Stakeholder perceptions and standards for information security risks : A case study at a Dutch health care organization

With the increased use of electronic patient files in Health Care Organizations (HCOs), addressing the risks related to the storage and use of patient information has become increasingly important to avoid intentional or unintentional disclosure, damage to or abuse of patients’ personal health records. This has lead governments from various countries to introduce and impose information security standards for HCOs. The Dutch government introduced the NEN 7510 national information security standard; a standard derived from the international ISO 17799 norm. Preceding the implementation phase of NEN 7510 standard at a Dutch HCO, we conducted a field study to identify the information security risks as perceived by the main stakeholder groups in the HCO. We present the differences in the perceived information security risks and threats by end users, management and suppliers, and the degree to which these identified risks will be addressed by the implementation of the NEN 7510 standard.