Risk Profile In Health Information Systems

The World Health Organisation defines health as a state of complete physi-cal, mental and social well-being, and not merely the absence of disease. In the current context, healthcare organisations rely on electronic information systems to manage their services, dealing with highly sensitive data that re-quires strict guarantees of confidentiality, privacy and access control, espe-cially when it comes to patients' clinical processes. Despite increasing computerisation and reduced use of paper, significant risks associated with the concentration of information remain. This is one of the main risk profiles in health information system security. Thus, it is not enough to implement efficient clinical management systems — it is essential to ensure their security, particularly with regard to their use by employees. This article analyses the impact of social inertia on health information sys-tems, focusing on the risks arising from human error. To this end, it presents three case studies from a hospital in northern Portugal, safeguarding the pri-vacy and confidentiality of those involved. A critical analysis of the cases is carried out, proposing solutions aimed at strengthening information security and protection, with particular attention to the human factor.