Home Tuck Dartmouth Search Site Map Contact Us
Healthcare IT and Operations

Improved healthcare information systems are largely viewed as the single most important factor in improving US healthcare and reducing related costs. Yet IT spending in the healthcare sector trails that of many other industries, typically running 3-5% of revenue, far behind industries like financial services where closer to 10% is the norm.  And while security and privacy have been widely viewed as lacking, healthcare has been slow to invest in information risk reduction.  The Center for Digital Strategies has several on-going projects that expore IT usage in the healthcare sector, the underlying economics of the US healthcare business model, and the sercurity and privacy issues of protecting sensitive electronic medical records. 

The Center is part of a Dartmouth team that received a $3M NSF award to examine IT security in healthcare.

Eric Johnson

Learn about PHI in this healthcare webcast with Eric Johnson and Chris King of Palo Alto Networks.

Eric Johnson explains the risks of medical identity theft.

Eric Johnson

Eric Johnson testified before Congress about information leaks over file-sharing networks.Eric Johnson testified before Congress about information leaks over file-sharing networks.

Video: Eric Johnson on inadvertent disclosures over the internet.

Events and Publications:

Eric Johnson testified before Congress about information leaks over file-sharing networks.Cyber Security Forum, Oct 15, 2008 Dirksen Senate Office Building WEIS 2008, Workshop on the Economics of Information Security
June 25-27, 2008, Hanover, NH

Security through Information Risk Management
October 5, 2007, Hanover, NH

Embedding Information Security into the Organization, Security & Privacy Magazine, IEEE

Inadvertent Disclosure, presented at WEIS 2007

Information Leakage in the Extened Enterprise Data Hemorrhages and Medical Identity Theft
Supported in part by the National Science Foundation and the I3P
Confidential data hemorrhaging from health-care providers pose financial risks to firms and medical risks to patients. In this project, we are examining the consequences of data hemorrhages including privacy violations, medical fraud, financial identity theft, and medical identity theft. We also exploring the types and sources of data hemorrhages. Recent research findings presented at Financial Cryptography and Data Security. PDF (124KB) and CIST2009 [ more on data leakage ]

Information Security Field Study IT Investment and HIPAA
Supported in part by NIST through ISTS
How are healthcare organization investing to enures the privacy and security electronic medical records? Drawing from the literature on organizations and institutional theory, we are examining the relationship between IT investment, security, and measures of provider peformance. [ more ]

Information Security Field Study Mapping IT and Operating Risk
Supported in part by the Department of Homeland Security, through I3P
How volunerable are hospitals to IT disruptions and security failures? Through on-going field studies with healtcare partners, we are exploring the role of IT in continuity planning and the potential impact of security failures. [ more ]

Information Risk in Data-Oriented Enterprises Information Goveranace and Risk
Supported in part by NIST and the Department of Homeland Security, through ISTS
As part of the IRIDOE project, we are examining how information access in the healthcare setting leads to security and privacy risks. Using game-theoretic models and simulation we are developing new information governance models based on incentives and controls. [ more ]

Embedding Information Security Risk ManagementCyber Security Forum - Economics and Enterprise Risk
A Forum Sponsored by Senators Lieberman and Collins for Information Security Executives and Researchers. October 15, 2008
Dirksen Senate Office Building, Washington DC
In this day-long forum, CIOs and CISOs engaged in a moderated roundtable, panel discussions, and structured breakouts to address the pressing risks they see in their industry, economic motivations for security investments, and research and policy issues that the US government should address. [ more ]

Workshop on the Economics of Information Security
Eric Johnson on security challenges Fortune 500 companies face, e.g., protecting customer data and intellectual property - video
Institute for Security and Technology Studies (ISTS)
Institute for Information Infrastructure Protection (I3P)
Security and Privacy panel
"Department of Homeland Security funds center study" - press release
"Fortune 500 executives report they need better tools to measure the benefits of cyber security" - press release
Information Security and Privacy roundtable, with overview article
Research Fellow Scott Dynes on "What Drives Information Security Investment?" Institute for Security Technology Studies
"Security Summit" - Network World
"A broader context for information security" - Financial Times, 2005
"Safety of secrets in extended enterprises" - Financial Times, 2004