References
- Aberdeen J Bayer S Yeniterzi R Wellner B Clark C The MITRE Identification Scrubber Toolkit: design, training, and assessment International Journal of Medical Informatics 2010 79 12 849 859 10.1016/j.ijmedinf.2010.09.007
- AHA (2016) Section for small or rural hospitals.
- Ash JS Berg M Coiera E Some unintended consequences of information technology in health care: The nature of patient care information system-related errors Journal of the American Medical Informatics Association 2004 11 2 104 112 10.1197/jamia.M1471
- Belanger F Crossler RE Privacy in the digital age: a review of information privacy research in information systems MIS Quarterly 2011 36 4 1017 1041
- Bellman S Johnson EJ Kobrin SJ Lohse GL International differences in information privacy concerns: a global survey of consumers The Information Society 2004 20 5 313 324 10.1080/01972240490507956
- Blanquer I Hernández V Segrelles D Torres E Enhancing privacy and authorization control scalability in the grid through ontologies IEEE Transactions on Information Technology in Biomedicine 2009 13 1 16 24 10.1109/TITB.2008.2003369
- Blobel B Nordberg R Davis JM Pharow P Modelling privilege management and access control International Journal of Medical Informatics 2006 75 8 597 623 10.1016/j.ijmedinf.2005.08.010
- Boss SR Galletta DF Lowry PB Moody GD Polak P What do users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors in users MIS Quarterly 2015 39 4 837 864
- Boxwala AA Kim J Grillo JM Ohno-Machado L Using statistical and machine learning to help institutions detect suspicious access to electronic health records Journal of the American Medical Informatics Association 2011 18 4 498 505 10.1136/amiajnl-2011-000217
- Boyd AD Hosner C Hunscher DA Athey BD Clauw DJ An ‘Honest Broker’ mechanism to maintain privacy for patient care and academic medical research International journal of medical informatics 2007 76 5 407 411 10.1016/j.ijmedinf.2006.09.004
- Brown KL Analyzing the role of the project consultant: cultural change implementation Project Management Journal 2000 31 3 52 55
- Bulgurcu B Cavusoglu H Benbasat I Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. [Article] MIS Quarterly 2010 34 3 523 A527
- Campbell EM Sittig DF Ash JS Guappone KP Dykstra RH Types of unintended consequences related to computerized provider order entry Journal of the American Medical Informatics Association 2006 13 5 547 556 10.1197/jamia.M2042
- Canim M Kantarcioglu M Malin B Secure management of biomedical data with cryptographic hardware IEEE Transactions on Information Technology in Biomedicine 2012 16 1 166 175 10.1109/TITB.2011.2171701
- Chen K Chang YC Wang DW Aspect-oriented design and implementation of adaptable access control for electronic medical records International Journal of Medical Informatics 2010 79 3 181 203 10.1016/j.ijmedinf.2009.12.007
- CHEN Y and XU H (2013) Privacy management in dynamic groups: understanding information privacy in medical practices. In 16th ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW), pp 541–552, San Antonio, TX.
- Choe J Yoo SK Web-based secure access from multiple patient repositories International Journal of Medical Informatics 2008 77 4 242 248 10.1016/j.ijmedinf.2007.06.001
- Choi YB Capitan KE Krause JS Streeper MM Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules Journal of Medical Systems 2006 30 1 57 64 10.1007/s10916-006-7405-0
- Claerhout B Demoor G Privacy protection for clinical and genomic data: the use of privacy-enhancing techniques in medicine International Journal of Medical Informatics 2005 74 2 257 265 10.1016/j.ijmedinf.2004.03.008
- Coiera E Clarke R E-consent: the design and implementation of consumer consent mechanisms in an electronic environment Journal of the American Medical Informatics Association 2004 11 2 129 140 10.1197/jamia.M1480
- Cooper HM (1998) Synthesizing Research: A Guide for Literature Reviews. (Vol. 2). Sage, Thousand Oaks, CA.
