ABSTRACT
The avoidance of HIPAA breaches has been important to hospital administrators since 1996. Research has not provided insight into what strategies are most effective. The purpose of this paper is to identify the relationship between hospital organizational characteristics and specific types of HIPAA breaches (hacking, improper disposal, loss, theft, and unauthorized access/disclosure. We sought to better equip hospital administrators' to both assess their organization's relative risk for certain types of breaches. We propose, based on the sociotechnical approach that the occurrence of a HIPAA breach can be conceived as a misalignment between the social aspects of an organization and its technical capabilities. A purposive sample of hospitals with active HIPAA breach investigations (n = 163) is analyzed via a dataset that combines hospital characteristics from the American Hospital Association and HIPAA breach data from the Office of Civil Rights. The results of the analyses support the hypothesis of a relationship between hospital organizational characteristics and the types of HIPAA breaches, and most especially the influence of EMR capabilities, hospital size, system membership, and teaching status on various types of HIPAA Breach. This finding might assist healthcare leaders with proactively dealing with their organizational risks for HIPAA breaches.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
Michele Heath
Michele Heath is an Assistant Professor in Management at Cleveland State University. Her research interests include the role of leadership, governance, culture, conflict, team composition, change management, and other core management concepts. Michele's research has been published in several scholarly journals including Health Policy & Technology, Information Systems Management, and American Journal of Business. Her work has appeared in the following proceedings: Americas Conference on Information Systems, Southern Management Association Midwest Association for Information Systems, and Academy of Management. Prior to entering the academic field, Michele worked at Ernst & Young and KPMG.
Tracy H. Porter
Tracy H. Porter is an Associate Professor within the Department of Management at Cleveland State University where she teaches a variety of health care management and human resource courses. Dr Porter's research focuses on health care (e.g. the impact of individual differences and organizational change initiatives on organizational success), refugee integration (e.g. work), and human resource topics (e.g. bullying and leadership). Her research has appeared in a number of scholarly journals including Health Care Management Review, Journal of Vocational Behavior, The Journal of Social Psychology, and the Journal of Organizational Change Management among others.
Geoffrey Silvera
Geoffrey Silvera is an Assistant Professor in the Department of Political Science at Auburn University. He serves as a primary faculty member of the Health Services Administration (HADM) program and his research centers on the influence of healthcare administrators, especially chief executive officers, on patient care quality, experience, and safety as well as on the institutionalization of diversity and inclusion. He also serves as the Associate Editor of the Patient Experience Journal (PXJ) and is on the editorial board of Health Care Management Review(HCMR).