Abstract
Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners' neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study's findings revealed that the MIs imitate their peers' actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors' (seniors) ISP non-compliance influence MIs tendency to invoke neutralisation techniques. We found that the trust between the medical team members is an essential social facilitator that motivates MIs to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.
Original language | English |
---|---|
Title of host publication | Risks and security of internet and systems |
Subtitle of host publication | 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, proceedings |
Editors | Slim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem |
Place of Publication | Cham |
Publisher | Springer |
Pages | 227-243 |
Number of pages | 17 |
ISBN (Electronic) | 9783030415686 |
ISBN (Print) | 9783030415679 |
DOIs | |
Publication status | Published - 16 Feb 2020 |
Event | CRiSIS 2019: 14th International conference on risks and security of internet and systems - Hammamet, Tunisia Duration: 29 Oct 2019 → 31 Oct 2019 http://crisis2019.redcad.org/ |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 12026 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | CRiSIS 2019 |
---|---|
Country/Territory | Tunisia |
City | Hammamet |
Period | 29/10/19 → 31/10/19 |
Internet address |
Keywords
- Neutralisation theory
- Health care
- Information security policies
- Privacy
- Medical interns