A Prudent Access Control Behavioral Intention Model for the Healthcare Domain

• Main Author: Mussa, Constance Cecilia
• Format: Others
• Published: NSUWorks 2011
• Subjects: access control; confidentiality; health belief model; information security; security threats; theory of planned behavior; Computer Sciences
• Online Access: http://nsuworks.nova.edu/gscis_etd/257; http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1256&context=gscis_etd

In recent years, many health care organizations have begun to take advantage of computerized information systems to facilitate more effective and efficient management and processing of information. However, commensurate with the vastly innovative enhancements that computer technology has contributed to traditional paper-based health care information systems, are security vulnerabilities that have potentially devastating effects on these systems. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of computerized patient care information management systems, the controls are sometimes circumvented or ignored. The purpose of this study was the development of an instrument that measures key determinants of healthcare professionals' prudent access control behavior. The study examined healthcare professionals' prudent access control behavior using a model that integrates the Theory of Planned Behavior (TPB) and the Health Belief Model (HBM). Two additional variables - information security awareness and perceived information security responsibility were incorporated into the model. Rather than focusing on a single behavior or a few specific behaviors, a category of behaviors was proposed. Results of the study indicate that the HBM and TPB constructs as well as the two additional constructs included in the model are indeed key determinants of healthcare professionals' intention to engage in prudent access control behavior that mitigate security threats. Additionally, results of the study provide support for the partial mediating effects of perceived benefits and perceived responsibility for information security on attitude, information security awareness, subjective norm, perceived behavioral control, and perceived severity. The study contributes to the IS knowledge domain by providing theoretically grounded explanations for a subset of prudent information security behaviors of healthcare professionals.