Skip to main content
Top
Published in: Journal of Medical Systems 6/2013

01-12-2013 | Original Paper

Fuzzy Assessment of Health Information System Users’ Security Awareness

Authors: Özlem Müge Aydın, Oumout Chouseinoglou

Published in: Journal of Medical Systems | Issue 6/2013

Login to get access

Abstract

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.
Appendix
Available only for authorised users
Footnotes
1
Ng et al. define computer security incidents as “a security-related adverse event in which there is a loss of information confidentiality, disruption of information or system integrity, disruption or denial of system availability, or violation of any computer security policies” [1]
 
Literature
1.
go back to reference Ng, B.-Y., Kankanhalli, A., and Xu, Y., Studying users' computer security behavior: a health belief perspective. Decis. Support. Syst. 46(4):815–825, 2009.CrossRef Ng, B.-Y., Kankanhalli, A., and Xu, Y., Studying users' computer security behavior: a health belief perspective. Decis. Support. Syst. 46(4):815–825, 2009.CrossRef
2.
go back to reference Kankanhalli, A., Teo, H.-H., Tan, B. C. Y., and Wei, K.-K., An integrative study of information systems security effectiveness. Int. J. Inf. Manag. 23(2):139–154, 2003.CrossRef Kankanhalli, A., Teo, H.-H., Tan, B. C. Y., and Wei, K.-K., An integrative study of information systems security effectiveness. Int. J. Inf. Manag. 23(2):139–154, 2003.CrossRef
3.
go back to reference Stanton, J. M., Mastrangelo, P. R., Stam, K. R., and Jolton, J., Behavioral information security: two end user survey studies of motivation and security practices. Proceedings of the Tenth Americas Conference on Information Systems, New York, 2004. Stanton, J. M., Mastrangelo, P. R., Stam, K. R., and Jolton, J., Behavioral information security: two end user survey studies of motivation and security practices. Proceedings of the Tenth Americas Conference on Information Systems, New York, 2004.
4.
go back to reference Aurigemma, S., and Panko, R., A composite framework for behavioral compliance with information security policies. System Science (HICSS) 45th Hawaii International Conference on System Sciences, Maui, 2012. Aurigemma, S., and Panko, R., A composite framework for behavioral compliance with information security policies. System Science (HICSS) 45th Hawaii International Conference on System Sciences, Maui, 2012.
5.
go back to reference Chan, M., Woon, I., and Kankanhalli, A., Perceptions of information security at the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security 1(3):18–41, 2005. Chan, M., Woon, I., and Kankanhalli, A., Perceptions of information security at the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security 1(3):18–41, 2005.
6.
go back to reference Pahnila, S., Siponen, M., and Mahmood, A., Employees’ behavior towards IS security policy compliance. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, 2007. Pahnila, S., Siponen, M., and Mahmood, A., Employeesbehavior towards IS security policy compliance. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, 2007.
7.
go back to reference D’Arcy, J., and Hovav, A., Countermeasures and information systems misuse behaviors. Journal of Information System Security 3(2):3–30, 2007. D’Arcy, J., and Hovav, A., Countermeasures and information systems misuse behaviors. Journal of Information System Security 3(2):3–30, 2007.
8.
go back to reference Hadasch, F., Mueller, B., and Maedche, A., Exploring antesedent environmental and organizational factors to user-caused information leaks: a qualitative study. ECIS 2012 Proceedings, 2012. Hadasch, F., Mueller, B., and Maedche, A., Exploring antesedent environmental and organizational factors to user-caused information leaks: a qualitative study. ECIS 2012 Proceedings, 2012.
9.
go back to reference Zhang, J., Reithel, B. J., and Li, H., Impact of perceived technical protection on security behaviors. Information Management & Computer Security 17(4):330–340, 2009.CrossRef Zhang, J., Reithel, B. J., and Li, H., Impact of perceived technical protection on security behaviors. Information Management & Computer Security 17(4):330–340, 2009.CrossRef
