Advanced search
Publication Cover
Journal of Management Information Systems Volume 30, 2013 - Issue 2
Journal homepage
1,072
Views
38
CrossRef citations to date
0
Altmetric
Original Article

Health-Care Security Strategies for Data Protection and Regulatory Compliance

Juhee Kwon Information Systems Department at College of Business, City University of Hong Kong
&
M. Eric Johnson Owen Graduate School of Management, Vanderbilt University
Pages 41-66 | Published online: 08 Dec 2014

References

  • AICPA/CICA privacy maturity model. American Institute of Certified Public Accountants, Inc., New York, March 2011 (available at www.aicpa.org/interestareas/informationtechnology/resources/privacy/downloadabledocuments/10-229_aicpa_cica%20privacy%20maturity%20model_finalebook_revised0612.pdf
  • Alavi, M.; Kayworth, T. R.; and Leidner, D. E. An empirical examination of the influence of organizational culture on knowledge management practices. Journal of Management Information Systems, 22, 3 (Winter 2005-6), 191-224.
  • Anderson, M. C.; Banker, R. D.; and Ravindran, S. Value implications of investments in information technology. Management Science, 52, 9 (2006), 1359-1376.
  • Anol, B.; Hikmet, N.; Menachemi, N.; Kayhan, V. O.; and Brooks, R. G. The differential performance effects of healthcare information technology adoption. Information Systems Management, 24, 1 (Winter 2007), 5-14.
  • Aral, S., and Weill, P. IT assets, organizational capabilities, and firm performance: How resource allocations and organizational differences explain performance variation. Organization Science, 18, 5 (2007), 763-780.
  • Balbastre, F., and Moreno-Luzon, M. Self-assessment application and learning in organizations: A special reference to the ontological dimension. Total Quality Management & Business Excellence, 14, 3 (2003), 367-388.
  • Barua, A., and Whinston, A. B. Decision support for managing organizational design dynamics. Decision Support Systems, 22, 1 (1998), 45-58.
  • Behara, R.; Derric, C.; and Hu, Q. A process approach to information security: Lessons from quality management. In Proceedings of the 2006 Americas Conference on Information Systems. Acapulco: Association for Information Systems, 2006, pp. 169-178 (available at http://aisel.aisnet.org/amcis2006/169/
  • Belsley, D. A.; Kuh, E.; and Welsch, R. E. Regression Diagnostics: Identifying Influential Data and Sources of Collinearity. New York: John Wiley & Sons, 2004.
  • Bharadwaj, S.; Bharadwaj, A.; and Bendoly, E. The performance effects of complementarities between information systems, marketing, manufacturing, and supply chain processes. Information Systems Research, 18, 4 (2007), 437-453.
  • Brown, C. V., and Vessey, I. Managing the next wave of enterprise systems: Leveraging lessons from ERP. MIS Quarterly Executive, 2, 1 (2003), 45-57.
  • Bulgurcu, B.; Cavusoglu, H.; and Benbasat, I. Information security policy compliance: An empirical study of rational-based beliefs and information security awareness. MIS Quarterly, 34, 3 (2010), 523-548.
  • Carmeli, A., and Tishler, A. The relationships between intangible organizational elements and organizational performance. Strategic Management Journal, 25, 13 (2004), 1257-1278.
  • Casaretto, J. Security compliance does not equal security. Wikibon Blog, July 2011 (available at http://wikibon.org/blog/security-compliance-does-not-equal-security/
  • Cavusoglu, H.; Raghunathan, S.; and Yue, W. T. Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25, 2 (Fall 2008), 281-304.
  • Chang, K. C., and Wang, C. P. Information systems resources and information security. Information Systems Frontiers, 13, 4 (2011), 579-593.
  • Cremonini, M., and Nizovtsev, D. Risks and benefits of signaling information system characteristics to strategic attackers. Journal of Management Information Systems, 26, 3 (Winter 2009-10), 241-274.
  • D'Arcy, J., and Herath, T. A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20, 6 (2011), 643-658.
  • D'Arcy, J.; Hovav, A.; and Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach practice. Information Systems Research, 20, 1 (2009), 79-98.
  • Devaraj, S., and Kohli, R. Information technology payoff in the health-care industry: A longitudinal study. Journal of Management Information Systems, 16, 4 (Spring 2000), 41-67.
