Top

BMC Medical Informatics and Decision Making

Published in:

Open Access 01-12-2018 | Research article

Patients’ perception of the information security management in health centers: the role of organizational and human factors

Authors: Hamid Reza Peikari, Ramayah T., Mahmood Hussain Shah, May Chiun Lo

Published in: BMC Medical Informatics and Decision Making | Issue 1/2018

Abstract

Background

Researchers paid little attention to understanding the association of organizational and human factors with patients’ perceived security in the context of health organizations. This study aims to address numerous gaps in this context. Patients’ perceptions about employees’ training on security issues, monitoring on security issues, ethics, physical & technical protection and trust in hospitals were identified as organizational and human factors.

Methods

After the development of 12 hypotheses, a quantitative, cross-sectional, self-administered survey method was applied to collect data in 9 hospitals in Iran. After the collection of 382 usable questionnaires, the partial least square structural modeling was applied to examine the hypotheses and it was found that 11 hypotheses were empirically supported.

Results

The results suggest that patients’ trust in hospitals can significantly predict their perceived security but no significant associations were found between patients’ physical protection mechanisms in the hospital and their perceived information security in a hospital. We also found that patients’ perceptions about the physical protection mechanism of a hospital can significantly predict their trust in hospitals which is a novel finding by this research.

Conclusions

The findings imply that hospitals should formulate policies to improve patients’ perception about such factors, which ultimately lead to their perceived security.

Available only for authorised users

Fernández-Alemán JL, Sánchez-Henarejos A, Toval A, Sánchez-García AB, Hernández-Hernández I, Fernandez-Luque L. Analysis of health professional security behaviors in a real clinical setting: an empirical study. Int J Med Inform. 2015;84(6):454–67.PubMedCrossRef

Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: a systematic literature review. J Biomed Inform. 2013;46(3):541–62.PubMedCrossRef

Chellappa RK, Pavlou PA. Perceived information security, financial liability and consumer trust in electronic commerce transactions. Logist Inf Manag. 2002;15(5/6):358–68.CrossRef

Hartono E, Holsapple CW, Kim KY, Na KS, Simpson JT. Measuring perceived security in B2C electronic commerce website usage: a respecification and validation. Decis Support Syst. 2014;62:11–21.CrossRef

Kim C, Tao W, Shin N, Kim KS. An empirical study of customers’ perceptions of security and trust in e-payment systems. Electron Commer Res Appl. 2010;9(1):84–95.CrossRef

Peikari HR. Does nationality matter in the B2C environment? Results from a two nation study. In: Tenreiro de Magalhães S, Jahankhani H, Hessami AG, editors. Global security, safety, and sustainability. ICGS3 2010. Communications in computer and information science. Berlin, Heidelberg: Springer; 2010. p. 149–59.

Salisbury WD, Pearson RA, Pearson AW, Miller DW. Perceived security and world wide web purchase intention. Ind Manag Data Syst. 2001;101(4):165–77.CrossRef

Shah MH, Peikari HR, Yasin NM. The determinants of individuals’ perceived e-security: evidence from Malaysia. Int J Inf Manag. 2014;34(1):48–57.CrossRef

Appari A, Johnson ME. Information security and privacy in healthcare: current state of research. Int J Internet Enterprise Manage. 2010;6(4):279–314.CrossRef

10.

Box D, Pottas D. A model for information security compliant behaviour in the healthcare context. Procedia Technol. 2014;16:1462–70.CrossRef

11.

D'Arcy J, Hovav A, Galletta D. User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf Syst Res. 2009;20(1):79–98.CrossRef

12.

D'Arcy J, Herath T. A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings. Eur J Inf Syst. 2011;20(6):643–58.CrossRef

13.

Mohjel Eghdam A, Khameneh S, Hasankhni H, Moghadam S, Zamanzadeh V. Nurses’ performance on Iranian nursing code of ethics from Patients' perspective. Iran J Nurs. 2013;26(84):1–11 (In Persian).

