Examining the intended and unintended consequences of organisational privacy safeguards

Figures & data

Table 1 Mapping the consequences of enacting privacy safeguards

	Intended consequences	Unintended consequences
Positive	(Quantin et al, 2000; Ohno-Machado et al, 2004; Ravera et al, 2004; Gritzalis et al, 2005; Blobel et al, 2006; Boyd et al, 2007; Choe & Yoo, 2008; Kantarcioglu et al, 2008; Lee & Lee, 2008; Blanquer et al, 2009; Aberdeen et al, 2010; Chen et al, 2010; Croll, 2011; Haas et al, 2011; Canim et al, 2012; Li et al, 2014)	n/a
Negative	(Ohno-Machado et al, 2004; Kantarcioglu et al, 2008; Canim et al, 2012)	(Ash et al, 2004; Coiera & Clarke, 2004; Choi et al, 2006; Posey et al, 2011; Lowry & Moody, 2015; Lowry et al, 2015)

Figure 1 Grounded theory analysis process.

Figure 2 Emergent concepts, themes and dimensions.

Figure 3 The unintended consequences of privacy safeguard enactment (UCPSE) Framework.

Figure 4 Intended and unintended consequences.

Table A1 Summary of data sources

Organisation	Organisation type	Informant #	Title
1	Large Hospital	1	Chief Medical Information Officer
2	Medium Hospital	2	Chief Information Officer
		3	Chief Privacy Officer
3	Large	4	Chief Medical Information Officer
4	Healthcare Association	5	President
5	Healthcare Federal Agency	6	Chief Privacy Officer
6	Medium Hospital	7	Vice President of IT
7	Medium Hospital	8	Chief Privacy Officer
		9	Security Officer
8	Large Hospital	10	Chief Privacy Officer
		11	Privacy Officer
9	EMR vendor and cloud manager	12	Vice President Implementations
10	Small Hospital	13	Chief Executive Officer
11	Medium Hospital	14	IT Director
12	Large Hospital	15	Security Officer
13	Medium Hospital	16	Privacy Officer
14	Research/Consulting Firm	17	Chief Privacy Officer
15	Small Hospital	18	Privacy Officer
		19	IT Director
16	Large Hospital	20	Privacy Officer
17	Large Hospital	21	Security Officer
18	Consulting Firm	22	Chief Executive Officer
19	Small Hospital	23	Chief Information Officer
20	Medium Hospital	24	Chief Information Officer
21	Small Hospital	25	Business Executive Director
		26	Vice President
		27	Director of Health Information Management
		28	Healthcare Executive Director
		29	Privacy Officer
		30	IT Director

