CCE Theses and Dissertations
Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
2011
Document Type
Dissertation - NSU Access Only
Degree Name
Doctor of Philosophy in Information Systems (DISS)
Department
Graduate School of Computer and Information Sciences
Advisor
Steven Terrell
Committee Member
Maxine S Cohen
Committee Member
Glenn Stout
Keywords
access control, confidentiality, health belief model, information security, security threats, theory of planned behavior
Abstract
In recent years, many health care organizations have begun to take advantage of computerized information systems to facilitate more effective and efficient management and processing of information. However, commensurate with the vastly innovative enhancements that computer technology has contributed to traditional paper-based health care information systems, are security vulnerabilities that have potentially devastating effects on these systems. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of computerized patient care information management systems, the controls are sometimes circumvented or ignored.
The purpose of this study was the development of an instrument that measures key determinants of healthcare professionals' prudent access control behavior. The study examined healthcare professionals' prudent access control behavior using a model that integrates the Theory of Planned Behavior (TPB) and the Health Belief Model (HBM).
Two additional variables - information security awareness and perceived information security responsibility were incorporated into the model. Rather than focusing on a single behavior or a few specific behaviors, a category of behaviors was proposed. Results of the study indicate that the HBM and TPB constructs as well as the two additional constructs included in the model are indeed key determinants of healthcare professionals' intention to engage in prudent access control behavior that mitigate security threats. Additionally, results of the study provide support for the partial mediating effects of perceived benefits and perceived responsibility for information security on attitude, information security awareness, subjective norm, perceived behavioral control, and perceived severity. The study contributes to the IS knowledge domain by providing theoretically grounded explanations for a subset of prudent information security behaviors of healthcare professionals.
NSUWorks Citation
Constance Cecilia Mussa. 2011. A Prudent Access Control Behavioral Intention Model for the Healthcare Domain. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (257)
https://nsuworks.nova.edu/gscis_etd/257.