history of clinical information for each patient; not only that, they also contain personal information, such as demographics, billing data, and insurance information.As such, examining the users' perspective and understanding of such tools is very important to improve the security of EHR.In this regard, we found eight articles [58,80,81,91,97,104,115,121] in our corpus pertaining to user interactions with EHR.These articles confirm through their results that the patients and the general public have concerns over privacy and security, and are prudent about using EHR technologies.Furthermore, it was determined that providers' reassurance and encouragement positively impact patients' continuous and systematic usage of patient portal software in general and lowers their security concerns [58].
Risk Awareness: Despite the abundant potentialities for cyber risk in the healthcare sector [126][127][128], there is a startling level of naiveté among some healthcare professionals.The results from the eight articles [54,72,74,79,83,104,112,121] in our corpus relevant to risk awareness, show that the knowledge levels of healthcare professionals regarding patient privacy, confidentiality, and data sharing practices are average [54] or lower [72].It is reasonable to posit that such low security and privacy awareness among healthcare users could lead to insecure behaviors such as password sharing, improper data handling, and in some cases, a complete absence of password use [121].Finally, it was also observed that disregarding the risks and ignoring consequences can impede security [121].
Technology Adoption: Technology generally accounts for a substantial impact on human life, and these technologies have a central place in today's world.Some people adapted quickly, while others resisted these changes brought upon them through technological advancements.Adoption, however, is essential in the context of digital transformation to guarantee its success.Similarly, technology adoption in the healthcare domain is crucial to its development.In this regard, eight articles [46,58,62,68,79,81,99,115] in our corpus examined factors and inspected participants' requirements that would improve user acceptance and adoption of some healthcare technologies.These articles report similar results.The results reveal that the security and privacy aspects bolster the acceptance and adoption of healthcare technologies.
Regulatory Compliance: Of the 26 articles in our corpus, seven [64,72,73,79,104,112] studied the ethical and legal aspects of healthcare data management.These articles mainly assess the HIPAA compliance of participants, as well as the cybersecurity conditions and behavior of healthcare practitioners and organizations.Notably [64,72,112] all show that healthcare professionals' understanding and security awareness levels are lacking and, in all cases, were average or less than average.Furthermore, all of the studies in this label determined that there needs to be more policies and reinforcement of specific behaviors that can impede security.
Individual Differences: An article was labeled as individual differences if an analysis is done to compare results from different types of individuals or participants in general.This comparison can be based on experience level, hospital size, marriage status, country of origin, health status, or even gender.As such, we found seven articles [54,62,73,81,83,90,99] from our corpus that did this type of analysis.In particular, Wilkowska and Ziefle show that females and healthy adults expect and demand the highest security and privacy standards compared to males and the ailing elderly [99].In a different study, Shrivastava et al. investigated the extent to which security policies impact health information interoperability at different levels within the same hospitals [62].The outcomes showed that hospitals with regional and organizational level privacy regulations have 85% and 76% higher likelihood of undergoing semantic and organizational level problems, respectively.Furthermore, hospitals with one electronic medical record (EMR) used throughout the hospital are 53% and 43% less prone to technical and semantic problems, respectively, compared to hospitals with more than one EMR system.
Secure Communications: In the case of healthcare, secure communications are not just a matter of security and privacy, but they can also be a medical concern.According to the Joint Commission Center for Transforming Healthcare, "it has been estimated that 80 percent of serious medical errors involve miscommunication during the hand-off between medical providers.Most avoidable adverse events are due to the lack of effective communication." As such, it is critical to understand the need for secure communications specific to the healthcare sector, both from the patient's perspective and the healthcare professionals.Subsequently, we categorized five articles [64,68,106,112,117] from our corpus of 26 within this label.Most of these articles have similar results that show that patients still do not fully trust the existing communications technologies, except for Elger's study [64] where 85% of the participants had no privacy concerns regarding using a secure SMS system for private medical communications.
Mobile Applications: As of July 2022, there were over 54, 000 healthcare mobile applications in the Google Play Store alone.These applications range from medical communication apps to applications that analyze medical data to give advice.As such, these apps have become more and more valuable in the monitoring and even delivery of healthcare [129].However, only three articles [91,106,111] from our corpus were related to mobile applications.These articles evaluate users' perceptions of mobile health applications regarding privacy, security, and quality of care and analyze the factors contributing to patients' intentions of using mobile healthcare applications.The results of these articles were somewhat different, where Schnall et al. [111] found that the majority of their participants expressed concerns over privacy and trust of their sensitive healthcare data and the people who would have access to their healthcare data.On the other hand, both Giguere et al. [106] and Richardson and Ancker's [91] studies found that the majority of participants are unconcerned about privacy and confidentiality when using a mobile healthcare application.