Table D1 Illustrative supporting data for unintended consequences

2nd-order themes	Illustrative 1st-order data
Unintended/desirable consequences
Standardisation of work processes	• ‘For us privacy we consider a component of quality healthcare. In other words, patients come to us and divulge very private information to us, and we are the protectors of that. We must make sure that it’s handled appropriately … provide them basic stuff of making sure people close curtains, close doors, they position their computers and equipment so that people can’t read or see the information’ • ‘Say you had your Facebook account and you decide you want to say something bad about [our hospital], what do you do then? There has to be some procedures and protocols around that’ • ‘In an emergency department or you are in a clinic setting, information being electronically viewable so you have to say where the device is, where the devices set up, the time outs and things, are they consistent with a comprehensive approach to visually securing any information ‘ • ‘We have to assess each outside agency as to what their needs are and how to best set a special, private VPN channel that’s highly secured that we only allow people in through that area that we can govern who comes in, when they come in, what their passwords are and so forth. And we can govern the movement of the data that way’
Better accountability	• ‘You basically have to assess the situation, make the determination of what should be done. I will be honest with you. We will opt for patient safety and patient care above everything…the patient’s life is in our hands and we are going to do what it takes to take care of that patient’ • ‘I believe that most organisations now are much more aware of privacy and security than they were before that law came into place. And just seeing this as just a good business practice instead of something we have to do, makes all the difference in the world. I have heard some of the techy people call it hygienic environment’
	• ‘I try to make decisions here of course I want to do what’s right for the business and our workflow. But at the same time at the end of the day I kind of put myself in a patient’s viewpoint’. • I do think that there are a number of motivating factors. One of them is the right thing to do and that is the right attitude, and that would get you a lot further than going off checking off check boxes
Unintended adverse consequences
Information unavailability	• ‘We don’t want to keep information out of the hands of people who need it. So if we develop something that is too stringent…they can’t do their job the right way’ • ‘We try to make it [information] as accessible as possible but yet have security measures in place to protect those assets’ • ‘We have lots of policies and everybody else has lots of policies but we can’t meet the regulations in the strictest letter of the law and offer clinicians their ability to practice in an efficient cost effective manner’ • ‘I would much rather happen to explain to the office of civil rights why some body inappropriately access information than explain to a family why their loved one is dead and they wouldn’t have been dead had the information we had in our possession wasn’t accessible to the people treating that patient’
Workflow disruption	• ‘Time out features. There’s times out in all our system end this is something we have to work around. You know we have some key systems in the emergency department and what they’re saying … We have a twenty minute time out feature … if I’m a doctor in the emergency room and my system times out on me while I am critically working on a patient … I have to [enter] my password, that’s not a good thing’ • ‘Once I log in, I don’t want the system to log me out automatically. I don’t like it’ • ‘I’m using application A, application B and you get all these passwords you got to remember. Guess what? I’m going to start writing them down’ • ‘40% of the work that a nurse does is to administer medication. 40% of her day, she is looking at pills and administering them. … She is logging in and waiting, waiting, waiting, waiting, that’s a problem she is not going to get her job done. It’s hard enough to do the charting, administering medicine without the waiting, waiting, and waiting. So what most hospitals do is there have these computers on wheels, they wheel it into the patient room and they leave it logged on and they administer the medicine and they wheel it out and they leave it logged on and then they go into the next room and then leave it logged on but when they go back to the med room it’s logged on and that’s a security risk’
Usability issues	• ‘It comes from EHR usability and access to information. I mean in certain scenarios, I would like to walk in from purely a clinician hat on, I like to walk into to room and see that patient’ information, talk with that patient and provide the care, but somehow I have to be acknowledge as being allowed to see that information. So, that one of the conflicts. I have to log in or else I have to use an RFID tag or swipe something to get into that record’ • ‘With the privacy and security in healthcare it’s the need for speed. I don’t want to log in twice. I don’t want to log in this, I don’t want to that’ • ‘If it is not usable to them, they won’t use it. The things that are very usable to them, that they are used to, they can, I’ve seen this all the time’
Operational feasibility	• ‘My biggest concern time comes down to operational feasibility and weather what’s being asked can be operationalized or is it going to be detrimental to the patient best interest’ • ‘It really comes down to practice’ • ‘There is a lot of indirect impact that you have to be careful of its operational efficiency you know you have to really look at, you will never get a number you look and say oh my God. It’s got to be costing us money or it’s got to be costing us efficiency’ • ‘So it does have an impact on resources and operation. You’re going to get to a point where people are going to have to have staff in place to just deal with that one situation, just to keep up with what they’re going to have to do to make sure they protect themselves’ • ‘Let’s just say for example, your brother is Don Parks and you are a physician, and you are looking up Don Parks’ records for no reason what so ever. An alert is triggered and will be sent to someone who actually sponsors your account. It is going to say Rachida Parks looked at Don Parks’ record. The person that sponsors you will need to get with you and say who is that? You might say that is my brother, and one might say, why did you look at that record? You would say he was not looking good at the family dinner last week, so I looked up his record, which will be totally inappropriate. Or you could say, Don parks is not related to me, but is a patient of mine. The alerting provokes the next level of inquiry. If you were to say the former where you were looking up at your brother’s record and you didn’t really have a reason to, then that gets referred to the human resources for discipline • ‘We got to make sure the things are operationally supportable and I have to say that there are aspects of HIPAA that are very difficult to operationalize and they really often don’t have a lot of meaning either • ‘We have lots of policies we can’t meet the regulations in the strictest letter of the law and offer clinicians their ability to practice in an efficient cost effective manner

