Advanced search
Publication Cover
Journal of Management Information Systems Volume 30, 2013 - Issue 2
Journal homepage
1,072
Views
38
CrossRef citations to date
0
Altmetric
Original Article

Health-Care Security Strategies for Data Protection and Regulatory Compliance

Juhee Kwon Information Systems Department at College of Business, City University of Hong Kong
&
M. Eric Johnson Owen Graduate School of Management, Vanderbilt University
Pages 41-66 | Published online: 08 Dec 2014
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

This study identifies how security performance and compliance influence each other and how security resources contribute to two security outcomes: data protection and regulatory compliance. Using simultaneous equation models and data from 243 hospitals, we find that the effects of security resources vary for data breaches and perceived compliance and that security operational maturity plays an important role in the outcomes. In operationally mature organizations, breach occurrences hurt compliance, but, surprisingly, compliance does not affect actual security. In operationally immature organizations, breach occurrences do not affect compliance, whereas compliance significantly improves actual security. The results imply that operationally mature organizations are more likely to be motivated by actual security than compliance, whereas operationally immature organizations are more likely to be motivated by compliance than actual security. Our findings provide policy insights on effective security programs in complex health-care environments.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related Research Data

Does electronic monitoring of employee internet usage work
Source: Association for Computing Machinery (ACM)
Improving employees' compliance through information systems security training: an action research study
Source: JSTOR
THE ESTIMATION OF ECONOMIC RELATIONSHIPS USING INSTRUMENTAL VARIABLES
Source: JSTOR
Self-assessment application and learning in organizations: A special reference to the ontological dimension
Source: Informa UK Limited
IT Assets, Organizational Capabilities, and Firm Performance: How Resource Allocations and Organizational Differences Explain Performance Variation
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Decision support for managing organizational design dynamics
Source: Elsevier BV
Quality Improvement and Infrastructure Activity Costs in Software Development: A Longitudinal Analysis
Source: Institute for Operations Research and the Management Sciences (INFORMS)
An Empirical Examination of the Influence of Organizational Culture on Knowledge Management Practices
Source: Informa UK Limited
Editorial Overview---The Role of Information Systems in Healthcare: Current Research and Future Trends
Source: Institute for Operations Research and the Management Sciences (INFORMS)
An integrated system theory of information security management
Source: Emerald
Knowledge-based Theory of the Firm
Source: Wiley
Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization
Source: JSTOR
Fear appeals and information security behaviors: an empirical study
Source: JSTOR
The Complementarity of Information Technology Infrastructure and E-Commerce Capability: A Resource-Based Assessment of Their Business Value
Source: Informa UK Limited
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Creating Economic Value Through Social Values: Introducing a Culturally Informed Resource-Based View
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
Source: Informa UK Limited
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Source: Informa UK Limited
On the Edge: Heeding the Warnings of Unusual Events
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness
Source: JSTOR
Knowledge relatedness and the performance of multibusiness firms
Source: Wiley
Understanding and transforming organizational security culture
Source: Emerald
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
Source: Informa UK Limited
Improved security through information security governance
Source: Association for Computing Machinery (ACM)
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Source: Informa UK Limited
Healthcare 4.0: A review of frontiers in digital health
Source: Wiley
The Performance Effects of Complementarities Between Information Systems, Marketing, Manufacturing, and Supply Chain Processes
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Continuance compliance of privacy policy of electronic medical records: the roles of both motivation and habit
Source: Springer Science and Business Media LLC
Performance Impacts of Information Technology: Is Actual Usage the Missing Link?
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Compliance Strategies – A.K.A. Alphabet Soup
Source: Elsevier BV
Security through Information Risk Management
Source: Institute of Electrical and Electronics Engineers (IEEE)
The resource-based view within the conversation of strategic management
Source: Wiley
Complementarities Between Organizational IT Architecture and Governance Structure
Source: Institute for Operations Research and the Management Sciences (INFORMS)
IS Employee Attitudes and Perceptions at Varying Levels of Software Process Maturity
Source: JSTOR
Value Implications of Investments in Information Technology
Source: Institute for Operations Research and the Management Sciences (INFORMS)
DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENT
Source: Wiley
Information technology payoff in the health-care industry: a longitudinal study
Source: Informa UK Limited
Investments in Information Security: A Real Options Perspective with Bayesian Postaudit
Source: Informa UK Limited
User Participation in Information Systems Security Risk Management
Source: JSTOR
SUSTAINABLE COMPETITIVE ADVANTAGE: COMBINING INSTITUTIONAL AND RESOURCE- BASED VIEWS
Source: Wiley
Information Security Control Theory: Achieving a Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information
Source: Informa UK Limited
A Resource-Based View of the Firm
Source: Wiley
Market-Based Assets and Shareholder Value: A Framework for Analysis
Source: SAGE Publications
Estimating the Contextual Risk of Data Breach: An Empirical Approach
Source: Informa UK Limited
Unrealistic optimism on information security management
Source: Elsevier BV
Information systems resources and information security
Source: Springer Science and Business Media LLC
The relationships between intangible organizational elements and organizational performance
Source: Wiley
Performance effects of information technology synergies in multibusiness firms
Source: JSTOR
Total quality management as competitive advantage: A review and empirical study
Source: Wiley
Information Security Governance - Compliance management vs operational management
Source: Elsevier BV
Dynamic risk management: Theory and evidence
Source: Elsevier BV
A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings
Source: Informa UK Limited

Linking provided by 

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.