14.

Colwill C. Human factors in information security: the insider threat–who can you trust these days? Inf Secur Tech Rep. 2009;14(4):186–96.CrossRef

15.

Farzandipour M, Sadoughi F, Ahmadi M, Karimi I. Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst. 2010;34(4):629–42.PubMedCrossRef

16.

Veiga AD, Martins N. Improving the information security culture through monitoring and implementation actions illustrated through a case study. Comput Secur. 2015;49:162–76.CrossRef

17.

Zafar H. Human resource information systems: information security concerns for organizations. Hum Resour Manag Rev. 2013;23(1):105–13.CrossRef

18.

Ruighaver AB, Maynard SB, Warren M. Ethical decision making: improving the quality of acceptable use policies. Comput Secur. 2010;29(7):731–6.CrossRef

19.

Vellani K. Strategic security management: a risk assessment guide for decision makers. Oxford: Butterworth-Heinemann; 2006.

20.

Zakariya NI, Kahn MTE. Safety, security and safeguard. Ann Nucl Energy. 2015;75:292–302.CrossRef

21.

Kluge EHW. Secure e-health: managing risks to patient health data. Int J Med Inform. 2007;76(5):402–6.PubMedCrossRef

22.

Lusignan SD, Chan T, Theadom A, Dhoul N. The roles of policy and professionalism in the protection of processed clinical data: a literature review. Int J Med Inform. 2007;76(4):261–8.PubMedCrossRef

23.

Taherdoost H, Sahibuddin S, Namayandeh M, Jalaliyoon N. Propose an educational plan for computer ethics and information security. Procedia Soc Behav Sci. 2011;28:815–9.CrossRef

24.

Rockville MD. Quality and Patient Safety. Agency for Healthcare Research and Quality. Available from: http://www.ahrq.gov/professionals/quality-patient-safety/index.html. [Last Visit: 2015 Jun 30].

25.

Hsieh PJ. Healthcare professionals’ use of health clouds: integrating technology acceptance and status quo bias perspectives. Int J Med Inform. 2015b;84(7):512–23.PubMedCrossRef

26.

Peikari HR, Yasina NM, Shah MH. Determinants of online trust: a system oriented view. Am J Sci Res. 2013;87:25–45.

27.

Hu X, Wu G, Wu Y, Zhang H. The effects of web assurance seals on consumers’ initial trust in an online vendor: a functional perspective. Decis Support Syst. 2010;48:407–18.CrossRef

28.

Baker J, Parasuraman A, Grewal D, Voss GB. The influence of multiple store environment cues on perceived merchandise value and patronage intentions. J Mark. 2002;66(2):120–41.CrossRef

29.

Chang HH, Chen SW. The impact of online store environment cues on purchase intention: trust and perceived risk as a mediator. Online Inf Rev. 2008;32(6):818–41.CrossRef

30.

Chang HH, Chen SW. Consumer perception of interface quality, security, and loyalty in electronic commerce. Inf Manag. 2009;46(7):411–7.CrossRef

31.

Connolly R, Bannister B. E-commerce trust beliefs: the influence of national culture. Proceedings of European and Mediterranean Conference on Information Systems (EMCIS 2007). 2007. doi:10.1.1.98.3780..

32.

Gefen D, Straub DW. Consumer trust in B2C e-commerce and the importance of social presence: experiments in e-products and e-services. Omega. 2004;32(6):407–24.CrossRef

33.

Flavián C, Guinalíu M, Gurrea R. The role played by perceived usability, satisfaction and consumer trust on website loyalty. Inf Manag. 2006;43(1):1–14.CrossRef

34.

Johnson DS. Achieving customer value from electronic channels through identity commitment, calculative commitment, and trust in technology. J Interact Mark. 2007;21(4):2–22.CrossRef

35.