Table E1 Illustrative supporting data for intended or expected consequences

2nd-order themes	Illustrative 1st-order data
Intended/desirable consequences
Controlled access	• ‘We do have role based security, if we decided that you should have rights to getting at certain class of data, we can give it you…That’s very important because you don’t want to give employees any more access than what they need’ • ‘Basically what we do is we look at the information system and based on the security capabilities and the information system and the duties, or the responsibilities or the duties of the employee, we, we give, we base their access on that’ • ‘We go through our due diligence in regard to what different provider groups are allowed to see or should be able to see for their job, they don’t want to stop them from providing care for patients obviously and you want to facilitate their care for patients but do you really have a true clinic need to be able to do that’ • ‘So do you want the environmental health worker to be able to log into your record and see that? Well no, but there may be component of your records that are important to the environmental health workers to do their job’
Deterrence effect	• ‘I hate to say this, a certain amount of people get caught, you know people deciding to look at stuff that they shouldn’t. Because you also want to make an example out of them, you know it’s sad to say, what really helps if no one looks at it, and if no one looks at things that they shouldn’t, that’s the ideal. You know that’s not going to happen. So what you do hope is that when people do look at things they shouldn’t, they get caught, we work very hard on that, and when they get caught, people find out about them. It’s the deterrent effect’ • ‘It is sort of user grisly analogy. Back in medieval England when they chop people’s heads off, they would put the head on a pike, and they stick it on the London Bridge, and the idea was that it would allow you to see who had their head chopped off. It was a very public hanging. And so, it’s the same thing here, we can’t necessarily say who we fire, but you hope the word gets out, you hope the employee that gets fired almost says, I can’t believe they fired me for looking at that. Well okay fine, I want you to tell your co-workers, because I want your co-workers to say, I am not going to do this again because I don’t want to have the same thing happen to me, or I don’t want to be suspended’ • ‘We need to discipline them, we need to make sure that people understand that we take this seriously, and hopefully, there is a deterrent effect that occurs from other people seeing the fact that people have lost their jobs over. Now the fact that only three people in that hospital lost their jobs over it, probably it says to me only good thing, because it says to me only three people were dumb enough to look at the record’
Tracking mechanisms	• ‘We have alerts built into things, there are alerts for certain people when there is a perceived attack or perceived breach so to speak’ • ‘We have software which goes through every PC in the house every day looking for things on PCs. So we have software in place on emails that look for certain patterns of information of people are trying to send out here it will block it’ • ‘Our system is all doing very advanced logging, and if I decided that I wanted to see who looked at your record, I would know everybody who looked at your record’ • ‘So anybody who goes in and looks at a record of same, the same last name that’s, that’s a flag. It doesn’t mean it’s inappropriate. It just means that we need to look at those a little bit closer’ • ‘A system behind the scenes looking at these audit models that are being generated continuously and let’s look for patterns or let’s look for, let’s look for trends or patterns that you know doesn’t appear to be right and they need to be investigated on’
Expected adverse consequences
User resistance	• ‘If there’s a change in the regulation or policy, existing business process has to be altered or changed. Any time there’s change there’s going to be push back or potential disagreement’ • ‘If the security is too hard, people wouldn’t do it. If it is beyond their work flow much, they won’t do it’ • ‘I tell people all the time that security flies in the face of convenience that’s just the way it’s always is… so a lot of push back or complain’ • ‘Do you want me not to administer that medication because everything didn’t line up in the security behind the scenes?’ • ‘To use a safe password, is has to be eight characters long, it should have caps and this and that, and you change it every thirty days, and nobody does it
Data disclosures and secondary use	• ‘How do you secure information that is being used for secondary purposes for research, for research, for quality, for billing and coding’? • ‘I think the very difficult issue we face is that there is a great need for secondary uses of health data. That’s where much of the information comes from, we are now using for research for public health. And so to be able to find cures for diseases or to improve public health, to improve disparities, to improve access to care, all those many things that are on everyone’s mind. When you’re thinking about healthcare improvement, you need data to be able to do that. You need the research • ‘There’s many times when like a clerical person will hit the wrong number on the fax machine and fax a, a lab result for Rachida Parks to a Sheetz store or something and you know that happens all the time

