Causes and Impacts of personal health Information (PHI) Breaches: A scoping review and thematic analysis

Javad K. Pool, Saeed Akhlaghpour, Farhad Fatehi, Andrew Burton-Jones

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

1 Citation (Scopus)


In light of the recent high-profile data breach incidents, and newly updated mandatory data breach notification laws, considerable global attention is forming around the protection of Personal health information (PHI). PHI breaches, generally described as an impermissible use or disclosure of protected personal health information, are extremely consequential for healthcare organizations and their patients and customers. This paper reports on a scoping review and thematic analysis of the literature studying the causes and impacts of PHI breaches. We started our review by identifying over 900 relevant articles, and through a rigorous process, included 28 articles for a detailed synthesis. Our findings highlight a number of direct and indirect causes of PHI breaches and their behavioral and operational impacts. Based on these findings, gaps in the literature are identified and implications for future research are discussed.

Original languageEnglish
Title of host publicationProceedings of the Twenty-Third Pacific Asia Conference on Information Systems (PACIS 2019)
EditorsDongming Xu, James Jiang, Hee-Woong Kim
Place of PublicationAtlanta, GA
PublisherAssociation for Information Systems
Number of pages14
Publication statusPublished - 2019
Externally publishedYes
EventPacific Asia Conference on Information Systems 2019 - X'ian, China
Duration: 8 Jul 201912 Jul 2019
Conference number: 23rd (Proceedings)


ConferencePacific Asia Conference on Information Systems 2019
Abbreviated titlePACIS 2019
Internet address


  • Data breach
  • Digital health
  • Health information systems
  • Personal health information
  • Privacy
  • Security

Cite this