- Corbin JM Strauss AL Basics of Qualitative Research: Grounded Theory Procedures and Techniques 2008 3 Newbury Park Sage
- Croll PR Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling International Journal of Medical Informatics 2011 80 2 e32 e38 10.1016/j.ijmedinf.2010.10.006
- Crossler RE Johnston AC Lowry PB Hu Q Warkentin M Future directions for behavioral information security research Computers & Security 2013 32 1 90 101 10.1016/j.cose.2012.09.010
- Culnan MJ Bies RJ Consumer privacy: balancing economic and justice considerations Journal of Social Issues 2003 59 2 323 343 10.1111/1540-4560.00067
- Culnan MJ Williams CC How ethics can enhance organizational privacy: lessons from the Choicepoint and TJX data breaches MIS Quarterly 2009 33 4 673 687
- D’Arcy J Hovav A Galletta D User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach Information Systems Research 2009 20 1 79 98 10.1287/isre.1070.0160
- Dhillon G Moores TT Internet privacy: interpreting key issues Information Resources Management Journal 2001 14 4 33 37 10.4018/irmj.2001100104
- Dinev T Hart P An extended privacy calculus model for e-commerce transactions. [Article] Information Systems Research 2006 17 1 61 80 10.1287/isre.1060.0080
- Eisenhardt KM Building theories from case study research Academy of Management Review 1989 14 4 532 550
- Fernando JI Dawson LL The health information system security threat lifecycle: an informatics theory International Journal of Medical Informatics 2009 78 12 815 826 10.1016/j.ijmedinf.2009.08.006
- France FHR Ethics and biomedical information International Journal of Medical Informatics 1998 49 1 111 115 10.1016/S1386-5056(98)00018-5
- Glaser BG Strauss AL The Discovery of Grounded Theory: Strategies for Qualitative Research 1967 New York Aldine de Gruyter
- Greenaway KE Chan YE Theoretical explanations for firms’ information privacy behaviors Journal of the Association for Information Systems 2005 6 5 171 198
- Gritzalis S Lambrinoudakis C Lekkas D Deftereos S Technical guidelines for enhancing privacy and data protection in modern electronic medical environments IEEE Transactions on Information Technology in Biomedicine 2005 9 3 413 423 10.1109/TITB.2005.847498
- Haas S Wohlgemuth S Echizen I Sonehara N Müller G Aspects of privacy for electronic health records International Journal of Medical Informatics 2011 80 2 e26 e31 10.1016/j.ijmedinf.2010.10.001
- Halbesleben JR Wakefield DS Wakefield BJ Work-arounds in health care settings: literature review and research agenda Health Care Management Review 2008 33 1 2 12 10.1097/01.HMR.0000304495.95522.ca
- Harrison MI Koppel R Bar-Lev S Unintended consequences of information technologies in health care—an interactive sociotechnical analysis Journal of the American Medical Informatics Association 2007 14 5 542 549 10.1197/jamia.M2384
- Hassan NR and Lowry PB (2015) Seeking middle-range theories in information systems research. In International Conference on Information Systems (ICIS 2015), AIS, Fort Worth, TX.
- Heider F Attitudes and cognitive organization Journal of Psychology 1946 21 1 107 112 10.1080/00223980.1946.9917275
- HHS (2016) Breaches affecting 500 or more individuals. March 12, 2016, https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.
- Hsu J, Shih S-P, Hung YW and Lowry PB (2015) How extra-role behaviors can improve information security policy effectiveness. Information Systems Research 26(2), 282–300.
- Hu Q Xu Z Dinev T Ling H Does deterrence work in reducing information security policy abuse by employees? Communications of the ACM 2011 54 6 54 60 10.1145/1953122.1953142
- Johnson CM Johnson TR Zhang J A user-centered framework for redesigning health care interfaces Journal of Biomedical Informatics 2005 38 1 75 87 10.1016/j.jbi.2004.11.005
- Kantarcioglu M Jiang W Liu Y Malin B A cryptographic approach to securely share and query genomic sequences IEEE Transactions on Information Technology in Biomedicine 2008 12 5 606 617 10.1109/TITB.2007.908465
- Kaunitz AM Grimes DA Hughes JM Smith JC Hogue JRC Maternal deaths in the United States by size of hospital Obstetrics & Gynecology 1984 64 3 311 314
- Keith MJ Thompson SC Hale J Lowry PB Greer C Information disclosure on mobile devices: re-examining privacy calculus with actual user behavior International Journal of Human–Computer Studies 2013 71 12 1163 1173 10.1016/j.ijhcs.2013.08.016
- Kreiner GE Hollensbe EC Sheep ML Where is the “me” among the “we”? Identity work and the search for optimal balance Academy of Management Journal 2006 49 5 1031 1057 10.5465/AMJ.2006.22798186
- Kushniruk A Evaluation in the design of health information systems: application of approaches emerging from usability engineering Computers in Biology and Medicine 2002 32 3 141 149 10.1016/S0010-4825(02)00011-2
- Kushniruk AW Patel VL Cognitive and usability engineering methods for the evaluation of clinical information systems Journal of Biomedical Informatics 2004 37 1 56 76 10.1016/j.jbi.2004.01.003
- Lal D (2001) Unintended Consequences: The Impact of Factor Endowments, Culture, and Politics on Long-Run Economic Performance. (Vol. 7). MIT Press, Cambridge, MA.
