Cybersecurity as a unifying factor for privacy, compliance and trust: The Haga Hospital case

Abstract

Compliance and cybersecurity are crucial to many healthcare organizations. However, their implementation is often challenging, especially when privacy and trust are involved. An example is the case of the Haga Hospital in The Netherlands that was found in breach of the GDPR (General Data Protection Regulation) for inadequately protecting medical records. Failing to implement security controls prevented the organization from guaranteeing privacy protection and maintaining patient trust. Through the examination of this case and a brief comparison with a similar incident in Portugal, the paper investigated the context and the conditions associated with this breach and why they are closely related to privacy and trust. The results of this analysis suggest that cybersecurity can be considered a "unifying factor" between privacy and trust in the context of regulatory compliance. Thus, this study can be used by regulatory authorities and healthcare organizations to establish more focused cybersecurity measures and ensure a balance between compliance, security, and privacy.