The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

International Journal of Information Security and Privacy Pub Date : 2017-04-03 DOI:10.1080/15536548.2017.1322421

W. Arunothong, D. Nazareth

{"title":"The Effect of Procedural and Technological Security Countermeasures on the Propensity to Misuse Medical Data","authors":"W. Arunothong, D. Nazareth","doi":"10.1080/15536548.2017.1322421","DOIUrl":null,"url":null,"abstract":"ABSTRACT As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"48 1","pages":"69 - 83"},"PeriodicalIF":0.5000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15536548.2017.1322421","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

ABSTRACT As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.

查看原文本刊更多论文

程序和技术安全对策对医疗数据滥用倾向的影响

当医疗保健提供者寻求遵守HIPAA并努力保护其数据免受外部泄露时，他们也需要意识到员工内部不适当使用这些数据是滥用这些数据的另一个威胁。并不是所有的滥用行为都违反了HIPAA，但它们有可能成为违反HIPAA的行为。雇员滥用医疗数据可以通过适当使用程序和技术对策来减轻和遏制。本文旨在确定电子健康记录(EHR)政策和审计程序是否在提供者滥用医疗数据的倾向中发挥作用。通过对美国医生、护士、医学生和护理学生的在线调查，使用四个代表各种形式滥用的案例，本研究发现，更了解机构安全政策的提供者比不了解类似信息的同行更有可能遵守政策。同样地，那些认为他们的组织监控了他们的电子病历使用情况的供应商比那些认为他们没有被监控的同行更不可能滥用电子病历。调查结果强调了医疗保健组织需要强调HIPAA合规性的重要性，并从程序和技术的角度告知员工该机构为保持合规性所采取的步骤。这项研究表明，提高员工的安全意识和政策措施是防止滥用的重要组成部分。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.50

自引率

0.00%

发文量

期刊介绍： As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.