Table F1 Empirical grounding of the study

Evaluative criteria	Description	Goal	What to look for in this study
Criterion 1	Are concepts generated?	Assess if the concepts used in the research are grounded in the data	The concepts used in the research are grounded in the data. Therefore, the study could be viewed as fitting with the first criterion
Criterion 2	Are the concepts systematically related?	Check if there is a linkage between concept	The study shows how the concepts have been interwoven into more coherent themes and categories
Criterion 3	Are there many conceptual linkages and are the categories well developed? Do they have conceptual density?	Check if categories and subcategories are tightly linked	Open coding was followed by axial coding, which allowed dense categories to emerge. The linkage between categories was implemented and extension of those categories to themes and overarching dimensions was pursued to achieve conceptual density
Criterion 4	Is much variation built into the theory?	Check for variations in the theoretical model and different conditions and consequences	This research presents a hybrid of process and variance in the theoretical framework (Figure 1) that aims to depict the processes as a result of enacting privacy safeguards. The variance intended and unintended consequences
Criterion 5	Are the broader conditions that affect the study built into its explanation?	Incorporate the micro and macro conditions	This study incorporates micro-conditions that were relevant to the study. The incorporation of the leadership commitment is a good example of integrating micro-conditions
Criterion 6	Has process been taken into account?	Check if process has been considered	This study focuses on understanding the outcomes of enacting privacy safeguards and their impact on privacy compliance. This translates into the processes undertaken to handle these outcomes. Therefore, the criterion of identifying process in research has been achieved
Criterion 7	Do the theoretical findings seem significant and to what extent?	Check for imagination and insights	The preliminary findings and a theoretical model have been published and well received (Parks et al, 2011a, b); thus, I would regard this as evidence in support of their significance
Criterion 8	Does the theory stand the test of time and become part of the discussions and ideas exchanged among relevant social and professional groups?	Check if the theoretical framework is able to withstand future testing and research	Given that this study has been developed based on a specific context (i.e. healthcare), it is our hope that the insights of the emerging theory can make it withstand future applications and research

