ABSTRACT
One needs to look only at recent data breaches to be reminded of the severe and far-reaching damage caused by privacy threats. In light of these threats, global healthcare leaders are striving to understand how to protect patient information without the loss of benefits (utility) that results from privacy-preserving mechanisms. Consequently, our study examines the relatively unexplored issue of simultaneously responding to information privacy threats and maintaining utility in a healthcare privacy compliance context. Counterintuitively, we also identify a symbiotic relationship between these two focal and interdependent efforts. We adopt an interpretive qualitative research method leveraging the value-focused thinking (VFT) approach which results in two major contributions: (1) the development of a value-driven framework presented as a means-end objective network providing a list of 16 means objectives and seven key fundamental objectives enabling higher-quality privacy decision making vis-à-vis privacy and utility. Our second and central contribution (2) is a theoretical framework of privacy impact assessment (PIA) emphasising the interplay and balance between making appropriate decisions in responding to information privacy while not hindering healthcare operations. This work provides the foundation for proposing four compelling propositions for future healthcare privacy research.
Acknowledgement
Rachida Parks and Paul Benjamin Lowry dedicate this study in the loving memory of Rolf Wigand who was a great friend and collaborator.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Supplementary material
Supplemental data for this article can be accessed online at https://doi.org/10.1080/0960085X.2022.2103044