SoK: Analyzing Privacy and Security of Healthcare Data from the User Perspective

Interactions in healthcare, by necessity, involve sharing sensitive information to achieve high-quality patient outcomes. Therefore, sensitive data must be carefully protected. This article explores existing privacy and security research conducted in the context of healthcare organizations. We conducted a systematic literature review of N = 1, 553 articles that examine the security and privacy of healthcare data and focus on 80 articles addressing human factors. Key findings show that much of the healthcare security and privacy research is focused on technology (44.11%, 712 articles), with a lack of emphasis on the human element (4.96%, 80 articles). In the subset of user studies, we find that patients and the general public express concerns about privacy and security with technologies like electronic health records (EHRs). Furthermore, our analysis shows that healthcare professionals often have low awareness of risks related to data security. Additionally, our analysis revealed that most research focuses narrowly on large hospitals, neglecting private practices and the unique challenges they face. We conclude by identifying research gaps and providing potential solutions to enable robust data security for sensitive patient data.