Table G1 Research process evaluation criteria

Evaluative criteria	Description	What to look for in this study
Criterion 1	How was the original sample selected? On what grounds?	Interviewing informants has been initiated in hospitals. However, after initial data analysis, this target was revisited to include other healthcare organisations and entities (e.g., the U.S. Department of Health and Human Services, healthcare professional associations, healthcare IT providers and healthcare privacy consultants). This sample was originally based on privacy leaders only in hospitals and ultimately included privacy leaders from other healthcare organisations who impact the process by which hospitals respond to information privacy threats
Criterion 2	What major categories emerged?	The study led to the emergence of major categories – Enactment of Privacy safeguards, intended consequences, unintended consequences, Imbalance Challenge, Workarounds and Privacy Compliance
Criterion 3	What were some of the events, incidents or actions (indicators) that pointed to some of these categories?	Categories emerged as a result of first- and second-order analysis. For example workarounds emerged when leaders mentioned their lack of compliance, and when healthcare employees embraced activities to bypass privacy safeguards
Criterion 4	On the basis of what categories did theoretical sampling proceed? That is, how did theoretical formulations guide some of the data collection? After the theoretical sampling was done, how representative did the categories prove to be?	Theoretical sampling was driven by the concepts that emerged. The categories of hospitals’ size, Workarounds and the Imbalance Challenge created a need to collect further data. Ultimately, some categories sustained (e.g., Workarounds and the Imbalance Challenge) and others did not hold up (e.g., hospital size)
Criterion 5	What were some of the hypotheses pertaining to conceptual relations (i.e. among categories), and on what grounds were they formulated and validated?	As a qualitative researcher, I came up with hypotheses in their initial form in early analysis. These hypotheses were formulated and based on the interpretations of the data collected. Examples of these hypotheses include leaders who exhibited very distinct behaviours regarding their approaches to responding to privacy threats, while others’ behaviours were opposite to the ones described above
Criterion 6	Were there instances in which hypotheses did not explain what was happening in the data? How were these discrepancies accounted for? Were hypotheses modified?	As the coding continued, categories and themes were improved. Some did not hold up. For instance, at early stages of data analysis, we formulated the hypothesis that larger hospitals with more resources would thrive to achieve higher degree of privacy compliance and better address the imbalance issues. We further analysed this pattern to discover that, while the hospital size matters because it is often closely linked with resources, it is the commitment of top managers that prevails. This hypothesis eventually was modified to account for the role of leadership commitment
Criterion 7	How and why was the core category selected? Was this collection sudden or gradual, and was it difficult or easy? On what grounds were the final analytics decisions made?	The Imbalance Challenge gradually emerged as the core theme of this study. While other categories emerged first, the Imbalance Challenge theme emerged as further analysis was undertaken. The final analytics decisions were made and validated with the empirical data

Table H1 Sample privacy and security assessment tool

Privacy and security assessment tool
Business associate name:		Date:
Specific requirement		Present	Absent	NA or see comments	Comments
Privacy standard
(1) Privacy/confidentiality policies and procedures designed to protect [hospital name] data
(2) Policy or procedure that describes the allowed use and/or disclosure of [hospital name] data in accordance with the Business Associate Agreement
(3) Procedure for the reporting of any suspected or actual intrusion, unauthorised use or disclosure of [hospital name] data
(4) A sample of your log of potential or actual intrusion, unauthorised use or disclosure of [hospital name] data
(5) If required, is the following present:  Template of the confidentiality/Non-disclosure Agreement with the subcontractor  A list of any off-shore subcontractors who have access to [hospital name] member data
(6) Procedure that describes how you allow for the amendments to [hospital name] data
(7) Procedure for tracking non-routine disclosures or access of [hospital name] data
(8) Documentation that describes your HIPAA privacy/security training for staff or others who would have access to [hospital name] data
(9) A template of the confidentiality agreement that you require your employees to sign
(10) Procedure that describes how you forward privacy questions or privacy requests from [hospital name] members to [hospital name]
(11) Policy requiring contact with [hospital name] prior to any use and/or disclosure of [hospital name] data beyond the defined obligations listed in the Business Associate Agreement
Security standard
Administrative safeguards
(1) Policy or process for conducting an assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of [hospital name] data
(2) Evidence of an assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of [hospital name] data
(3) Process or procedures for implementing security measures to reduce risks and vulnerabilities to the confidentiality, integrity and availability of [hospital name] data
(4) Policy or procedure for sanctions due to employee violations of your organisation’s security policies and procedures
(5) Process or procedure to regularly review records of information system activity, such as, audit logs, access reports and security incident tracking reports
(6) Evidence of an identified and documented responsibility of the security official accountable for the development and implementation of information security policies and procedures
(7) Policy or procedure for protecting [hospital name] data from the other functions of the larger organisation if health care clearinghouse functions are performed
(8) Policy and/or procedures to address security incidents.
(9) Policy and/or procedures for the backup of [hospital name] data
(10) Evidence of a formal disaster recovery plan
(11) Evidence of testing your disaster recovery plan within the last 12 months
(12) Process or procedures to maintain security of [hospital name] data while operating in emergency mode due to technical failure or power outage
(13) Procedure for performing periodic technical and non-technical evaluations (auditing) to ensure that appropriate security has been implemented. (The evaluation may be internal or external.)
(14) Policy or procedure for reviewing existing business associate contracts, which involve [hospital name] data, to determine if HIPAA Security Rule requirements are addressed
Physical safeguards
(1) Policy and/or procedures for ensuring that workstations capable of accessing [hospital name] data have been identified, their viewing areas limited to authorised users, and have been physically removed from areas where unauthorised users might see the information
(2) Policy and/or procedures to ensure physical safeguards have been put in place to ensure that all servers and workstations that can access [hospital name] data are restricted to authorised users
(3) Policy and/or procedure for allowing employees or organisations to remove [hospital name] data in either paper or electronic form from your facility(s).
(4) Policy and/or procedure for allowing employees access to [hospital name] data from a remote location, i.e. home, hotels or public locations
(5) Policy and/or procedure to address how [hospital name] data and software should be properly disposed, including any hardware or electronic media on which it is stored
(6) Policy and procedure for removal of [hospital name] data from electronic media prior to making the media available for re-use
Technical safeguards
(1) Policy and procedure to ensure that each user has a unique ID that can be used to track user activity within the system
(2) Policy and/or procedure to identify users who would require access and to provide access to [hospital name] data during emergency situations
(3) List and describe the audit control mechanisms implemented to record and examine activity in the system(s) containing [hospital name] data
(4) List and describe the type of user authentication mechanisms currently used to ensure user authentication

