The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING International Journal of Information Security and Privacy Pub Date : 2017-04-03 DOI:10.1080/15536548.2017.1322421
W. Arunothong, D. Nazareth
{"title":"The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data","authors":"W. Arunothong, D. Nazareth","doi":"10.1080/15536548.2017.1322421","DOIUrl":null,"url":null,"abstract":"ABSTRACT As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"48 1","pages":"69 - 83"},"PeriodicalIF":0.5000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15536548.2017.1322421","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

ABSTRACT As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
程序和技术安全对策对医疗数据滥用倾向的影响
当医疗保健提供者寻求遵守HIPAA并努力保护其数据免受外部泄露时,他们也需要意识到员工内部不适当使用这些数据是滥用这些数据的另一个威胁。并不是所有的滥用行为都违反了HIPAA,但它们有可能成为违反HIPAA的行为。雇员滥用医疗数据可以通过适当使用程序和技术对策来减轻和遏制。本文旨在确定电子健康记录(EHR)政策和审计程序是否在提供者滥用医疗数据的倾向中发挥作用。通过对美国医生、护士、医学生和护理学生的在线调查,使用四个代表各种形式滥用的案例,本研究发现,更了解机构安全政策的提供者比不了解类似信息的同行更有可能遵守政策。同样地,那些认为他们的组织监控了他们的电子病历使用情况的供应商比那些认为他们没有被监控的同行更不可能滥用电子病历。调查结果强调了医疗保健组织需要强调HIPAA合规性的重要性,并从程序和技术的角度告知员工该机构为保持合规性所采取的步骤。这项研究表明,提高员工的安全意识和政策措施是防止滥用的重要组成部分。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
International Journal of Information Security and Privacy
International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-
CiteScore
2.50
自引率
0.00%
发文量
73
期刊介绍: As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.
期刊最新文献
Adaptive Personalized Randomized Response Method Based on Local Differential Privacy A Novel CNN-LSTM Fusion-Based Intrusion Detection Method for Industrial Internet A System Dynamics Approach to Evaluate Advanced Persistent Threat Vectors Trust and Voice Biometrics Authentication for Internet of Things “Every Dog Has His Day”
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1