Managing compliance with privacy regulations through translation guardrails: A health information exchange case study

IF 5.7 2区 管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE Information and Organization Pub Date : 2023-03-01 DOI:10.1016/j.infoandorg.2023.100455
Chad Anderson , Richard Baskerville , Mala Kaul
{"title":"Managing compliance with privacy regulations through translation guardrails: A health information exchange case study","authors":"Chad Anderson ,&nbsp;Richard Baskerville ,&nbsp;Mala Kaul","doi":"10.1016/j.infoandorg.2023.100455","DOIUrl":null,"url":null,"abstract":"<div><p>Information privacy is increasingly important in our digitally connected world, particularly in healthcare, and privacy regulations are ramping up to promote appropriate privacy practices. As a digital platform that enables healthcare providers to exchange protected health information (PHI), a health information exchange (HIE) is governed by health information privacy regulations. The challenge for HIEs is to operate in a way that will maximize information exchange while maintaining compliance with regulations that may constrain the sharing of PHI. Regulations impose a measure of universality through compliance requirements, while being flexible to allow adaptation to the local context. However, our longitudinal case study into the privacy policies of an HIE, demonstrates that the journey of privacy ideas from their original formulation in regulations, to their ultimate enactment in an organizational setting, is accompanied by translations, such that the final implementation may vary extensively from its original form. Such variability often results in interpretations that differ from what the regulators intended. Consequently, translation guardrails are necessary to protect against problematic translations of regulatory ideas which could lead to compliance issues and loss of platform participation. Our findings offer two contributions. First, we contribute to the compliance literature by explaining how guardrails can balance the use of permission and obligation schemas which are necessary to translate regulations into effective organizational policies for the success of HIEs and other information exchange platforms. Second, we contribute to extending translation theory by explaining how pragmatic reasoning schemas function as the mechanism through which translation of regulations occurs.</p></div>","PeriodicalId":47253,"journal":{"name":"Information and Organization","volume":"33 1","pages":"Article 100455"},"PeriodicalIF":5.7000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Organization","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S147177272300009X","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 3

Abstract

Information privacy is increasingly important in our digitally connected world, particularly in healthcare, and privacy regulations are ramping up to promote appropriate privacy practices. As a digital platform that enables healthcare providers to exchange protected health information (PHI), a health information exchange (HIE) is governed by health information privacy regulations. The challenge for HIEs is to operate in a way that will maximize information exchange while maintaining compliance with regulations that may constrain the sharing of PHI. Regulations impose a measure of universality through compliance requirements, while being flexible to allow adaptation to the local context. However, our longitudinal case study into the privacy policies of an HIE, demonstrates that the journey of privacy ideas from their original formulation in regulations, to their ultimate enactment in an organizational setting, is accompanied by translations, such that the final implementation may vary extensively from its original form. Such variability often results in interpretations that differ from what the regulators intended. Consequently, translation guardrails are necessary to protect against problematic translations of regulatory ideas which could lead to compliance issues and loss of platform participation. Our findings offer two contributions. First, we contribute to the compliance literature by explaining how guardrails can balance the use of permission and obligation schemas which are necessary to translate regulations into effective organizational policies for the success of HIEs and other information exchange platforms. Second, we contribute to extending translation theory by explaining how pragmatic reasoning schemas function as the mechanism through which translation of regulations occurs.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
通过翻译护栏管理隐私法规遵从性:健康信息交换案例研究
在我们的数字连接世界中,信息隐私越来越重要,尤其是在医疗保健领域,隐私法规正在加强,以促进适当的隐私做法。作为一个使医疗保健提供者能够交换受保护的健康信息(PHI)的数字平台,健康信息交换(HIE)受健康信息隐私法规的管辖。HIE面临的挑战是以最大限度地提高信息交换的方式运作,同时遵守可能限制PHI共享的法规。条例通过合规要求规定了一定程度的普遍性,同时具有灵活性,可以适应当地情况。然而,我们对HIE隐私政策的纵向案例研究表明,隐私理念从最初在法规中的制定到最终在组织环境中的制定,都伴随着翻译,因此最终的实施可能与最初的形式大相径庭。这种可变性往往导致与监管机构意图不同的解释。因此,翻译护栏是必要的,以防止监管理念的翻译出现问题,这可能会导致合规问题和平台参与的损失。我们的发现提供了两个贡献。首先,我们通过解释护栏如何平衡许可和义务模式的使用,为合规文献做出贡献,这些模式是将法规转化为有效的组织政策所必需的,以使HIE和其他信息交换平台取得成功。其次,我们通过解释语用推理图式如何作为规则翻译的机制发挥作用,为翻译理论的扩展做出了贡献。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
11.20
自引率
1.60%
发文量
18
期刊介绍: Advances in information and communication technologies are associated with a wide and increasing range of social consequences, which are experienced by individuals, work groups, organizations, interorganizational networks, and societies at large. Information technologies are implicated in all industries and in public as well as private enterprises. Understanding the relationships between information technologies and social organization is an increasingly important and urgent social and scholarly concern in many disciplinary fields.Information and Organization seeks to publish original scholarly articles on the relationships between information technologies and social organization. It seeks a scholarly understanding that is based on empirical research and relevant theory.
期刊最新文献
Stability and change in digital transformation: A repertoire model of institutionally embedded technology affordances Virtual social contagion in online support communities Transformed knowledge work infrastructures in times of forced remote work Editorial Board Digital innovation, platforms, and global strategy
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1