Exploring user's compliance behavior towards Health Information System security policies based on extended Health Belief Model

Humaidi, Norshima; Balakrishnan, Vimala; Shahrom, Melissa

doi:10.1109/ic3e.2014.7081237

Cited by 11 publications

(11 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The third-greatest threat is user error in handling information (six studies). This threat can be triggered by the weakness of information security policy compliance [ 57 , 74 ], ignorance of the risk involved [ 11 ], poor security skills and security monitoring [ 1 ], low user education, and lack of awareness of information security [ 50 , 75 ].…”

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.

show abstract

Section: Resultsmentioning

confidence: 99%

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Some of the frameworks were developed to assess only perception variables [4,26,33,36,37,40]. Other frameworks adopted only social constructs [4,7,35,42,43] or cultural factors [33,48,49]. However, in a scenario where a study must be conducted with the aim of comprehensively understanding and addressing the information security challenges often faced by health care professionals, it is important to know which of the existing frameworks will be adequate.…”

Section: Problem Specification Scope and Contribution Of The Studymentioning

confidence: 99%

“…The reviewed frameworks [8,[14][15][16]31,38,41,44,45,[49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66] were not fully comprehensive. Meanwhile, security issues are affected by all these aspects and not just psychological, social, cultural, or sociodemographic aspects alone [38].…”

Section: Problem Specification Scope and Contribution Of The Studymentioning

confidence: 99%

“…Table 2 presents the theories identified in the literature review [4,7,11,14,49,53,59,62,65]. The theories that were most often used in analyzing the security practices of health care professionals included the health belief model (n=6), TPB (n=5), general deterrence theory (n=4), PMT (n=4), and technology acceptance theory (n=2), as shown in Table 2.…”

Section: Literature Review Findingsmentioning

confidence: 99%

“…Based on the overview of existing literature [8,[14][15][16]31,38,41,44,45,[49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66], we concluded that existing frameworks lack a comprehensive and holistic perspective. Furthermore, not all frameworks provide strong empirical support for the inclusion of variables from the perspective of both security related-behaviors and professionals' characteristics [14,45,49,52,55,[57][58][59]. Therefore, this paper represents a step toward creating a comprehensive and practically useful framework that can aid information security practitioners in fulfilling their work requirements by incorporating relevant concepts and research results that serve as a foundation of the framework.…”

Section: Principal Findingsmentioning

confidence: 99%

See 2 more Smart Citations

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

et al. 2021

View full text Add to dashboard Cite

Background Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. Objective The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. Methods The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. Results In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of planned behavior, and social control theory, in addition to some social demographic variables, to form a comprehensive set of health care professionals’ characteristics. Furthermore, an ontology was developed from these theories to systematically organize the concepts. The framework, called the psychosociocultural (PSC) framework, was then developed from the various combined psychological and sociocultural attributes of the ontology. The Human Aspect of Information Security Questionnaire was adopted as a comprehensive tool for gathering staff security practices as mediating variables in the framework. Conclusions Data breaches occur often in health care today. This frequency has been attributed to the lack of experience of health care professionals in information security, the lack of development of conscious care security practices, and the lack of motivation to incentivize health care professionals. The frequent data breaches in health care threaten the mutual trust between health care professionals and patients, which implicitly impacts the quality of the health care service. The modeling and analysis of health care professionals’ security practices can be conducted with the PSC framework by combining methods of statistical survey, observations, and interviews in relation to PSC variables, such as perceptions (perceived benefits, perceived threats, and perceived barriers) or psychological traits, social factors, cultural factors, and social demographics.

show abstract

A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research

Trang

Brendel

2019

Inf Syst Front

View full text Add to dashboard Cite

Exploring user's compliance behavior towards Health Information System security policies based on extended Health Belief Model

Cited by 11 publications

References 28 publications

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research

Contact Info

Product

Resources

About