Quantin C, Allaert F-A and Dusserre L (2000) Anonymous statistical methods versus cryptographic methods in epidemiology. International Journal of Medical Informatics 60(2), 177–183.

 Google Scholar

Ohno-Machado L Silveira PSP Vinterbo S Protecting patient privacy by quantifiable control of disclosures in disseminated databases International Journal of Medical Informatics 2004 73 7 599 606 10.1016/j.ijmedinf.2004.05.002

 PubMed Web of Science ®Google Scholar

Ravera L Colombo I Tedeschi M Ravera A Security and privacy at the private multispecialty hospital Istituto Clinico Humanitas: Strategy and reality International Journal of Medical Informatics 2004 73 3 321 324 10.1016/j.ijmedinf.2003.12.009

 PubMed Web of Science ®Google Scholar

Gritzalis S Lambrinoudakis C Lekkas D Deftereos S Technical guidelines for enhancing privacy and data protection in modern electronic medical environments IEEE Transactions on Information Technology in Biomedicine 2005 9 3 413 423 10.1109/TITB.2005.847498

 PubMedGoogle Scholar

Blobel B Nordberg R Davis JM Pharow P Modelling privilege management and access control International Journal of Medical Informatics 2006 75 8 597 623 10.1016/j.ijmedinf.2005.08.010

 PubMed Web of Science ®Google Scholar

Boyd AD Hosner C Hunscher DA Athey BD Clauw DJ An ‘Honest Broker’ mechanism to maintain privacy for patient care and academic medical research International journal of medical informatics 2007 76 5 407 411 10.1016/j.ijmedinf.2006.09.004

 PubMed Web of Science ®Google Scholar

Choe J Yoo SK Web-based secure access from multiple patient repositories International Journal of Medical Informatics 2008 77 4 242 248 10.1016/j.ijmedinf.2007.06.001

 PubMed Web of Science ®Google Scholar

Kantarcioglu M Jiang W Liu Y Malin B A cryptographic approach to securely share and query genomic sequences IEEE Transactions on Information Technology in Biomedicine 2008 12 5 606 617 10.1109/TITB.2007.908465

