A systematic analysis of failures in protecting personal health data: A scoping review

Personal health data breaches pose significant challenges to healthcare providers and clients. This study systematically analyzes 5470 records and reviews 120 articles on this theoretically and practically important topic. It summarizes the existing literature and develops an integrative model with eleven propositions explaining the multifaceted nature of health data breaches, their facilitators, and their impacts. We report on the gaps in the current literature and discuss six promising avenues of future research, including specific suggestions for multi-level analysis, use of novel methods, contributions to information systems theory, stakeholder analysis, under-explored themes, and boundary-breaching opportunities. Beyond these findings, our study offers implications for key stakeholders in healthcare settings. This study equips practitioners and researchers with a valuable model for evidence-based data breach risk management and offers guidance for future investigations, enhancing our collective understanding of personal health data breaches within healthcare. • Personal health data breaches pose risks, harm individuals, and attract hackers. • Healthcare organizations face vulnerability from multiple actors and inadequate IT security. • Global focus on data privacy is driven by new regulations and high-profile incidents. • Existing literature lacks a comprehensive view and needs context-specific investigations. • Our review contributes insights into risk management, security, and privacy measures.