McCole P, Ramsey E, Williams J. Trust considerations on attitudes towards online purchasing: the moderating effect of privacy and security concerns. J Bus Res. 2010;63(9):1018–24.CrossRef

36.

Roca CJ, García JJ, Vega JJDL. The importance of perceived trust, security and privacy in online trading systems. Inf Manage Comput Secur. 2009;17(2):96–113.CrossRef

37.

McKnight DH, Chervany NL. What trust means in e-commerce customer relationships: an interdisciplinary conceptual typology. Int J Electron Commer. 2001;6(2):35–59.CrossRef

38.

Corbitt BJ, Thanasankit T, Yi H. Trust and e-commerce: a study of consumer perceptions. Electron Commer Res Appl. 2003;2(3):203–15.CrossRef

39.

Workman M, Gathegi J. Punishment and ethics deterrents: a study of insider security contravention. J Am Soc Inf Sci Technol. 2007;58(2):212–22.CrossRef

40.

Kim G, Shin B, Lee HG. Understanding dynamics between initial trust and usage intentions of mobile banking. Inf Syst J. 2009;19(3):283–311.CrossRef

41.

Bélanger F, Carter L. Trust and risk in e-government adoption. J Strateg Inf Syst. 2008;17(2):165–76.CrossRef

42.

Hsieh PJ. Physicians’ acceptance of electronic medical records exchange: an extension of the decomposed TPB model with institutional trust and perceived risk. Int J Med Inform. 2015a;84(1):1–14.PubMedCrossRef

43.

Kim DJ, Ferrin DL. Rao HR. a trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents. Decis Support Syst. 2008;44(2):544–64.CrossRef

44.

Teo TS, Liu J. Consumer trust in e-commerce in the United States. Singapore and China Omega. 2007;35(1):22–38.

45.

Chen YH, Barnes S. Initial trust and online buyer behaviour. Ind Manag Data Syst. 2007;107(1):21–36.CrossRef

46.

Krejcie RV, Morgan DW. Determining sample size for research activities. Educ Psychol Meas. 1970;30(3):607–10.CrossRef

47.

Ringle CM, Wende S, Becker JM. SmartPLS 3. Hamburg: SmartPLS; 2015. http://www.smartpls.com

48.

Anderson JC, Gerbing DW. Structural equation modeling in practice: a review and recommended two-step approach. Psychol Bull. 1988;103(3):411–23.CrossRef

49.

Hair JF, Ringle CM, Sarstedt M. PLS-SEM: indeed a silver bullet. J Mark Theory Pract. 2011;19(2):139–51.CrossRef

50.

Hair JF, Sarstedt M, Ringle CM, Mena JA. An assessment of the use of partial least squares structural equation modeling in marketing research. J Acad Mark Sci. 2012;40(3):414–33.CrossRef

51.

Ramayah T, Lee JWC, In JBC. Network collaboration and performance in the tourism sector. Serv Bus. 2011;5(4):411–28.CrossRef

52.

Ramayah T, Yeap JA, Ignatius J. An empirical inquiry on knowledge sharing among academicians in higher learning institutions. Minerva. 2013;51(2):131–54.CrossRef

53.

Gholami R, Sulaiman AB, Ramayah T, Molla A. Senior managers’ perception on green information systems (IS) adoption and environmental performance: results from a field survey. Inf Manag. 2013;50(7):431–8.CrossRef

54.

Fornell C, Larcker DF. Evaluating structural equation models with unobservable variables and measurement error. J Mark Res. 1981;18(1):39–50.CrossRef

55.

Hair JF, Sarstedt M, Hopkins L, Kuppelwieser VG. Partial least squares structural equation modeling (PLS-SEM): an emerging tool in business research. Eur Bus Rev. 2014;26(2):106–21.CrossRef

56.

Cohen J. Statistical power analysis for the behavioral science. Mahwah, New Jersey: Lawrence Erlbaum; 1988.

57.