10.
go back to reference Bulgurcu, B., Cavusoglu, H., and Benbasat, I., Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3):523–548, 2010. Bulgurcu, B., Cavusoglu, H., and Benbasat, I., Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3):523–548, 2010.
11.
go back to reference LaRose, R., Rifon, N. J., and Enbody, R., Promoting personal responsibility for internet safety. Commun. ACM 51(3):71–76, 2008.CrossRef LaRose, R., Rifon, N. J., and Enbody, R., Promoting personal responsibility for internet safety. Commun. ACM 51(3):71–76, 2008.CrossRef
13.
go back to reference Katsikas, S. K., Health care management and information systems security: awareness, training or education? Int. J. Med. Inform. 60(2):129–135, 2000.MathSciNetCrossRef Katsikas, S. K., Health care management and information systems security: awareness, training or education? Int. J. Med. Inform. 60(2):129–135, 2000.MathSciNetCrossRef
14.
go back to reference Giuse, D. A., and Kuhn, K. A., Health information systems challenges: the Heidelberg conference and the future. International journal of medical informatics 69(2):105–114, 2003.CrossRef Giuse, D. A., and Kuhn, K. A., Health information systems challenges: the Heidelberg conference and the future. International journal of medical informatics 69(2):105–114, 2003.CrossRef
15.
go back to reference Ammenwerth, E., Gräber, S., Herrmann, G., Bürkle, T., and König, J., Evaluation of health information systems—problems and challenges. Int. J. Med. Inform. 71(2):125–135, 2003.CrossRef Ammenwerth, E., Gräber, S., Herrmann, G., Bürkle, T., and König, J., Evaluation of health information systems—problems and challenges. Int. J. Med. Inform. 71(2):125–135, 2003.CrossRef
16.
go back to reference Haux, R., Health information systems? past, present, future. Int. J. Med. Inform. 75(3–4):268–281, 2006.CrossRef Haux, R., Health information systems? past, present, future. Int. J. Med. Inform. 75(3–4):268–281, 2006.CrossRef
17.
go back to reference Appari, A., and Johnson, M. E., Information security and privacy in healthcare: current state of research. Int. J. Internet and Enterprise Management 6(4):279–314, 2010.CrossRef Appari, A., and Johnson, M. E., Information security and privacy in healthcare: current state of research. Int. J. Internet and Enterprise Management 6(4):279–314, 2010.CrossRef
18.
go back to reference Grandison, T., and Sloman, M., A survey of trust in internet applications. Communications Surveys & Tutorials 3(4):2–16, 2000.CrossRef Grandison, T., and Sloman, M., A survey of trust in internet applications. Communications Surveys & Tutorials 3(4):2–16, 2000.CrossRef
19.
go back to reference Blumenthal, D., Stimulating the adoption of health information technology. N. Engl. J. Med. 360(15):1477–1479, 2009.CrossRef Blumenthal, D., Stimulating the adoption of health information technology. N. Engl. J. Med. 360(15):1477–1479, 2009.CrossRef
20.
go back to reference Goldschmidt, P. G., HIT and MIS: implications of health information technology and medical information systems. Commun. ACM 48(10):68–74, 2005.CrossRef Goldschmidt, P. G., HIT and MIS: implications of health information technology and medical information systems. Commun. ACM 48(10):68–74, 2005.CrossRef
21.
go back to reference Janczewski, L., and Xinli Shi, F., Development of information security baselines for healthcare information systems in New Zealand. Computers & Security 21(2):172–192, 2002.CrossRef Janczewski, L., and Xinli Shi, F., Development of information security baselines for healthcare information systems in New Zealand. Computers & Security 21(2):172–192, 2002.CrossRef
22.
go back to reference Rindfleisch, T. C., Privacy, information technology, and health care. Commun. ACM 40(8):92–100, 1997.CrossRef Rindfleisch, T. C., Privacy, information technology, and health care. Commun. ACM 40(8):92–100, 1997.CrossRef
23.
