Information security climate and the assessment of information security risk among healthcare employees

Stacey Kessler, Shani Pindek, Gary Kleinman, Stephanie A. Andel, Paul E. Spector

Research output: Contribution to journalArticle

Abstract

Since 2009, over 176 million patients in the United States have been adversely impacted by data breaches affecting Health Insurance Portability and Accountability Act–covered institutions. While the popular press often attributes data breaches to external hackers, most breaches are the result of employee carelessness and/or failure to comply with information security policies and procedures. To change employee behavior, we borrow from the organizational climate literature and introduce the Information Security Climate Index, developed and validated using two pilot samples. In this study, four categories of healthcare professionals (certified nursing assistants, dentists, pharmacists, and physician assistants) were surveyed. Likert-type items were used to assess the Information Security Climate Index, information security motivation, and information security behaviors. Study results indicated that the Information Security Climate Index was related to better employee information security motivation and information security behaviors. In addition, there were observed differences between occupational groups with pharmacists reporting a more favorable climate and behaviors than physician assistants.

Original languageEnglish
JournalHealth Informatics Journal
DOIs
Publication statusPublished - 1 Jan 2019

    Fingerprint

Keywords

  • cybersecurity
  • electronic health records
  • information protection
  • information security
  • organizational climate

Cite this