11:16 • F. Tazi et al.
Social Influence: Social influence is a type of pressure exerted by an individual or a group on a person to attempt to impose dominant norms.This influence causes the behaviors, attitudes, beliefs, opinions, or feelings of an individual or group to change as a result of contact with another individual or group.In this vein, three articles [54,58,114] in our corpus were categorized as social influence.These articles proved that participants were influenceable.Namely, Moqbel et al. [58] demonstrated that health professionals' reassurance and encouragement positively impact patients' continuous and systematic usage of patient portal software; not only that but participants were also influenced to lower their security concerns through the same encouragement.A different angle to this category was participants' concerns about the repercussions of social influence on the security of healthcare data [114].
Privacy: There is an abundance of data circulating online, a considerable share of which can be considered private.This data has been at the center of attention, especially from big data analytics companies.This has helped increase the need for and recognition of privacy, including healthcare privacy.Most of the articles in our corpus touch upon privacy, but three of these articles [64,73,117] were directed exclusively towards the privacy of healthcare data.Accordingly, in their study Elger [64] assesses the knowledge and perceptions of physicians on healthcare data violations of privacy and confidentiality; through this study, the author found that barely 11% of the participants recognized all the confidentiality violations in the test cases they were presented with.On a different note, Tjora et al. examined and analyzed the usability and experiences of patients using a secure patientphysician communication system compared to their privacy expectations and perceptions of this systems [117].The results show that although participants were not too concerned about privacy, they still avoided using the system for "intimate details. " Contact Tracing: Out of the 26 articles in our corpus, only two [46,58] were categorized as contact tracing.Contact tracing is identifying and evaluating people who have been in contact with an infectious disease to prevent it from being transmitted further.Contact tracing is critical in the fight against epidemics since it helps limit the number of infections.However, with the emergence of digital contact tracing applications, users have expressed privacy and security concerns [130].These concerns stem from apprehension of data breaches or having their data collected by government entities [131].However, this did not deter participants from approving COVID-19 contact tracing apps and recognizing the importance of these applications in the right circumstances.Kozyreva et al. [46] showed that the acceptability of privacy-encroaching measures across the four waves of COVID-19 in Germany was correlated with the participants' risk perceptions of the pandemic.

IMPLICATIONS
The contributions of previous works in enhancing the privacy and security of sensitive patient data are evident and commendable.However, a more comprehensive exploration is required to fully grasp the intricacies and challenges associated with healthcare security and privacy.Our study reviewed articles from diverse global regions, each subject to different cybersecurity and healthcare norms and regulations.While compliance frameworks-exemplified by the Health Insurance Portability and Accountability Act (HIPAA)-set the baseline for regulatory requirements and data protection, the true essence of adequate security and privacy often extends beyond these legal boundaries.Furthermore, our analysis reveals a significant omission of numerous global privacy regulations concerning health-related data.

Proactive Healthcare Security Approach
The dynamic nature of users, for whom security or privacy might not always be a primary concern, mandates further research to discern motivations behind control circumvention, particularly regarding sensitive patient data.Our analysis discerns three predominant themes related to the human-centric challenges in healthcare information security: Inconsistent access controls; Modes of communication that do not adhere to compliance or are inherently insecure; Disruptive policies for updates and data backups.Prior works concerning human interactions in healthcare predominantly revolved around understanding circumvention behaviors related to authentication [132].A notable observation is the rampant sharing of login credentials among providers, attributed to inconsistent access control policies [112,121].
In our analysis, we found that healthcare access control paradigms often lack the foresight of individualistic provider needs or the diverse range of tasks they perform daily.Typically modeled in hierarchical tiers, senior providers are bestowed with maximal privileges, whereas their junior counterparts and other staff members navigate with restricted access [70,112,121].Such restrictions, although designed for data security, ironically result in credential sharingespecially when immediate access is indispensable for critical patient care or when the intended user is yet to undergo necessary training [5].Supplementing this, existing literature also underscores recurrent password-related challenges, from the adoption of weak passwords to prolonged machine inactivity.Although access control cards serve as an antidote to some of these issues, they fall short in addressing the more profound circumvention challenges [62].

