Patients’ perception of the information security management in health centers: the role of organizational and human factors

BackgroundResearchers paid little attention to understanding the association of organizational and human factors with patients’ perceived security in the context of health organizations. This study aims to address numerous gaps in this context. Patients’ perceptions about employees’ training on security issues, monitoring on security issues, ethics, physical & technical protection and trust in hospitals were identified as organizational and human factors.MethodsAfter the development of 12 hypotheses, a quantitative, cross-sectional, self-administered survey method was applied to collect data in 9 hospitals in Iran. After the collection of 382 usable questionnaires, the partial least square structural modeling was applied to examine the hypotheses and it was found that 11 hypotheses were empirically supported.ResultsThe results suggest that patients’ trust in hospitals can significantly predict their perceived security but no significant associations were found between patients’ physical protection mechanisms in the hospital and their perceived information security in a hospital. We also found that patients’ perceptions about the physical protection mechanism of a hospital can significantly predict their trust in hospitals which is a novel finding by this research.ConclusionsThe findings imply that hospitals should formulate policies to improve patients’ perception about such factors, which ultimately lead to their perceived security.

[1]  Pi-Jung Hsieh,et al.  Healthcare professionals' use of health clouds: Integrating technology acceptance and status quo bias perspectives , 2015, Int. J. Medical Informatics.

[2]  Glenn B. Voss,et al.  The Influence of Multiple Store Environment Cues on Perceived Merchandise Value and Patronage Intentions , 2002 .

[3]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[4]  T. RamayahJason Network collaboration and performance in the tourism sector , 2011 .

[5]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[6]  E. Ramsey,et al.  Trust considerations on attitudes towards online purchasing: The moderating effect of privacy and security concerns , 2010 .

[7]  Steven Furnell,et al.  Information security conscious care behaviour formation in organizations , 2015, Comput. Secur..

[8]  Izak Benbasat,et al.  Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources , 2015, Inf. Manag..

[9]  Alemayehu Molla,et al.  Senior managers' perception on green information systems (IS) adoption and environmental performance: Results from a field survey , 2013, Inf. Manag..

[10]  T. Ramayah,et al.  An Empirical Inquiry on Knowledge Sharing Among Academicians in Higher Learning Institutions , 2013 .

[11]  Mo Adam Mahmood,et al.  Employees' adherence to information security policies: An exploratory field study , 2014, Inf. Manag..

[12]  Insu Park,et al.  How does leadership affect information systems success? The role of transformational leadership , 2011, Inf. Manag..

[13]  Gurpreet Dhillon,et al.  Interpreting information security culture: An organizational transformation case study , 2016, Comput. Secur..

[14]  Rossouw von Solms,et al.  An information security knowledge sharing model in organizations , 2016, Comput. Hum. Behav..

[15]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[16]  Hsin Hsin Chang,et al.  Consumer perception of interface quality, security, and loyalty in electronic commerce , 2009, Inf. Manag..

[17]  Qing Hu,et al.  The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience Perspective , 2015, J. Manag. Inf. Syst..

[18]  H. Ahmad.,et al.  Determining Sample Size for Research Activities , 2017 .

[19]  W. Baine,et al.  The Agency for Healthcare Research and Quality , 2006, Italian Journal of Public Health.

[20]  Regina Connolly,et al.  E-COMMERCE TRUST BELIEFS: THE INFLUENCE OF NATIONAL CULTURE , 2007 .

[21]  Han Yi,et al.  Trust and e-commerce: a study of consumer perceptions , 2003, Electron. Commer. Res. Appl..

[22]  Nico Martins,et al.  Improving the information security culture through monitoring and implementation actions illustrated through a case study , 2015, Comput. Secur..

[23]  Marko Sarstedt,et al.  PLS-SEM: Indeed a Silver Bullet , 2011 .

[24]  Pi-Jung Hsieh,et al.  Physicians' acceptance of electronic medical records exchange: An extension of the decomposed TPB model with institutional trust and perceived risk , 2015, Int. J. Medical Informatics.

[25]  Tejaswini Herath,et al.  A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings , 2011, Eur. J. Inf. Syst..

[26]  Dan J. Kim,et al.  A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents , 2019 .

[27]  M.T.E. Kahn,et al.  Safety, security and safeguard , 2015 .

[28]  Gi Mun Kim,et al.  Understanding dynamics between initial trust and usage intentions of mobile banking , 2009, Inf. Syst. J..

[29]  Younghwa Lee,et al.  Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..

[30]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[31]  Wang Tao,et al.  An empirical study of customers' perceptions of security and trust in e-payment systems , 2010, Electron. Commer. Res. Appl..

[32]  Hamid Reza Peikari,et al.  Does Nationality Matter in the B2C Environment? Results from a Two Nation Study , 2010, ICGS3.

[33]  A Mohajjel Aghdam,et al.  NURSES’ PERFORMANCE ON IRANIAN NURSING CODE OF ETHICS FROM PATIENTS’ PERSPECTIVE , 2013 .

[34]  Ying Li,et al.  Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory , 2013, Comput. Secur..

[35]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[36]  Thompson S. H. Teo,et al.  Consumer trust in e-commerce in the United States, Singapore and China , 2007 .

[37]  Humayun Zafar Human resource information systems: Information security concerns for organizations , 2013 .

[38]  Joseph F. Hair,et al.  Partial least squares structural equation modeling (PLS-SEM): An emerging tool in business research , 2014 .

[39]  Snezana Sucurovic An Approach to Access Control in Electronic Health Record , 2009, Journal of Medical Systems.

[40]  José Luis Fernández Alemán,et al.  Analysis of health professional security behaviors in a real clinical setting: An empirical study , 2015, Int. J. Medical Informatics.