go back to reference Smith, E., and Eloff, J., Cognitive fuzzy modeling for enhanced risk assessment in a health care institution. Intelligent Systems and their Applications, IEEE 15(2):69–75, 2000.CrossRef Smith, E., and Eloff, J., Cognitive fuzzy modeling for enhanced risk assessment in a health care institution. Intelligent Systems and their Applications, IEEE 15(2):69–75, 2000.CrossRef
24.
go back to reference Buckovich, S. A., Rippen, H. E., and Rozen, M. J., Driving toward guiding principles a goal for privacy, confidentiality, and security of health information. J. Am. Med. Inform. Assoc. 6(2):122–133, 1999.CrossRef Buckovich, S. A., Rippen, H. E., and Rozen, M. J., Driving toward guiding principles a goal for privacy, confidentiality, and security of health information. J. Am. Med. Inform. Assoc. 6(2):122–133, 1999.CrossRef
25.
go back to reference Zadeh, L. A., Fuzzy sets as a basis for a theory of possibility. Fuzzy sets and systems 100 Supplement, pp. 9–34, 1999. Zadeh, L. A., Fuzzy sets as a basis for a theory of possibility. Fuzzy sets and systems 100 Supplement, pp. 9–34, 1999.
26.
go back to reference Dhillon, G., and Torkzadeh, G., Value–focused assessment of information system security in organizations. Inf. Syst. J. 16(3):293–314, 2006.CrossRef Dhillon, G., and Torkzadeh, G., Value–focused assessment of information system security in organizations. Inf. Syst. J. 16(3):293–314, 2006.CrossRef
27.
go back to reference Carrasco, R. A., Muñoz-Leiva, F., Sánchez-Fernández, J., and Liébana-Cabanillas, F. J., A model for the integration of e-financial services questionnaires with SERVQUAL scales under fuzzy linguistic modeling. Expert Syst. Appl. 39:11535–11547, 2012.CrossRef Carrasco, R. A., Muñoz-Leiva, F., Sánchez-Fernández, J., and Liébana-Cabanillas, F. J., A model for the integration of e-financial services questionnaires with SERVQUAL scales under fuzzy linguistic modeling. Expert Syst. Appl. 39:11535–11547, 2012.CrossRef
28.
go back to reference Ngan, S.-C., Decision making with extended fuzzy linguistic computing, with applications to new product development and survey analysis. Expert Syst. Appl. 38:14052–14059, 2011. Ngan, S.-C., Decision making with extended fuzzy linguistic computing, with applications to new product development and survey analysis. Expert Syst. Appl. 38:14052–14059, 2011.
29.
go back to reference Belohlavek, R., Sigmund, E., and Zacpal, J., Evaluation of IPAQ questionnaires supported by formal concept analyis. Inf. Sci. 181:1774–1786, 2011.MathSciNetCrossRef Belohlavek, R., Sigmund, E., and Zacpal, J., Evaluation of IPAQ questionnaires supported by formal concept analyis. Inf. Sci. 181:1774–1786, 2011.MathSciNetCrossRef
30.
go back to reference Azar, A., and Darvishi, Z. A., Development and validation of a measure of justice perception in the frame of fairness theory—fuzzy approach. Expert Syst. Appl. 38:7364–7372, 2011.CrossRef Azar, A., and Darvishi, Z. A., Development and validation of a measure of justice perception in the frame of fairness theory—fuzzy approach. Expert Syst. Appl. 38:7364–7372, 2011.CrossRef
31.
go back to reference Hosmer, H. H., Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. Proceedings on the 1992-1993 workshop on New security paradigms, 1993. Hosmer, H. H., Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm. Proceedings on the 1992-1993 workshop on New security paradigms, 1993.
32.
go back to reference Phuong, N. H., and Kreinovich, V., Fuzzy logic and its applications in medicine. Int. J. Med. Inform. 62(2):165–173, 2001.CrossRef Phuong, N. H., and Kreinovich, V., Fuzzy logic and its applications in medicine. Int. J. Med. Inform. 62(2):165–173, 2001.CrossRef
33.
go back to reference Binaghi, E., Gallo, I., Ghiselli, C., Levrini, L., and Biondi, K., An integrated fuzzy logic and web-based framework for active protocol support. Int. J. Med. Inform. 77(4):256–271, 2008.CrossRef Binaghi, E., Gallo, I., Ghiselli, C., Levrini, L., and Biondi, K., An integrated fuzzy logic and web-based framework for active protocol support. Int. J. Med. Inform. 77(4):256–271, 2008.CrossRef
34.