Policy Compliance
A salient theme in our analysis pertains to the secure communication, or the evident lack thereof, between healthcare professionals and patients.A subset of the literature indicates that providers frequently resort to messaging platforms not compliant with HIPAA regulations for disseminating test results to patients and peers [112,120].Interestingly, patients expressed an inclination towards conventional e-mail over HIPAA-approved secure messaging, citing the latter's complexity as a deterrent.Instances abound where providers share diagnostic images with patients via WhatsApp, a widely used messaging platform owned by Meta.This behavior might emanate from misplaced trust in such platforms, which often publicize their end-to-end encryption capabilities.Further inquiry is imperative to comprehend the hurdles associated with leveraging acknowledged, HIPAA-compliant messaging systems, such as American Messaging, to facilitate secure dialogue among providers and between providers and patients.
Another theme emerging from our study revolves around the dilemmas of administering security updates and instigating automatic backups.A common grievance among providers is the untimely manifestation of these updates, often during patient interactions [112].Delving deeper to discern an updated schedule that is both swift and minimally intrusive to the providers' workflow is crucial.It is noteworthy that technologies such as encryption [133], blockchain [134], cloud computing [135], and access controls [136] frequently surface in scholarly discourse.While these technologies undeniably pave the path for prospective avenues and challenges in healthcare, there exists a palpable disconnect between their theoretical promise and current applicability.Their exaggerated representation in academic works risks eclipsing critical discussions on present-day security and privacy practices.The introduction of innovative technologies in the healthcare domain is inherently sluggish, largely attributed to stringent legal and compliance mandates.Nevertheless, while keeping an eye on emerging technologies, it is paramount to also spotlight promising technical solutions already at our disposal.For example, continuous authentication mechanisms leveraging biometrics or hardware tokens could empower healthcare personnel to secure computing devices based on the proximate presence of an authorized user [137].Insights derived from user studies indicate the potential advantages of such automated security features, echoing the efficacy of automated software updates.

Focus on Private and Allied Practices
Our analysis revealed that the majority of the surveyed literature predominantly centers around hospitals and substantial medical institutions [81].It is paramount to note that such environments, though substantial, offer only a limited glimpse into the comprehensive panorama of healthcare workspaces, especially since different organizations have different resource limitations when it comes to technological usage.The unique nature of hospitals is underscored by their abundant access to resources, ensuring robust measures to enforce, implement, and monitor privacy and security protocols.This financial muscle facilitates more substantial investments in security apparatuses, the fostering of a proactive organizational security culture, and dedicated technical assistance.Consequently, issues that arise in hospitals, and their corresponding remedies, should be cautiously extrapolated to broader medical contexts.
A recurrent theme in healthcare literature is the prioritization of patient well-being above all other objectives, relegating security and privacy concerns to secondary importance [79].Small-scale health enterprises, often operating under tight financial constraints, find it particularly challenging to allocate resources to these secondary objectives [54].Such entities are in dire need of guidance to optimize their expenditures and effectively implement privacy and security measures.In this light, the academic community holds a crucial responsibility to address the most salient challenges as a priority.An enlightening study by Dykstra et al. delves into the cybersecurity landscape of private practice audiology clinics.The study underscores expertise, time, and financial limitations as the principal barriers to enhancing cybersecurity standards [79].Although these challenges are prevalent across many sectors, they demand distinct attention and recognition within the healthcare domain.For instance, in the event of a technical issue at a clinic, a solo practitioner might bypass a sanctioned telehealth system in favor of an unauthorized personal device.Thus, there is a pressing need for further research to delve into and analyze these nuanced situations, with a focus on private practices and other healthcare institutions facing resource constraints.
Furthermore, the realm of allied healthcare, encompassing disciplines like audiology, optometry, occupational therapy, and physical therapy, often remains underrepresented in security and privacy research.This oversight is a significant gap for several reasons: Sensitive Patient Data: Like mainstream medicine, allied healthcare professionals collect and manage a vast array of sensitive patient information.This data ranges from detailed medical histories to diagnostic results and rehabilitation plans.Any breach in these systems could lead to significant patient harm, both medically and in terms of privacy violations.Interconnected Systems: The integrated nature of healthcare today means that many allied health professionals interface with broader medical systems.For instance, an optometrist might share data with an ophthalmologist or a general practitioner.This interconnectedness introduces multiple potential entry points for cyber threats, increasing the overall vulnerability of the healthcare network.Diverse Technology Integration: Many allied healthcare disciplines have embraced modern technologies for diagnostics, treatment planning, and patient management.Each piece of technology, from specialized diagnostic equipment to bespoke software platforms, introduces its own set of security challenges.Resource Constraints: Similar to private practices in mainstream medicine, many allied health clinics operate as small businesses with limited financial and technical resources.They might lack dedicated IT departments or robust cybersecurity measures, making them potentially more susceptible to breaches.Given these complexities, it is paramount for the research community to prioritize the examination of privacy and security measures within allied healthcare.An integrated approach, considering the unique challenges and strengths of these disciplines, will be crucial in creating a holistic and fortified healthcare data protection framework.

