Security Failure in Electronic Health Record Systems: The Influence of Meaningful-use and IT Security Investment

This research draws upon the institutional theory and strategic IT adoption of organizations to examine the influence of meaningful-use of EHR systems and IT security investments on the likelihood of data breaches in hospitals. We expect that the intensity of such a relationship depends on hospitals symbolic or substantive adoption approaches. Mainly, we believe that organizations with symbolic adoption approach face a higher risk of security failures. Hospitals with (i) more complementary IT applications such as financial systems, scheduling systems, and HR systems, (ii) not-for-profit, and (iii) teaching and faithoriented hospitals are less likely to classify as symbolic adopters. For that purpose, this paper takes advantage of unique data sets which provides detailed information on EHR system adoption by hospitals as well as the majority of data breaches. Further, we identify changes in the likelihood of breach performance consequent to meaningful-use and IT investment by employing Fixed-effect panel analysis and propensity score matching approach.

[1]  Juhee Kwon,et al.  Meaningful Healthcare Security: Does Meaningful-Use Attestation Improve Information Security Performance? , 2014, MIS Q..

[2]  A. Jha,et al.  Meaningful use of electronic health records: the road ahead. , 2010, JAMA.

[3]  Latanya Sweeney,et al.  Putting health IT on the path to success. , 2013, JAMA.

[4]  D. Rubin,et al.  The central role of the propensity score in observational studies for causal effects , 1983 .

[5]  Sharon Swee-Lin Tan,et al.  Electronic Health Records: How Can IS Researchers Contribute to Transforming Healthcare? , 2016, MIS Q..

[6]  D. Blumenthal,et al.  The "meaningful use" regulation for electronic health records. , 2010, The New England journal of medicine.

[7]  R. Zmud,et al.  Information technology implementation research: a technological diffusion approach , 1990 .

[8]  Sowmya R. Rao,et al.  Use of electronic health records in U.S. hospitals. , 2009, The New England journal of medicine.

[9]  B. Lewis,et al.  Strategic Silence: Withholding Certification Status as a Hypocrisy Avoidance Tactic , 2018 .

[10]  W. Powell,et al.  The iron cage revisited institutional isomorphism and collective rationality in organizational fields , 1983 .

[11]  Ken Kelley,et al.  When Do IT Security Investments Matter? Accounting for the Influence of Institutional Factors in the Context of Healthcare Data Breaches , 2017, MIS Q..

[12]  Ritu Agarwal,et al.  The antecedents and consequents of user perceptions in information technology adoption , 1998, Decis. Support Syst..

[13]  D. Paxson,et al.  1 Uncertainty and Competition in the Adoption of Complementary Technologies , 2009 .

[14]  J. Pfeffer,et al.  The External Control of Organizations. , 1978 .

[15]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[16]  Robert W. Zmud,et al.  The Influence of IT Management Practice on IT Use in Large Organizations , 1994, MIS Q..

[17]  Eric W. Ford,et al.  Payer Mix and EHR Adoption in Hospitals , 2012, Journal of healthcare management / American College of Healthcare Executives.

[18]  W. Scott The Adolescence of Institutional Theory. , 1987 .