[41]  Yufei Yuan,et al.  The effects of multilevel sanctions on information security violations: A mediating model , 2012, Inf. Manag..

[42]  Shamsul Sahibuddin,et al.  Propose an educational plan for computer ethics and information security , 2011 .

[43]  Maryam Ahmadi,et al.  Security Requirements and Solutions in Electronic Health Records: Lessons Learned from a Comparative Study , 2010, Journal of Medical Systems.

[44]  Marko Sarstedt,et al.  An assessment of the use of partial least squares structural equation modeling in marketing research , 2012 .

[45]  Eike-Henner W. Kluge,et al.  Secure e-Health: Managing risks to patient health data , 2007, Int. J. Medical Informatics.

[46]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[47]  P. Pavlou,et al.  Perceived Information Security, Financial Liability and Consumer Trust in Electronic Commerce Transactions , 2002 .

[48]  Leili Mosalanejad,et al.  Evaluation of staff adherence to professionalism in Jahrom University of Medical Sciences , 2013 .

[49]  Hamid Reza Peikari,et al.  The determinants of individuals' perceived e-security: Evidence from Malaysia , 2014, Int. J. Inf. Manag..

[50]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[51]  Farrukh Aslam Khan,et al.  A Cloud-based Healthcare Framework for Security and Patients' Data Privacy Using Wireless Body Area Networks , 2014, FNC/MobiSPC.

[52]  Wynne W. Chin The partial least squares approach for structural equation modeling. , 1998 .

[53]  D. Gefen,et al.  Consumer trust in B2C e-Commerce and the importance of social presence: experiments in e-Products and e-Services , 2004 .

[54]  D. Pottas,et al.  Centeris 2014 -conference on Enterprise Information Systems / Projman 2014 -international Conference on Project Management / Hcist 2014 -international Conference on Health and Social Care Information Systems and Technologies a Model for Information Security Compliant Behaviour in the Healthcare Cont , 2022 .

[55]  Özlem Müge Testik,et al.  Analysis of personal information security behavior and awareness , 2016, Comput. Secur..

[56]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[57]  Maria Lluch,et al.  Healthcare professionals' organisational barriers to health information technologies - A literature review , 2011, Int. J. Medical Informatics.

[58]  Norman L. Chervany,et al.  What Trust Means in E-Commerce Customer Relationships: An Interdisciplinary Conceptual Typology , 2001, Int. J. Electron. Commer..

[59]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[60]  Devon S. Johnson Achieving customer value from electronic channels through identity commitment, calculative commitment, and trust in technology , 2007 .

[61]  France Bélanger,et al.  Trust and Risk in eGovernment Adoption , 2008, AMCIS.

[62]  Rudolf R. Sinkovics,et al.  The Use of Partial Least Squares Path Modeling in International Marketing , 2009 .

[63]  Hsin Hsin Chang,et al.  The impact of online store environment cues on purchase intention: Trust and perceived risk as a mediator , 2008, Online Inf. Rev..

[64]  Stuart J. Barnes,et al.  Initial trust and online buyer behaviour , 2007, Ind. Manag. Data Syst..

[65]  Juan José García,et al.  The importance of perceived trust, security and privacy in online trading systems , 2009, Inf. Manag. Comput. Secur..

[66]  William David Salisbury,et al.  Perceived security and World Wide Web purchase intention , 2001, Ind. Manag. Data Syst..

[67]  Mathias Ekstedt,et al.  Shaping intention to resist social engineering through transformational leadership, information security culture and awareness , 2016, Comput. Secur..

[68]  Sun K. Yoo,et al.  Web-based secure access from multiple patient repositories , 2008, Int. J. Medical Informatics.

[69]  Guohua Wu,et al.  The effects of Web assurance seals on consumers' initial trust in an online vendor: A functional perspective , 2010, Decis. Support Syst..

[70]  Princely Ifinedo,et al.  Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition , 2014, Inf. Manag..

[71]  P. Lachenbruch Statistical Power Analysis for the Behavioral Sciences (2nd ed.) , 1989 .

[72]  Michel Tenenhaus,et al.  PLS path modeling , 2005, Comput. Stat. Data Anal..

[73]  Reihaneh Safavi-Naini,et al.  Using digital rights management for securing data in a medical research environment , 2010, DRM '10.

[74]  Michael Workman,et al.  Punishment and ethics deterrents: A study of insider security contravention , 2007, J. Assoc. Inf. Sci. Technol..

[75]  R. Gurrea,et al.  The role played by perceived usability, satisfaction and consumer trust on website loyalty , 2006, Inf. Manag..

[76]  Simon de Lusignan,et al.  The roles of policy and professionalism in the protection of processed clinical data: A literature review , 2007, Int. J. Medical Informatics.

[77]  Wu Zhijun,et al.  Access control scheme with attribute revocation for SWIM , 2017 .

[78]  A. B. Ruighaver,et al.  Ethical decision making: Improving the quality of acceptable use policies , 2010, Comput. Secur..

[79]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[80]  Darren P Mundy,et al.  Customer privacy on UK healthcare websites , 2006, Medical informatics and the Internet in medicine.

[81]  Steven Furnell,et al.  Information security policy compliance model in organizations , 2016, Comput. Secur..

[82]  Ganesh Vaidyanathan IMPACT OF SECURITY COUNTERMEASURES IN ORGANIZATIONAL INFORMATION CONVERGENCE: A THEORETICAL MODEL , 2012 .

[83]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[84]  Clyde W. Holsapple,et al.  Measuring perceived security in B2C electronic commerce website usage: A respecification and validation , 2014, Decis. Support Syst..

[85]  Shuiwang Ji,et al.  Partial Least Squares , 2016 .

[86]  H. Raghav Rao,et al.  A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents , 2008, Decis. Support Syst..

[87]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..