Chin WW. The partial least squares approach for structural equation modeling. In: Marcoulides GA, editor. Modern methods for business research. Mahwah, NJ: Lawrence Erlbaum Associates; 1998. p. 295–358.

58.

Henseler J, Ringle CM, Sinkovics RR. The use of partial least squares path modeling in international marketing. Adv Int Mark. 2009;20:277–319.

59.

Tenenhaus M, Vinzi VE, Chatelin YM, Lauro C. PLS path modeling. Comput Stat Data Anal. 2005;48(1):159–205.CrossRef

60.

Fornell C, Cha J. Partial least squares. In: Bagozzi RP, editor. Advanced methods of marketing research. Cambridge, MA: Blackwell Business; 1994. p. 52–78.

61.

Choe J, Yoo SK. Web-based secure access from multiple patient repositories. Int J Med Inform. 2008;77(4):242–8.PubMedCrossRef

62.

Jafari M, Safavi-Naini R, Saunders C, Sheppard NP. Using digital rights management for securing data in a medical research environment. Proceedings of the Tenth Annual ACM Workshop on Digital Rights Management. 2010. https://doi.org/10.1145/1866870.1866883.

63.

Zhijun W, Zhihan C, Caiyun W, Jin L. Access control scheme with attribute revocation for SWIM. J China Univ Posts Telecommunications. 2017;24:49–54.CrossRef

64.

Khan FA, Ali A, Abbas H. Haldar NAH. A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Procedia Comput Sci. 2014;34:511–7.CrossRef

65.

Mundy DP. Customer privacy on UK healthcare websites. Med Inform Internet Med. 2006;31(3):175–93.PubMedCrossRef

66.

Sucurovic S. An approach to access control in electronic health record. J Med Syst. 2010;34(4):659–66.PubMedCrossRef

67.

Cho J, Park I, Michel JW. How does leadership affect information systems success? The role of transformational leadership. Inf Manag. 2011;48(7):270–7.CrossRef

68.

Dhillon G, Syed R, Pedron C. Interpreting information security culture: an organizational transformation case study. Comput Secur. 2016;56:63–9.CrossRef

69.

Herath T, Rao HR. Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis Support Syst. 2009;47(2):154–65.CrossRef

70.

Ifinedo P. Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf Manag. 2014;51(1):69–79.CrossRef

71.

Vaidyanathan G, Berhanu N. Impact of security countermeasures in organizational information convergence: a theoretical model. Issues Inform Syst. 2012;13(2):21–5.

72.

Lluch M. Healthcare professionals’ organisational barriers to health information technologies - a literature review. Int J Med Inform. 2011;80(12):849–62.PubMedCrossRef

73.

Arizona state university. IT-General controls questionnaire [Internet]. [cited 2008 January 31]. Available from: https://www.asu.edu/fs/documents/icq/IT_general_controls_icq.pdf

74.

Hussain Shah M, Peikari HR, Yasin NM. The determinants of individuals’ perceived e-security: evidence from Malaysia. Int J Inf Manag. 2014;34:48–57.CrossRef

75.

Ghobadei Far M, Mosalanejad L. Evaluation of staff adherence to professionalism in Jahrom University of Medical Sciences. J Educ Ethics Nurs. 2013;2(2):1–7 (In Persian).

76.

Educational Managers. Questionnaire of patient security culture from nurses view; 2014 [cited 2014April 30]. Available from: http://eduadmin.ir

77.

Financial Studies. Questionnaire of internal monitoring controls evaluation; 2014 [cited 2013April 26].Available from: http://tse.ir/cms/Portals/1/arzyabi_nezarat.pdf.(in Persian ).

78.

Beigi Khortabsara Y. Evaluation questionnaire of training system effectiveness;2014 [cited 2010 March 20] .Available from: http://yazdanmb.persianblog.ir/post/65 (in Persian).

79.