Studies in Rural Setting and Developing Nations
Rural settings and developing nations present a complex tapestry of healthcare challenges, deeply entwined with their socio-economic, technological, and infrastructural landscapes [102,107].The prevailing narrative in healthcare security and privacy research, however, seems to marginalize these locales, despite their distinctive vulnerabilities and challenges.It is crucial to highlight that these areas often grapple with not just financial constraints but also issues like limited technical expertise, inadequate training programs, outdated technology infrastructure, and sometimes even basic challenges such as intermittent power supplies or lack of reliable internet connectivity [121].These myriad factors further compound their vulnerabilities to security and privacy threats.
Our article and analysis underscore a conspicuous gap: the absence of detailed risk assessment and vulnerability analyses tailored to these contexts.Such granular analyses are instrumental in allowing these resource-strapped organizations to discern, evaluate, and strategically prioritize their security and privacy initiatives.One promising avenue for these regions could be to harness economic models tailored for resource optimization.The Gordon-Loeb model, for instance, provides a framework for determining the optimal amount to invest in information security [138].Leveraging such models, rural and developing settings can ensure that every dollar spent yields maximal security benefits.Furthermore, the formulation and enforcement of cybersecurity policies in these settings demand a delicate balance.While rigorous security protocols are essential, it is equally vital to ensure that these policies are implementable given the ground realities and do not inadvertently stifle essential medical services.Economic research that elucidates the tradeoffs involved, quantifies attacker motivations and strategizes ways to confound and thwart malevolent actors can be invaluable in this context.Additionally, collaborative efforts that involve international organizations, cybersecurity experts, and local stakeholders could pave the way for creating robust, context-aware security frameworks that respect local nuances while offering world-class protection.

Understanding the Patient's Perspective
Throughout the user studies we reviewed, there emerged a dominant theme centered on discerning patients' risk perceptions alongside the security behaviors exhibited by healthcare professionals [83,114,121].Surprisingly, there appeared to be a lack of in-depth investigations into the levels of privacy awareness among patients, as well as their adherence to, and understanding of, confidentiality measures.This is concerning since security and privacy frameworks ought to be tailored with a strong consideration of patients' preferences and perspectives regarding their data.
Patients stand at the forefront of the healthcare ecosystem and bear the immediate brunt of any security breaches.Their data, containing sensitive personal and medical information, is not just a trove of intimate knowledge but also represents their vulnerabilities.Hence, the sanctity of this data is of paramount importance.Research endeavors should not only identify but also bridge the apparent gaps in patients' understanding of the potential consequences of security breaches.Such breaches can have wide-ranging implications, from personal repercussions to broader societal impacts.Additionally, it is essential to delve deeper into patients' grasp of the intricacies of healthcare privacy and confidentiality standards.How informed are they about their rights, and how comfortable do they feel navigating the complex landscape of data protection?Furthermore, the critical aspect of any healthcare system is trust [139].In this context, gauging the quantum of trust patients repose in their healthcare institutions becomes critical [97].Do they believe in the institution's ability and intention to shield their data from malicious threats?Are they confident about the efficacy of the security protocols in place, and do they feel adequately informed about them?Exploring these avenues will provide insights that can guide the creation of more holistic and patient-centric security strategies [140].

Education and Training
Our analysis of user studies revealed a palpable need for more bespoke security and privacy awareness education catered to healthcare professionals and ancillary staff.The rigorous and specialized training that healthcare professionals undergo to improve their teamwork and patient care skills should be mirrored in their cybersecurity training.With the ever-growing landscape of security threats to patient privacy and data, the emphasis on continuous, scenario-based education is more pressing than ever.A particular area of concern that repeatedly emerged was the domain of data sharing and secure communications.These realms are often the battlegrounds where the skirmishes between ease-of-use and security play out.As such, security awareness curricula for healthcare must prioritize the elucidation of threats associated with data-in-transit.The aim should be twofold: to raise awareness about potential pitfalls and to foster habits that facilitate secure communication between healthcare professionals.
However, merely increasing awareness does not suffice.An essential aspect of training involves aligning healthcare professionals' risk perceptions with the actual risks intrinsic to the realm of patient data security and privacy [81].This alignment is critical, as there are potential pitfalls associated with both ends of the risk perception spectrum [121].On one end, hyperbolized, fear-driven training can lead to an inflated sense of risk, 11:20 • F. Tazi et al.
which may paradoxically deter professionals from adhering to recommended security protocols, or worse, lead to operational paralysis [141].On the other extreme, training content riddled with technical jargon, lacking in the medical context, or not tailored to the healthcare setting can alienate professionals, rendering the exercise futile [142,143].Recent academic discourse advocates for a shift towards a more immersive, simulation-driven approach to security awareness training, drawing parallels from real-world scenarios encountered in healthcare environments of varying scales.Such simulation-based modules can ensure that the training remains both contextually relevant and engaging, leading to better retention and application [144].Notably, our article underscored a glaring absence of such comprehensive, realistic training programs, pointing towards an area for future exploration and development.