- Rouge CM Leo G Information systems and healthcare XXXV: health informatics forums for health information systems scholars Communications of the Association for Information Systems 2010 27 7 99 112
- Lee AS Baskerville RL Generalizing generalizability in information systems research Information Systems Research 2003 14 3 221 243 10.1287/isre.14.3.221.16560
- Lee WB Lee CD A cryptographic key management solution for HIPAA privacy/security regulations IEEE Transactions on Information Technology in Biomedicine 2008 12 1 34 41 10.1109/TITB.2007.906101
- Lerner JS Tetlock PE Accounting for the effects of accountability Psychological Bulletin 1999 125 2 255 275 10.1037/0033-2909.125.2.255
- Lewin K Field Theory in Social Science: Selected Theoretical Papers 1951 Oxford Harpers
- Li M Carrell D Aberdeen J Hirschman L Malin BA De-identification of clinical narratives through writing complexity measures International Journal of Medical Informatics 2014 83 10 750 767 10.1016/j.ijmedinf.2014.07.002
- Lincoln YS and Guba EG (1985) Naturalistic Inquiry. (Vol. 75). Sage, Newbury Park.
- Lovis C Spahni S Cassoni N Geissbuhler A Comprehensive management of the access to the electronic patient record: towards trans-institutional networks International Journal of Medical Informatics 2007 76 5 466 470 10.1016/j.ijmedinf.2006.09.014
- Lowry PB Cao J Everard A Privacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: the case of instant messaging in two cultures Journal of Management Information Systems 2011 27 4 163 200 10.2753/MIS0742-1222270406
- Lowry PB Gaskin J Twyman NW Hammer B Roberts TL Taking ‘fun and games’ seriously: proposing the hedonic-motivation system adoption model (HMSAM) Journal of the Association for Information Systems 2013 14 11 617 671
- Lowry PB Moody GD Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policies Information Systems Journal 2015 25 5 433 463 10.1111/isj.12043
- Lowry PB Posey C Bennett RJ Roberts TL Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust Information Systems Journal 2015 25 3 193 230 10.1111/isj.12063
- Lowry PB, Spaulding T, Wells T, Moody GD, Moffit K, et al. (2006) A theoretical model and empirical results linking website interactivity and usability satisfaction. In 39th Annual Hawaii International Conference on System Sciences (HICSS 2006), pp 1–9, IEEE, Kaui, HI.
- Lyytinen K Baskerville R Iivari J Te’Eni D Why the old world cannot publish? Overcoming challenges in publishing high-impact IS research European Journal of Information Systems 2007 16 4 317 326 10.1057/palgrave.ejis.3000695
- Magasin M Gehlen FL Unwise decisions and unanticipated consequences Sloan Management Review 1999 1999 Fall 37 60
- Milberg SJ Smith HJ Burke SJ Information privacy: corporate management and national regulation Organization Science 2000 11 1 35 57 10.1287/orsc.11.1.35.12567
- Milne GR Culnan MJ Using the content of online privacy notices to inform public policy: a longitudinal analysis of the 1998–2001 U.S. web surveys Information Society 2002 18 5 345 359 10.1080/01972240290108168
- Mohan J Yaacob RRR The Malaysian Telehealth Flagship Application: a national approach to health data protection and utilisation and consumer rights International Journal of Medical Informatics 2004 73 3 217 227 10.1016/j.ijmedinf.2003.11.023
- Morath JM Turnbull JE To do no harm: ensuring patient safety in health care organizations 2005 San Francisco Jossey-Bass
- Murphy A, Reddy M and Xu H (2014) Privacy practices in collaborative environments: a study of emergency department staff. In 17th ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW), pp 269–282, ACM, Baltimore, MD.
