15. IS in Healthcare (SIGHealth)
Title
Security Practices and Regulatory Compliance in the Healthcare Industry
Abstract
This study examined the adoption of security practices, with the goal of identifying dominant configurations and their relationship to perceived compliance. We utilized survey data from 204 hospitals including adoption status of 17 security practices and perceived compliance levels on HITECH, HIPAA, Red Flags Rules, CMS, and State laws governing patient information security. Using cluster analysis and t-tests, we found that three clusters of security practices are significantly associated with different levels of perceived compliance. We demonstrated significant differences among non-technical practices rather than technical practices, and the highest levels of compliance are associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-time and cultural practices). Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.
Recommneded Citation
Juhee Kwon and M. Eric Johnson,
"Security Practices and Regulatory Compliance in the Healthcare Industry"
(July 29, 2012).
AMCIS 2012 Proceedings.
Paper 3.
aisel.aisnet.org/amcis2012/proceedings/ISHealthcare/3
Security Practices and Regulatory Compliance in the Healthcare Industry
This study examined the adoption of security practices, with the goal of identifying dominant configurations and their relationship to perceived compliance. We utilized survey data from 204 hospitals including adoption status of 17 security practices and perceived compliance levels on HITECH, HIPAA, Red Flags Rules, CMS, and State laws governing patient information security. Using cluster analysis and t-tests, we found that three clusters of security practices are significantly associated with different levels of perceived compliance. We demonstrated significant differences among non-technical practices rather than technical practices, and the highest levels of compliance are associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-time and cultural practices). Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.