go back to reference Başçiftçi, F., and İncekara, H., Design of web-based fuzzy input expert system for the analysis of serology laboratory tests. J. Med. Syst. 36(4):2187–2191, 2012.CrossRef Başçiftçi, F., and İncekara, H., Design of web-based fuzzy input expert system for the analysis of serology laboratory tests. J. Med. Syst. 36(4):2187–2191, 2012.CrossRef
35.
go back to reference Esposito, M., De Falco, I., and De Pietro, G., An evolutionary-fuzzy DSS for assessing health status in multiple sclerosis disease. Int. J. Med. Inform. 80(12):245–254, 2011.CrossRef Esposito, M., De Falco, I., and De Pietro, G., An evolutionary-fuzzy DSS for assessing health status in multiple sclerosis disease. Int. J. Med. Inform. 80(12):245–254, 2011.CrossRef
36.
go back to reference Lopes, M. H. B. D. M., Ortega, N. R. S., Silveira, P. S. P., Massad, E., Higa, R., and Marin, H. D. F., Fuzzy cognitive map in differential diagnosis of alterations in urinary elimination: a nursing approach. Int. J. Med. Inform. 80(12):201–208, 2013.CrossRef Lopes, M. H. B. D. M., Ortega, N. R. S., Silveira, P. S. P., Massad, E., Higa, R., and Marin, H. D. F., Fuzzy cognitive map in differential diagnosis of alterations in urinary elimination: a nursing approach. Int. J. Med. Inform. 80(12):201–208, 2013.CrossRef
37.
go back to reference Badawi, A. M., Derbala, A. S., and Youssef, A.-B., Fuzzy logic algorithm for quantitative tissue characterization of diffuse liver diseases from ultrasound images. Int. J. Med. Inform. 55(2):135–147, 1999.CrossRef Badawi, A. M., Derbala, A. S., and Youssef, A.-B., Fuzzy logic algorithm for quantitative tissue characterization of diffuse liver diseases from ultrasound images. Int. J. Med. Inform. 55(2):135–147, 1999.CrossRef
38.
go back to reference Singh, S., Kumar, A., Panneerselvam, K., and Vennila, J. J., Diagnosis of arthritis through fuzzy inference system. J. Med. Syst. 36(3):1459–1468, 2012.CrossRef Singh, S., Kumar, A., Panneerselvam, K., and Vennila, J. J., Diagnosis of arthritis through fuzzy inference system. J. Med. Syst. 36(3):1459–1468, 2012.CrossRef
39.
go back to reference Das, S., Chowdhury, S. R., and Saha, H., Accuracy enhancement in a fuzzy expert decision making system through appropriate determination of membership functions and its application in a medical diagnostic decision making system. J. Med. Syst. 36(3):1607–1620, 2012.CrossRef Das, S., Chowdhury, S. R., and Saha, H., Accuracy enhancement in a fuzzy expert decision making system through appropriate determination of membership functions and its application in a medical diagnostic decision making system. J. Med. Syst. 36(3):1607–1620, 2012.CrossRef
40.
go back to reference Ogutcu, G., and Aydin, O., Analysis of personal information security behavior and awareness in E-transformation process. Submitted manuscript. Ogutcu, G., and Aydin, O., Analysis of personal information security behavior and awareness in E-transformation process. Submitted manuscript.
41.
go back to reference Milne, G. R., Labrecque, L. I., and Cromer, C., Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3):449–473, 2009.CrossRef Milne, G. R., Labrecque, L. I., and Cromer, C., Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3):449–473, 2009.CrossRef
42.
go back to reference Bechara, A., Risky business: emotion, decision-making, and addiction. J. Gambl. Stud. 19(1):23–51, 2003.CrossRef Bechara, A., Risky business: emotion, decision-making, and addiction. J. Gambl. Stud. 19(1):23–51, 2003.CrossRef
43.
go back to reference Moore, S., and Gullone, E., Predicting adolescent risk behavior using a personalized cost-benefit analysis. Journal of Youth and Adolescence 25(3):343–359, 1996.CrossRef Moore, S., and Gullone, E., Predicting adolescent risk behavior using a personalized cost-benefit analysis. Journal of Youth and Adolescence 25(3):343–359, 1996.CrossRef
44.
go back to reference Birch, D. G., and McEvoy, N. A., Risk analysis for information systems. J. Inf. Technol. 7(1):44–53, 1992.CrossRef Birch, D. G., and McEvoy, N. A., Risk analysis for information systems. J. Inf. Technol. 7(1):44–53, 1992.CrossRef
45.
go back to reference Rainer, R. K. J., Snyder, C. A., and Carr, H. H., Risk analysis for information technology. Rainer, R. K. J., Snyder, C. A., and Carr, H. H., Risk analysis for information technology.