  • Devaraj, S., and Kohli, R. Performance impacts of information technology: Is actual usage the missing link? Management Science, 49, 3 (2003), 273-289.
  • Dierickx, I., and Cool, K. Asset stock accumulation and sustainability of competitive advantage. Management Science, 35, 12 (1989), 1504-1511.
  • Donovan, F. Compliance strategies: A.k.a. alphabet soup. Infosecurity, 8, 6 (2011), 22-25.
  • Fehle, F., and Tsyplakov, S. Dynamic risk management: Theory and evidence. Journal of Financial Economics, 78, 1 (2005), 3-47.
  • Fichman, R.; Kohli R.; and Krishnan, R. The role of information systems in healthcare: Current research and future trends. Information Systems Research, 22, 3 (2011), 419-428.
  • Goh, K. H., and Kauffman, R. J. Strategic advantage or strategic necessity? The case of Internet banking in the U. S. banking industry. Paper presented at the 25th Anniversary Symposium of the Competitive Strategy, Economics and Information Systems Mini-Track, 2013 Hawaii International Conference on System Sciences, Maui, HI, January 7-8, 2013.
  • Grant, R. M. Toward a knowledge-based theory of the firm. Strategic Management Journal, 17, 4 (Winter 1996), 109-122.
  • Greene, W. H. Econometric Analysis. Englewood Cliffs, NJ: Prentice Hall, 2003.
  • Harter, D. E., and Slaughter, S. A. Quality improvement and infrastructure activity costs in software development: A longitudinal analysis. Management Science, 49, 6 (2003), 784-800.
  • Herath, H. S. B., and Herath, T. C. Investments in information security: A real options perspective with Bayesian postaudit. Journal of Management Information Systems, 25, 3 (Winter 2008-9), 337-375.
  • Hong, K.; Chi, Y.; Chag, L. R.; and Tang, J. An integrated system theory of information security management. Information Management & Computer Security, 11, 5 (2003), 243-249.
  • Ittner, C. D., and Larcker, D. F. The performance effects of process management techniques. Management Science, 43, 4 (1997), 522-534.
  • Ittner, C. D.; Nagar, V.; and Rajan, M. V. An empirical examination of dynamic qualitybased learning models. Management Science, 47, 4 (2001), 563-578.
  • Johnson, M. E.; Goetz, E.; and Pfleeger, S. L. Security through information risk management. IEEE Security & Privacy, 7, 3 (2009), 45-52.
  • Johnston, A. C., and Hale, R. Improved security through information security governance. Communications of the ACM, 52, 1 (2009), 126-129.
  • Johnston, A. C., and Warkentin, M. Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34, 3 (2010), 549-566.
  • Kayworth, T., and Whitten, D. Effective information security requires a balance of social and technology factors. MIS Quarterly Executive, 9, 3 (2010), 163-175.
  • Kumar, R. L.; Park, S.; and Subramaniam, C. Understanding the value of countermeasure portfolios in information systems security. Journal of Management Information Systems, 25, 2 (Fall 2008), 241-279.
  • Lacey, D. Understanding and transforming organizational security culture. Information Management & Computer Security, 18, 1 (2010), 4-15.
  • Largest compilation of private-sector comments on nationwide interoperable health information exchange to date. Press Release, U. S. Department of Health & Human Services, Washington, DC, June 3, 2005 (available at http://archive.hhs.gov/news/press/2005pres/20050603.html
  • Luftman, J. Assessing business-IT alignment maturity. Communications of the Association for Information Systems, 4, 1 (2000), 1-51.
  • Mahoney, J. T., and Pandian, J. R. The resource-based view within the conversation of strategic management. Strategic Management Journal, 13, 5 (1992), 363-380.
  • Marcus, A. A., and Nichols, M. L. On the edge: Heeding the warnings of unusual events. Organization Science, 10, 4 (1999), 482-499.
  • Maurer, C.; Bansal, P.; and Crossan, M. Creating economic value through social values: Introducing a culturally informed resource-based view. Organization Science, 22, 2 (2011), 432-448.
  • Oliver, C. Sustainable competitive advantage: Combining institutional and resource-based views. Strategic Management Journal, 18, 9 (1997), 697-713.
  • Pironti, J. P. Changing the mind-set: Creating a risk-conscious and security-aware culture. ISACA Journal, 2, 1(2012), 1-7.