 PubMedGoogle Scholar

Lee WB Lee CD A cryptographic key management solution for HIPAA privacy/security regulations IEEE Transactions on Information Technology in Biomedicine 2008 12 1 34 41 10.1109/TITB.2007.906101

 PubMedGoogle Scholar

Blanquer I Hernández V Segrelles D Torres E Enhancing privacy and authorization control scalability in the grid through ontologies IEEE Transactions on Information Technology in Biomedicine 2009 13 1 16 24 10.1109/TITB.2008.2003369

 PubMedGoogle Scholar

Aberdeen J Bayer S Yeniterzi R Wellner B Clark C The MITRE Identification Scrubber Toolkit: design, training, and assessment International Journal of Medical Informatics 2010 79 12 849 859 10.1016/j.ijmedinf.2010.09.007

 PubMed Web of Science ®Google Scholar

Chen K Chang YC Wang DW Aspect-oriented design and implementation of adaptable access control for electronic medical records International Journal of Medical Informatics 2010 79 3 181 203 10.1016/j.ijmedinf.2009.12.007

 PubMed Web of Science ®Google Scholar

Croll PR Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling International Journal of Medical Informatics 2011 80 2 e32 e38 10.1016/j.ijmedinf.2010.10.006

 PubMed Web of Science ®Google Scholar

Haas S Wohlgemuth S Echizen I Sonehara N Müller G Aspects of privacy for electronic health records International Journal of Medical Informatics 2011 80 2 e26 e31 10.1016/j.ijmedinf.2010.10.001

 PubMed Web of Science ®Google Scholar

Canim M Kantarcioglu M Malin B Secure management of biomedical data with cryptographic hardware IEEE Transactions on Information Technology in Biomedicine 2012 16 1 166 175 10.1109/TITB.2011.2171701

 PubMedGoogle Scholar

Li M Carrell D Aberdeen J Hirschman L Malin BA De-identification of clinical narratives through writing complexity measures International Journal of Medical Informatics 2014 83 10 750 767 10.1016/j.ijmedinf.2014.07.002

 PubMed Web of Science ®Google Scholar

Ash JS Berg M Coiera E Some unintended consequences of information technology in health care: The nature of patient care information system-related errors Journal of the American Medical Informatics Association 2004 11 2 104 112 10.1197/jamia.M1471

 PubMed Web of Science ®Google Scholar

Coiera E Clarke R E-consent: the design and implementation of consumer consent mechanisms in an electronic environment Journal of the American Medical Informatics Association 2004 11 2 129 140 10.1197/jamia.M1480

 PubMed Web of Science ®Google Scholar

Choi YB Capitan KE Krause JS Streeper MM Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules Journal of Medical Systems 2006 30 1 57 64 10.1007/s10916-006-7405-0

 PubMedGoogle Scholar

Posey C Bennett RJ Roberts TL Lowry PB When computer monitoring backfires: invasion of privacy and organizational injustice as precursors to computer abuse Journal of Information System Security 2011 7 1 24 47

 Google Scholar

Lowry PB Moody GD Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policies Information Systems Journal 2015 25 5 433 463 10.1111/isj.12043

 Web of Science ®Google Scholar

Lowry PB Posey C Bennett RJ Roberts TL Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust Information Systems Journal 2015 25 3 193 230 10.1111/isj.12063

 Web of Science ®Google Scholar

Parks R, Chu C and Xu H (2011a) Healthcare information privacy research: issues, gaps and what next. In 17th Americas Conference on Information Systems (AMCIS), AIS, Detroit, MI.

 Google Scholar

Parks R, Chu C, Xu H and Adams L (2011b) Understanding the drivers and outcomes of healthcare organizational privacy responses. In 32nd Annual International Conference on Information Systems (ICIS 2011), Shanghai, China.

 Google Scholar