46.
go back to reference Horst, M., Kuttschreuter, M., and Gutteling, J. M., Perceived usefulness, personal experiences, risk perception and trust as determinants of adoption of e-government services in The Netherlands. Comput. Hum. Behav. 23(4):1838–1852, 2007.CrossRef Horst, M., Kuttschreuter, M., and Gutteling, J. M., Perceived usefulness, personal experiences, risk perception and trust as determinants of adoption of e-government services in The Netherlands. Comput. Hum. Behav. 23(4):1838–1852, 2007.CrossRef
47.
go back to reference Slovic, P., Finucane, M. L., Peters, E., and MacGregor, D. G., Risk as analysis and risk as feelings: some thoughts about affect, reason, risk, and rationality. Risk Anal. 24(2):311–322, 2004.CrossRef Slovic, P., Finucane, M. L., Peters, E., and MacGregor, D. G., Risk as analysis and risk as feelings: some thoughts about affect, reason, risk, and rationality. Risk Anal. 24(2):311–322, 2004.CrossRef
48.
go back to reference Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E., Formulating information systems risk management strategies through cultural theory. Information Management & Computer Security 14(3):198–217, 2006.CrossRef Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E., Formulating information systems risk management strategies through cultural theory. Information Management & Computer Security 14(3):198–217, 2006.CrossRef
49.
go back to reference Dubois, D., and Prade, H., Gradualness, uncertainty and bipolarity: making sense of fuzzy sets. Fuzzy Sets Syst. pp. 3–24, 2012 Dubois, D., and Prade, H., Gradualness, uncertainty and bipolarity: making sense of fuzzy sets. Fuzzy Sets Syst. pp. 3–24, 2012
50.
go back to reference Gong, D.-W., Yuan, J., and Sun, X.-Y., Interactive genetic algorithms with individual’s fuzzy fitness. Comput. Hum. Behav. 27(5):1482–1492, 2011.CrossRef Gong, D.-W., Yuan, J., and Sun, X.-Y., Interactive genetic algorithms with individual’s fuzzy fitness. Comput. Hum. Behav. 27(5):1482–1492, 2011.CrossRef
51.
go back to reference Chiou,H.-K., Tzeng, G.-H. and Cheng, D.-C., Evaluating sustainable fishing development strategies using fuzzy MCDM approach, Omega, pp. 223–234, 2005 Chiou,H.-K., Tzeng, G.-H. and Cheng, D.-C., Evaluating sustainable fishing development strategies using fuzzy MCDM approach, Omega, pp. 223–234, 2005
52.
go back to reference Deng, W.-J., and Pei, W., Fuzzy neural based importance-performance analysis for determining critical service attributes, Expert Systems With Applications, pp. 3774–3784, 2009 Deng, W.-J., and Pei, W., Fuzzy neural based importance-performance analysis for determining critical service attributes, Expert Systems With Applications, pp. 3774–3784, 2009
53.
go back to reference Ma, J., Ruan, D., Xu, Y., and Zhang, G., A fuzzy-set approach to treat determinacy and consistency of linguistic terms in multi-criteria decision making. International Journal of Approximate Reasoning, pp. 165–181, 2007 Ma, J., Ruan, D., Xu, Y., and Zhang, G., A fuzzy-set approach to treat determinacy and consistency of linguistic terms in multi-criteria decision making. International Journal of Approximate Reasoning, pp. 165–181, 2007
54.
go back to reference Klir, G. J., and Yuan, B., Fuzzy sets and systems. Prentice Hall PTR, New Jersey, 1995. Klir, G. J., and Yuan, B., Fuzzy sets and systems. Prentice Hall PTR, New Jersey, 1995.
55.
go back to reference Tsai, H.-H., and Lu, I.-Y., The evaluation of service quality using generalized Choquet integral. Inf. Sci. 176(6):640–663, 2006.CrossRefMATH Tsai, H.-H., and Lu, I.-Y., The evaluation of service quality using generalized Choquet integral. Inf. Sci. 176(6):640–663, 2006.CrossRefMATH
Metadata
Title
Fuzzy Assessment of Health Information System Users’ Security Awareness
Authors
Özlem Müge Aydın
Oumout Chouseinoglou
Publication date
01-12-2013
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 6/2013
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-013-9984-x

Other articles of this Issue 6/2013

Journal of Medical Systems 6/2013 Go to the issue