References
- HSSD. Modifications to the HIPAA privacy, security, enforcement, and breach notification rules under the health information technology for economic and clinical health act and the genetic information nondiscrimination act; Other modifications to the HIPAA rules. [Online]. Available from: www.FederalRegister.gov; 2013.
- Cherry DK, Hing E, Woodwell DA, Rechtsteiner EA. National ambulatory medical care survey: 2006 summary. National Health Statistics Reports, no. 3. Hyattsville MD, National Center for Health Statistics; 2008.
- Casalino LP, Pesko MF, Ryan AM, Mendelsohn JL, Copeland KR, Ramsay PP, et al. Small primary care physician practices have low rates of preventable hospital admissions. Health Aff 2014;33(9):1680–8. doi: 10.1377/hlthaff.2014.0434
- Kane CK, Emmons DW. New data on physician practice arrangements: private practice remains strong despite shifts toward hospital employment. Chicago, IL: American Medical Association; 2013. [Online]. Available from: http://www.nmms.org/sites/default/files/images/2013_9_23_ama_survey_prp-physician-practicearrangements.pdf.
- Martin, NL, Imboden TR. Information security and insider threats in small medical practices. Proceedings from the Twentieth Americas Conference on Information Systems. Savannah, GA; 2014.
- Healthcare Information and Management Systems Society. Privacy and security toolkit for small provider organizations. [Online]. Available from: http://www.himss.org/library/healthcare-privacy-security/small-providertoolkit?navItemNumber=16493; 2011.
- HHS. $750,000 HIPAA settlement underscores the need for organization-wide risk analysis. News Release, [Online]. Available from: http://www.hhs.gov/about/news/2015/12/14/750000-hipaa-settlement-underscores-need-for-organization-wide-risk-analysis.html#; 2015.
- McGee, MK. $150K HIPAA fine for unpatched software. [Online]. Available from: http://www.databreachtoday.com/150k-hipaa-fine-for-unpatched-software-a-7656/op-1; 2014.
- McCann E. Groups hit with record $4.8M HIPAA fine. Healthcare IT News. [Online]. Available from: http://www.healthcareitnews.com/news/group-slapped-record-hipaa-fine; 2014.
- HHS. Annual report to congress on HIPAA privacy, security, and breach notification rule compliance for calendar years 2011 and 2012. [Online]. Available from: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples; 2012.
- United State Department of Labor. Health Plans and Benefits. HIPAA. [Online]. Available from: http://www.dol.gov/dol/topic/health-plans/portability.htm; 2014.
- Centers for Medicare & Medicaid Services (CMS). Electronic health records incentive programs. [Online]. Available from: https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms; 2015.
- Laudon K, Laudon J. Essentials of management information systems. 11e ed. Prentice Hall;2015.
- United States Department of Health and Human Services. Office for civil rights. Health information privacy. [Online]. Available from: https://www.hhs.gov/hipaa/index.html; 2016.
- Lynn, J. Are you ready for stage 2 HIPAA audits? HealthcareScene.com [Online]. Available from: http://www.emrandhipaa.com/emr-and-hipaa/2016/06/27/are-you-ready-for-stage-2-hipaa-audits/; 2016.
- HHS. HIPAA breach notification rule, 45 CFR 165.400-414. [Online]. Available from: http://www.hhs.gov/hipaa/for-professionals/breach-notification/; 2009.
- Sommestad T, Hallberg J, Lundholm K, Bengtsson J. Variables influencing information security policy compliance: a systematic review of quantitative studies. Inform Manag Comput Sec 2014;22(1):42–75.
- Colman A. Theory of reasoned action. A dictionary of psychology (4th ed.). Oxford: Oxford University Press; February; 2015.
- Ajzen I, Fishbein M. Understanding attitudes and predicting social behavior. Nebraska symposium on motivation, Vol. 27, Englewood Cliffs, NJ: Prentice-Hall; 1979. pp. 65–116.
- Ormrod JE. Educational psychology: developing learners (5th ed.). Upper Saddle River, NJ: Pearson/Merrill Prentice Hall; 2006.
- Straub DW, Welke, RJ. Coping with systems risk: security planning models for management decision making. MIS Quart 1998;22(4):441–69. doi: 10.2307/249551
- Chen Y, Ramamurthy K, Wen K. Organizations’ information security policy compliance: stick or carrot approach? J Manage Inf Syst 2013;29(3):157–88. doi: 10.2753/MIS0742-1222290305
- Herath T, Rao R. Protection motivation and deterrence: a framework for security policy compliance inorganizations. Eur J Inf Syst 2009;18:106–25. doi: 10.1057/ejis.2009.6
- Dojkovski S, Lichtenstein S, Warren M. Fostering information security culture in small and medium size enterprises: An interpretive study in Australia. Proceedings of the 15th European Conference on Information Systems, St. Gallen, Switzerland, June 2007. Pp.1560–71.
- Worrell B. Analyst: HIPAA compliance proves costly for health care providers. Healthcare Strat Manage 2002;20(12):6.
- Patlak M, Smith A, Cox K, Shah P, Young R. The costs of HIPAA to patients, to progress, and to the nation's health. C-Change Strategic Initiative. [Online]. Available from: http://c-changetogether.org/websites/cchange/images/hipaa/c-change_hipaa_cost_study_web_version.pdf; 2012.
- Walsh T. What will HIPAA cost? and HIPAA privacy and proposed security standards: a tandem approach to compliance. Advanced Health Care Network. [Online]. Available from: http://health-information.advanceweb.com/Article/What-Will-HIPAA-Cost-and-HIPAA-Privacy-and-Proposed-Security-Standards-A-Tandem-Approach-to-Compliance.aspx; 2014.
- Sterling Ron. Defend your practice against HIPAA violations. Med Econ 2015;52–7.
- Dimopoulos V, Furnell S, Jennex M, Kritharas I. Approaches to IT security in small and medium enterprises. Proceedings of the 2nd Australian Information Security Management Conference. Perth, Western Australia; 2004.
- Gupta A, Hammond R. Information systems security issues and decisions for small businesses: an empirical examination. Inform Manag Comp Sec 2005;13(4):297–310.
- Kankanhalli A, Teo HH, Tan BCY, Wei KK. An integrative study of information systems security effectiveness. Int J Inform Manag 2003;23(2):139–54. doi: 10.1016/S0268-4012(02)00105-6
- Bitglass. Healthcare breach report 2016. [Online]. Available from: http://www.bitglass.com/healthcare; 2016.
- Ponemon Institute. The billion dollar lost laptop problem. [Online]. Available from: http://www.intel.com/content/dam/doc/white-paper/enterprise-security-the-billion-dollar-lost-laptop-problem-paper.pdf; 2010.
- Campaign for NHS Vista. [Online]. Available from: http://nhsvista.net/; 2015.
- Congressional Budget Office. Evidence on the costs and benefits of health information technology. [Online]. Available from: http://www.cbo.gov/publication/41690?index=9168; 2008.