{"title":"Managing compliance with privacy regulations through translation guardrails: A health information exchange case study","authors":"Chad Anderson , Richard Baskerville , Mala Kaul","doi":"10.1016/j.infoandorg.2023.100455","DOIUrl":null,"url":null,"abstract":"<div><p>Information privacy is increasingly important in our digitally connected world, particularly in healthcare, and privacy regulations are ramping up to promote appropriate privacy practices. As a digital platform that enables healthcare providers to exchange protected health information (PHI), a health information exchange (HIE) is governed by health information privacy regulations. The challenge for HIEs is to operate in a way that will maximize information exchange while maintaining compliance with regulations that may constrain the sharing of PHI. Regulations impose a measure of universality through compliance requirements, while being flexible to allow adaptation to the local context. However, our longitudinal case study into the privacy policies of an HIE, demonstrates that the journey of privacy ideas from their original formulation in regulations, to their ultimate enactment in an organizational setting, is accompanied by translations, such that the final implementation may vary extensively from its original form. Such variability often results in interpretations that differ from what the regulators intended. Consequently, translation guardrails are necessary to protect against problematic translations of regulatory ideas which could lead to compliance issues and loss of platform participation. Our findings offer two contributions. First, we contribute to the compliance literature by explaining how guardrails can balance the use of permission and obligation schemas which are necessary to translate regulations into effective organizational policies for the success of HIEs and other information exchange platforms. Second, we contribute to extending translation theory by explaining how pragmatic reasoning schemas function as the mechanism through which translation of regulations occurs.</p></div>","PeriodicalId":47253,"journal":{"name":"Information and Organization","volume":"33 1","pages":"Article 100455"},"PeriodicalIF":5.7000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Organization","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S147177272300009X","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 3
Abstract
Information privacy is increasingly important in our digitally connected world, particularly in healthcare, and privacy regulations are ramping up to promote appropriate privacy practices. As a digital platform that enables healthcare providers to exchange protected health information (PHI), a health information exchange (HIE) is governed by health information privacy regulations. The challenge for HIEs is to operate in a way that will maximize information exchange while maintaining compliance with regulations that may constrain the sharing of PHI. Regulations impose a measure of universality through compliance requirements, while being flexible to allow adaptation to the local context. However, our longitudinal case study into the privacy policies of an HIE, demonstrates that the journey of privacy ideas from their original formulation in regulations, to their ultimate enactment in an organizational setting, is accompanied by translations, such that the final implementation may vary extensively from its original form. Such variability often results in interpretations that differ from what the regulators intended. Consequently, translation guardrails are necessary to protect against problematic translations of regulatory ideas which could lead to compliance issues and loss of platform participation. Our findings offer two contributions. First, we contribute to the compliance literature by explaining how guardrails can balance the use of permission and obligation schemas which are necessary to translate regulations into effective organizational policies for the success of HIEs and other information exchange platforms. Second, we contribute to extending translation theory by explaining how pragmatic reasoning schemas function as the mechanism through which translation of regulations occurs.
期刊介绍:
Advances in information and communication technologies are associated with a wide and increasing range of social consequences, which are experienced by individuals, work groups, organizations, interorganizational networks, and societies at large. Information technologies are implicated in all industries and in public as well as private enterprises. Understanding the relationships between information technologies and social organization is an increasingly important and urgent social and scholarly concern in many disciplinary fields.Information and Organization seeks to publish original scholarly articles on the relationships between information technologies and social organization. It seeks a scholarly understanding that is based on empirical research and relevant theory.