- Nord GD McCubbins TF Privacy, legislation, and surveillance software Communications of the ACM 2006 49 8 73 78 10.1145/1145287.1145290
- Ohno-Machado L Silveira PSP Vinterbo S Protecting patient privacy by quantifiable control of disclosures in disseminated databases International Journal of Medical Informatics 2004 73 7 599 606 10.1016/j.ijmedinf.2004.05.002
- Orlikowski WJ CASE tools as organizational change: investigating incremental and radical changes in systems development MIS Quarterly 1993 17 3 309 340 10.2307/249774
- Parks R, Chu C and Xu H (2011a) Healthcare information privacy research: issues, gaps and what next. In 17th Americas Conference on Information Systems (AMCIS), AIS, Detroit, MI.
- Parks R, Chu C, Xu H and Adams L (2011b) Understanding the drivers and outcomes of healthcare organizational privacy responses. In 32nd Annual International Conference on Information Systems (ICIS 2011), Shanghai, China.
- Peslak AR Internet privacy policies of the largest international companies Journal of Electronic Commerce in Organizations 2006 4 3 46 62 10.4018/jeco.2006070103
- Pollock N When is a work-around? Conflict and negotiation in computer systems development Science, Technology & Human Values 2005 30 4 496 514 10.1177/0162243905276501
- Posey C Bennett RJ Roberts TL Lowry PB When computer monitoring backfires: invasion of privacy and organizational injustice as precursors to computer abuse Journal of Information System Security 2011 7 1 24 47
- Posey C Lowry PB Roberts TL Ellis S Proposing the online community self-disclosure model: the case of working professionals in France and the UK who use online communities European Journal of Information Systems 2010 19 2 181 195 10.1057/ejis.2010.15
- PRC (2016) Chronology of data breaches security breaches 2005. March 18, 2016, http://www.privacyrights.org/data-breach.
- Quantin C, Allaert F-A and Dusserre L (2000) Anonymous statistical methods versus cryptographic methods in epidemiology. International Journal of Medical Informatics 60(2), 177–183.
- Ravera L Colombo I Tedeschi M Ravera A Security and privacy at the private multispecialty hospital Istituto Clinico Humanitas: Strategy and reality International Journal of Medical Informatics 2004 73 3 321 324 10.1016/j.ijmedinf.2003.12.009
- Rogers EM Diffusion of Innovations 1998 New York Free Press
- Siponen M and Vance A (2010) Neutralization: new insights into the problem of employee information systems security policy violations. [Article]. MIS Quarterly 34(3), 487-A412.
- Smith J Privacy policies and practices: inside the organizational maze Communications of the ACM 1993 36 12 104 10.1145/163298.163349
- Smith JH Dinev T Xu H Information privacy research: an interdisciplinary review MIS Quarterly 2011 35 4 989 1015
- Strauss AL Corbin JM Basics of Qualitative Research. Techniques and Procedures for Developing Grounded Theory 1998 Thousand Oaks Sage
- Tadmor C and Tetlock PE (2009) Accountability. In The Cambridge Dictionary of Psychology (Matsumoto D, Ed.), p 8, Cambridge University Press, Cambridge.
- Urquhart C Lehmann H Myers MD Putting the ‘theory’ back into grounded theory: guidelines for grounded theory studies in information systems Information Systems Journal 2010 20 4 357 381 10.1111/j.1365-2575.2009.00328.x
- Maanen J Schein EH Toward a theory of organizational socialization Research in Organizational Behavior 1979 1 1 209 264
- Vance A Lowry PB Eggett D Using accountability to reduce access policy violations in information systems Journal of Management Information Systems 2013 29 4 263 289 10.2753/MIS0742-1222290410
- Vance A Lowry PB Eggett D A new approach to the problem of access policy violations: increasing perceptions of accountability through the user interface MIS Quarterly 2015 39 2 345 366
- Walczuch RM Steeghs L Implications of the new EU directive on data protection for multinational corporations Information Technology and People 2001 14 2 142 162 10.1108/09593840110695730
- Wall JD Lowry PB Barlow J Organizational violations of externally governed privacy and security rules: explaining and predicting selective violations under conditions of strain and excess Journal of the Association for Information Systems 2016 17 1 39 76
- Warkentin M, Johnston AC and Shropshire J (2011) The influence of the informal social learning environment on information privacy policy compliance efficacy and intention. European Journal of Information Systems 20(3), 267–284.
- Xu H, Teo H-H, Tan BC and Agarwal R (2009) The role of push-pull technology in privacy calculus: the case of location-based services. Journal of Management Information Systems 26(3), 135–174.
- Yeh QJ Chang AJT Threats and countermeasures for information system security: a cross-industry study Information & Management 2007 44 5 480 491 10.1016/j.im.2007.05.003