Boss SR, Kirsch LJ, Angermeier I, Shingler RA, Boss RW. If someone is watching, I’ll do what I'm asked: mandatoriness, control, and information security. Eur J Inf Syst. 2009;18(2):151–64.CrossRef

80.

Cavusoglu H, Cavusoglu H, Son JY, Benbasat I. Institutional pressures in security management: direct and indirect influence on organizational investment in information security control resources. Inf Manag. 2015;52:385–400.CrossRef

81.

Cheng L, Li Y, Li W, Holm E, Zhai Q. Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Comput Secur. 2013;39:447–59.CrossRef

82.

Flores WR, Ekstedt M. Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Comput Secur. 2016;59:26–44.CrossRef

83.

Guo KH, Yuan Y. The effects of multilevel sanctions on information security violations: a mediating model. Inf Manag. 2012;49:320–6.CrossRef

84.

Hu Q, West R, Smarandescu L. The role of self-control in information security violations: insights from a cognitive neuroscience perspective. J Manag Inf Syst. 2015;31(4):6–48.CrossRef

85.

Ifinedo P. Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput Secur. 2012;31(1):83–95.CrossRef

86.

Lee Y, Larsen KR. Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software. Eur J Inf Syst. 2009;18(2):177–87.CrossRef

87.

Ng BY, Kankanhalli A. Xu YC. Studying users’ computer security behavior: a health belief perspective. Decis Support Syst. 2009;46(4):815–25.CrossRef

88.

Öğütçü G, Testik ÖM, Chouseinoglou O. Analysis of personal information security behavior and awareness. Comput Secur. 2016;56:83–93.CrossRef

89.

Rhee HS, Kim C, Ryu YU. Self-efficacy in information security: its influence on end users’ information security practice behavior. Comput Secur. 2009;28(8):816–26.CrossRef

90.

Siponen M, Mahmood MA, Pahnila S. Employees’ adherence to information security policies: an exploratory field study. Inf Manag. 2014;51:217–24.CrossRef

91.

Safa NS, Von Solms R. An information security knowledge sharing model in organizations. Comput Hum Behav. 2016;57:442–51.CrossRef

92.

Safa NS, Sookhak M, Von Solms R, Furnell S, Ghani NA, Herawan T. Information security conscious care behaviour formation in organizations. Comput Secur. 2015;53:65–78.CrossRef

93.

Safa NS, Von Solms R, Furnell S. Information security policy compliance model in organizations. Comput Secur. 2016;56:70–82.CrossRef

94.

Vance A, Siponen M, Pahnila S. Motivating IS security compliance: insights from habit and protection motivation theory. Inf Manag. 2012;49(3):190–8.CrossRef

Title: Patients’ perception of the information security management in health centers: the role of organizational and human factors
Authors: Hamid Reza Peikari
Ramayah T.
Mahmood Hussain Shah
May Chiun Lo
Publication date: 01-12-2018
Publisher: BioMed Central
Published in: BMC Medical Informatics and Decision Making / Issue 1/2018
Electronic ISSN: 1472-6947
DOI: https://doi.org/10.1186/s12911-018-0681-z

Keynote webinar | Spotlight on sleep in brain health

Springer Medicine

Patients’ perception of the information security management in health centers: the role of organizational and human factors

Abstract

Background

Methods

Results

Conclusions

Keynote webinar | Spotlight on sleep in brain health

Springer Medicine

Abstract

Background

Methods

Results

Conclusions

Please log in to get access to this content

Other articles of this Issue 1/2018

Patient facing decision support system for interpretation of laboratory test results

Towards stroke prediction using electronic health records

Smart medical beds in patient-care environments of the twenty-first century: a state-of-art survey

Are publicly available internet resources enabling women to make informed fertility preservation decisions before starting cancer treatment: an environmental scan?

Development and pilot evaluation of a pregnancy-specific mobile health tool: a qualitative investigation of SmartMoms Canada

Combining EEG signal processing with supervised methods for Alzheimer’s patients classification