Date of Conferral



Doctor of Information Technology (D.I.T.)


Information Systems and Technology


Jon McKeeby


Health care leaders lack the strategies to implement cloud security for electronic medical records to prevent a breach of patient data. The purpose of this qualitative case study was to explore strategies senior information technology leaders in the healthcare industry use to implement cloud security to minimize electronic health record cyberattacks. The theory supporting this study was routine activities theory. Routine activities theory is a theory of criminal events that can be applied to technology. The study's population consisted of senior information technology leaders from a medical facility in a large northeastern city. Data collection included semistructured interviews, phone interviews, and analysis of organizational documents. The use of member checking and methodological triangulation increased the validity of this study's findings among all participants. There were 5 major themes that emerged from the study (a) requirement of coordination with the electronic health record vendor and the private cloud vendor, (b) protection of the organization, (c) requirements based on government and organizational regulations, (d) access management, (e) a focus on continuous improvement. The results of this study may create awareness of the necessity to secure electronic health records in the cloud to minimize cyberattacks. Cloud security is essential because of its social impact on the ability to protect confidential data and information. The results of this study will further serve as a foundation for positive social change by increasing awareness in support of the implementation of electronic health record cloud security.