ABSTRACT
As healthcare providers seek to comply with HIPAA and endeavor to secure their data from external breaches, they also need to realize that another threat to misuse of this data is inappropriate internal use by employees. Not all instances of misuse constitute a HIPAA violation, but they have the potential to become one. Medical data misuse by employees can be alleviated and curbed through the appropriate use of procedural and technological countermeasures. This paper seeks to determine whether electronic health records (EHR) policy and auditing procedures play a role in the propensity of providers to misuse medical data. Through an on-line survey of US physicians, nurses, medical students, and nursing students, using four case vignettes representing various forms of misuse, this research found that providers who were more aware of institutional security policy were more likely to adhere to policies than their counterparts who were not similarly informed. Likewise, providers who believed that their organizations monitored their EHR usage were less likely to engage in misuse than their counterparts who believed they were not monitored. The findings underscore the need for healthcare organizations to emphasize the importance of HIPAA compliance, and inform employees about the steps that the institution takes to maintain compliance, both from a procedural as well as technological standpoint. This study suggests that increasing the awareness of security and policy measures among employees is a vital part of preventing misuse.
Additional information
Notes on contributors
Wachiraporn Arunothong
Wachiraporn Arunothong Wachiraporn Arunothong is a child and adolescent psychiatrist and a head of strategy department at Lampang Regional Hospital. Dr. Arunothong holds a MD degree, a Thai Board of Child and Adolescent Psychiatry, and a Biomedical and Health informatics from University of Wisconsin Milwaukee. Her works involve with providing child and adolescent psychiatric care, teaching medical students, planning and developing a strategic plan aligned to the organization, and monitoring hospital indicators. She has published articles in Thai, ASEAN, and ASIAN journal of psychiatry.
Derek L. Nazareth
Derek L. Nazareth is Associate Professor of Information Technology Management at the University of Wisconsin-Milwaukee. He received his PhD in MIS from Case Western Reserve University. His current research interests include web services composition, medical informatics, and information security. His papers appear in IEEE Transactions on Knowledge and Data Engineering, ACM Transactions on Management Information Systems, Journal of Management Information Systems, IEEE Transactions on Systems Man & Cybernetics, Decision Support Systems, Communications of the ACM, Information & Management, and other journals and conference proceedings. He serves as Associate Editor for IEEE Transactions on Services Computing and has served as the Program Chair for AMCIS, and the Treasurer for ICIS.