LIMITATIONS AND FUTURE WORK
Healthcare is a broad and diverse sector with many niche journals and publications.Despite our best efforts, we may have missed essential contributions reported in publications for medical sub-specialties published in paid venues or otherwise excluded by our search criteria.Future work is needed to understand when, how, and why healthcare workers circumvent compliant workflows and tools.Prior work has been focused primarily on authentication-related circumvention and usability, and a broader examination is warranted.Furthermore, past research has drawn heavily from surveys so that in-site data would provide further grounding and accuracy.

CONCLUSION
The healthcare sector is increasingly digitized; however, with technological interventions, privacy risks and security concerns about data storage, access, and transfer have increased significantly for telehealth.The question remains about how the research community addresses these concerns from the technical and user perspectives.To understand this issue further, we conducted a detailed systematic literature review.We collected 5, 520 articles and analyzed 1, 553 peer-reviewed research articles published and available over seven digital spaces: ACMDL, Google Scholar, SSRN, ScienceDirect, IEEE Xplore, PubMed, and MEDLINE.These articles examined the privacy, security, and risk postures of patient data in healthcare organizations.We found that current research focuses primarily on data encryption and frameworks while understudying the user risk perspective of privacy and security.Along with the socio-technical component of healthcare privacy and security, it was concerning to note that < 9% of the articles conducted any user studies.Among those, the studies were influenced by survey designs rather than in-depth, longitudinal user-focused studies.Additionally, these studies focused on more extensive settings by severely ignoring the organizations with limited resources, such as the private healthcare sector.We conclude with actionable recommendations from the rich literature we studied that can enhance the privacy and security aspects of the healthcare sector and provide future directions to address these gaps.Qualitative: thematic analysis There needs to be a balance between the benefits of an MIC and the safeguards it implements to keep patients' data private [109] Analyse the outlook of the mental health service users on satisfactory data sharing practices

Fig. 1 .
Fig. 1.A snapshot of the data collection, screening, and analysis methodology and the number of articles screened in each stage of the literature review.
R is k P e r c e p t io n D a t a S h a r in g E H R R is k A w a r e n e s s T e c h n o lo g y A d o p t io n R e g u la t o r y C o m p li a n c e I n d iv id u a l D iff e r e n c e s S e c u r e C o m m u n ic a t io n s M o b il e A p p li c a t io n s S o c ia l in fl u e n c e P r iv a c y C o n t a c t t r a c in g Evaluation: = Label Detected; − = Label not Detected; † = not enough information.Population: =Hospital privacy and security managers; =Hospital or Physician's Office Employees; =General Public; =Nurses; = Doctors; = Patients; =Technical Experts; =Pharmacists; =Healthcare providers.

Table 1 .
Number of Articles Found in Each Database and the Search Terms and Parameters Utilized

Table 2 .
Inter-rater Reliability Per Category

Table 3 .
Percentage and Number of Studies in Settings with Various Population Densities and Details about the User Study Durations

Table 4 .
Percentage and Number of Study Participants for Different User Studies Qual Studies (n = 17) Quant Studies (n = 52) Mixed-Methods (n = 11)

Table 5 .
Key Information about the Card Sorting Articles Including the Number of Participants, Location of Study, Population, Type of Study, and Labels

Table 6 .
Overview of the Security-focused User Studies including Goal of Each Study, Methods and Principal Findings.The symbols in the "Labels" Column Refer to the Labels Derived during the Card Sorting Exercise: = Regulatory Compliance, ț= Secure Communication, = Data Sharing, = EHR, = Individual Differences, = Risk Awarness, ɟ= Tech Adoption, = Social Influence, = Risk Perception, = Mobile Healthcare, = Privacy, ɏ= Contact tracing

Table 6 .
ContinuedIn March 2020, 68% of participants declared that it was acceptable to grant the government access to citizens' medical records vs.only 35% participants in November of the same year Acceptance of privacy intrusive technologies diminished over time during the pandemic.