Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Sari, Puspita Kencana; Handayani, Putu Wuri; Hidayanto, Achmad Nizar; Yazid, Setiadi; Aji, Rizal Fathoni

doi:10.3390/healthcare10122531

Cited by 7 publications

(3 citation statements)

References 78 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are numerous opportunities for data theft, so the need for a strong cybersecurity function in healthcare organizations is greater than ever [29]. The implementation of health information systems into the corporate system by healthcare providers has a positive value for managing health information but also has negative impacts, such as security and privacy risks, and therefore needs to be implemented as part of corporate security to ensure all levels of security [31].…”

Section: Current Security Threats In Healthcare Institutions In Sloveniamentioning

confidence: 99%

Ensuring Corporate Security and Its Strategic Communication in Healthcare Institutions in Slovenia

Kubale,

Lobnikar,

Gabrovec

et al. 2023

Healthcare

View full text Add to dashboard Cite

Ensuring corporate security is an essential and critical component of any healthcare facility to provide safe services to its patients and employees. Healthcare facilities must employ a variety of strategies to ensure corporate security. This includes developing a comprehensive communication plan that defines the roles and responsibilities of the various stakeholders. The objective of our study was to present the concept of corporate security in healthcare institutions and in the Slovenian healthcare system, to highlight current threats in healthcare institutions in Slovenia, to describe the importance of strategic communication of corporate security in healthcare, and finally to define the current state of corporate security in Slovenian healthcare institutions in Slovenia. A survey was conducted and distributed to healthcare institutions in Slovenia to obtain results. A total of 154 healthcare stakeholders participated in our study. The results showed that corporate security is present in Slovenian healthcare facilities, but additional efforts are needed to improve it, especially considering the current challenges related to the measures taken after the COVID-19 epidemic and the shortage of healthcare personnel. The legal processes of corporate security in healthcare facilities comply with applicable laws and regulations to protect the interests of their patients and employees. Operational security processes are currently provided primarily by internal providers. There is a need for improvement, particularly in the training and education of staff, who play the most important role in ensuring safety. To effectively establish comprehensive corporate security, strategic communication with all stakeholders is essential to ensure that their security policies and procedures are properly implemented.

show abstract

Section: Current Security Threats In Healthcare Institutions In Sloveniamentioning

confidence: 99%

Ensuring Corporate Security and Its Strategic Communication in Healthcare Institutions in Slovenia

Kubale,

Lobnikar,

Gabrovec

et al. 2023

Healthcare

View full text Add to dashboard Cite

show abstract

“…Another theoretical underpinning, such as Regulatory Focus Theory (RFT), can be used to compare preventive and promotion motivation to influence desirable security behavior. RFT has never been employed in studies of information security behavior in healthcare organizations (Sari et al, 2022). Previous studies utilizing this theory in contexts other than healthcare have found that promotion-focused and prevention-focused approaches can directly influence information security behavior preferences (Shih et al, 2021) or indirectly (Burns, 2021;Hwang & Cha, 2018).…”

Section: Conclusion Contribution and Future Workmentioning

confidence: 99%

“…Other researchers have looked at a variety of factors that influence compliance behavior with organizational security policies (Foth et al, 2012;Pathania & Rasool, 2019;Sher et al, 2017), information security regulations (Brady, 2011;Foth, 2016;Johnston & Warkentin, 2008), and information security standards (Alexandrou & Chen, 2019;Fernández-Alemán et al, 2015). According to the outcomes of a systematic literature review (Sari et al, 2022), previous studies in information security behavior in the healthcare context typically employ theoretical foundations such as Protection Motivation Theory (PMT) and General Deterrence Theory (GDT) in conjunction with other theories such as Theory of Planned Behavior (TPB), Theory of Acceptance Model (TAM), Social Cognitive Theory (SCT), Rational Choice Theory (RCT), and many others. However, these theories have been used to investigate healthcare staff 's security behavior in developed countries.…”

Section: Introductionmentioning

confidence: 99%

How Information Security Management Systems Influence the Healthcare Professionals’ Security Behavior in a Public Hospital in Indonesia

Kencana Sari,

Wuri Handayani,

Nizar Hidayanto

et al. 2023

IJIKM

View full text Add to dashboard Cite

Aim/Purpose: This study analyzes health professionals’ information security behavior (ISB) as health information system (HIS) users concerning associated information security controls and risks established in a public hospital. This work measures ISB using a complete measuring scale and explains the relevant influential factors from the perspectives of Protection Motivation Theory (PMT) and General Deterrence Theory (GDT) Background: Internal users are the primary source of security concerns in hospitals, with malware and social engineering becoming common attack vectors in the health industry. This study focuses on HIS user behavior in developing countries with limited information security policies and resources. Methodology: The research was carried out in three stages. First, a semi-structured interview was conducted with three hospital administrators in charge of HIS implementation to investigate information security controls and threats. Second, a survey of 144 HIS users to determine ISB based on hospital security risk. Third, a semi-structured interview was conducted with 11 HIS users to discuss the elements influencing behavior and current information security implementation. Contribution: This study contributes to ISB practices in hospitals. It discusses how HIS managers could build information security programs to enhance health professionals’ behavior by considering PMT and GDT elements. Findings: According to the findings of this study, the hospital has implemented particular information security management system (ISMS) controls based on international standards, but there is still room for improvement. Insiders are the most prevalent information security dangers discovered, with certain working practices requiring HIS users to disclose passwords with others. The top three most common ISBs HIS users practice include appropriately disposing of printouts, validating link sources, and using a password to unlock the device. Meanwhile, the top three least commonly seen ISBs include transferring sensitive information online, leaving a password in an unsupervised area, and revealing sensitive information via social media. Recommendations for Practitioners: Hospital managers should create work practices that align with information security requirements. HIS managers should provide incentives to improve workers’ perceptions of the benefit of robust information security measures. Recommendation for Researchers: This study suggests more research into the components that influence ISB utilizing diverse theoretical foundations such as Regulatory Focus Theory to compare preventive and promotion motivation to enhance ISB. Impact on Society: This study can potentially improve information security in the healthcare industry, which has substantial risks to human life but still lags behind other vital sector implementations. Future Research: Future research could look into the best content and format for an information security education and training program to promote the behaviors of healthcare professionals that need to be improved based on this ISB measurement and other influential factors.

show abstract

Expert Perspectives on Information Security Awareness Programs in Medical Care Institutions in Germany

Tolsdorf,

Lo Iacono

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Information Security Behavior in Health Information Systems: A Review of Research Trends and Antecedent Factors

Cited by 7 publications

References 78 publications

Ensuring Corporate Security and Its Strategic Communication in Healthcare Institutions in Slovenia

Ensuring Corporate Security and Its Strategic Communication in Healthcare Institutions in Slovenia

How Information Security Management Systems Influence the Healthcare Professionals’ Security Behavior in a Public Hospital in Indonesia

Expert Perspectives on Information Security Awareness Programs in Medical Care Institutions in Germany

Contact Info

Product

Resources

About