CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


Graduate School of Computer and Information Sciences


Marilyn K Littman

Committee Member

Ling Wang

Committee Member

Glenn Stout


Compliance, HIPAA, Information Security, Information Systems, Security Effectiveness, Technology Acceptance


HIPAA security compliance in academic medical centers is a central concern of researchers, academicians, and practitioners. Increased numbers of data security breaches and information technology implementations have caused concern over the confidentiality, integrity, and availability of electronic personal health information. The federal government has implemented stringent HIPAA security compliance reviews and significantly extended the scope and enforcement of the HIPAA Security Rule. However, academic medical centers have shown limited compliance with the HIPAA Security Rule. Therefore, the goal of this study was to investigate the factors that may affect HIPAA security compliance in academic medical centers. Based on a review of the literature of technology acceptance and security effectiveness, this study proposed a theoretical model that uses management support, security awareness, security culture, and computer self-efficacy to predict security behavior and security effectiveness and thus HIPAA security compliance in academic medical centers.

To empirically assess the effect of the above-noted variables on HIPAA security compliance in academic medical centers, a Web-based survey was developed. The survey instrument was designed as a multi-line measure that used Likert-type scales. Previous validated scales were adapted and used in the survey. The sample for this investigation was health care information technology professionals who are members of the Group on Information Resources within the Association of American Medical Colleges.

Two statistical methods were used to derive and validate predictive models: multiple linear regression and correlation analysis. The results of the investigation demonstrated that security awareness, management support, and security culture were significant predictors of both security effectiveness and security behavior. Security awareness was the most significant predictor of security effectiveness and security behavior. Due to the presence of collinearity, Pearson correlation analysis was used to develop a composite factor, consisting of management support and security culture, for the final multiple linear regression model.

By enhancing the understanding of HIPAA security compliance in academic medical centers, the outcomes of this study will contribute to the body of knowledge of security compliance. The empirical results of this research also will provide guidance for

individuals and organizations involved with HIPAA security compliance initiatives in health care.

  Link to NovaCat