  • Ply, J. K.; Moore, J. E.; Williams, C. K.; and Thatcher, J. B. IS employee attitudes and perceptions at varying levels of software process maturity. MIS Quarterly, 36, 2 (2012), 601-624.
  • Png, I., and Wang, Q. H. Information security: Facilitating user precautions vis-à-vis enforcement against attackers. Journal of Management Information Systems, 26, 2 (Fall 2009), 97-121.
  • Powell, T. C. Total quality management as competitive advantage: A review and empirical study. Strategic Management Journal, 16, 1 (1995), 15-37.
  • Puhakainen, P., and Siponen, M. Improving employees' compliance through information systems security training: An action research study. MIS Quarterly, 34, 4 (2010), 757-778.
  • Rai, A.; Maruping, L. M.; and Venkatesh, V. Offshore information systems project success: The role of social embeddedness and cultural characteristics. MIS Quarterly, 33, 3 (2009), 617-641.
  • Rhee, H. S.; Ryu, Y. U.; and Kim, C. T. Unrealistic optimism on information security management. Computers & Security, 31, 2 (2012), 221-232.
  • Ross, J. W.; Beath, C. M.; and Goodhue, D. L. Develop long-term competitiveness through IT assets. Sloan Management Review, 38, 1 (Fall 1996), 31-43.
  • Sargan, J. D. The estimation of economic relationships using instrumental variables. Econometrica, 26, 3 (1958), 393-415.
  • Smith, S.; Winchester, D.; Bunker, D.; and Jamieson, R. Circuits of power: A study of mandated compliance to an information systems security de jure standard in a government organization. MIS Quarterly, 34, 3 (2010), 463-486.
  • Spears, J. L., and Barki, H. User participation in information systems security risk management. MIS Quarterly, 34, 3 (2010), 503-522.
  • Srivastava, R. K.; Shervani, T. A.; and Fahey, L. Market-based assets and shareholder value: A framework for analysis. Journal of Marketing, 62, 1 (1998), 2-18.
  • State security breach notification laws. National Conference of State Legislatures, Denver, CO, 2012 (available at www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx
  • Straub, D. W.; Goodman, S. E.; and Baskerville, R. Information Security: Policy, Processes, and Practices. Armonk, NY: M. E. Sharpe, 2008.
  • Tanriverdi, H. Performance effects of information technology synergies in multibusiness firms. MIS Quarterly, 30, 1 (2006), 57-77.
  • Tanriverdi, H., and Venkatraman, N. Knowledge relatedness and the performance of multibusiness firms. Strategic Management Journal, 26, 2 (2005), 97-119.
  • Teece, D. J.; Pisano, G.; and Shuen, A. Dynamic capabilities and strategic management. Strategic Management Journal, 18, 7 (1997), 509-533.
  • Tiwana, A., and Konsynski, B. Complementarities between organizational IT architecture and governance structure. Information Systems Research, 21, 2 (2010), 288-304.
  • 2010 Healthcare Information Management and Systems Society analytics report: Security of patient data. HIMSS Analytics, Chicago, April 2010 (available at www.krollcybersecurity.com/media/2010_Kroll-HIMSS_Study_FINAL.pdf
  • 2012 Healthcare Information Management and Systems Society analytics report: Security of patient data. HIMSS Analytics, Chicago, April 2012 (available at www.krollcybersecurity.com/media/Kroll-HIMSS_2012_-_Security_of_Patient_Data_040912.pdf
  • Urbaczewski, A., and Jessup, L. M. Does electronic monitoring of employee Internet usage work? Communications of the ACM, 45, 1 (2002) 80-83.
  • von Solms, S. H. Information security governance—Compliance management vs. operational management. Computers & Security, 24, 6 (2005), 443-447.
  • Weber, R. Information System Control and Audit. Englewood Cliffs, NJ: Prentice Hall, 1999.
  • Wernerfelt, B.A Resource-based view of the firm. Strategic Management Journal, 5, 2 (1984), 171-180.
  • Whitman, M. E., and Mattord, H. J. Principles of Information Security. Boston: Course Technology, 2011.
  • Wooldridge, J. M. Econometric Analysis of Cross Section and Panel Data. Cambridge: MIT Press, 2002.
  • Zhu, K. The complementarity of information technology infrastructure and e-commerce capability: A resource-based assessment of their business value. Journal of Management Information Systems, 21, 1 (Summer 2004), 167-202.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.