The impact of security practices on regulatory compliance and security performance

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)

8 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Title of host publicationInternational Conference on Information Systems 2011, ICIS 2011
Pages2204-2212
Volume3
Publication statusPublished - 2011
Externally publishedYes

Publication series

Name
Volume3

Conference

Title32nd International Conference on Information System 2011, ICIS 2011
PlaceChina
CityShanghai
Period4 - 7 December 2011

Abstract

This study examines how a healthcare organization's security practices (including IT controls, policies, education, and hiring practices) influence their perceived regulatory compliance and security performance. We utilized qualitative and quantitative survey data provided by senior IT managers from 250 healthcare organizations. The data provides a snapshot of patient information security in the surveyed organizations. Healthcare organizations must focus on preventing breaches (which results in brand damage and direct remediation costs) as well as complying with government regulation (to avoid indirect costs, including fines and penalties). Using hierarchical linear modeling (ULM), we examine how specific security practices improve regulatory compliance, protect patient information, and minimize the impact of a breach incident. The results show that audit polices are positively associated with perceived regulatory compliance and security policies are associated with security performance. We also find that the interaction of both audit and security policies has a more significant effect than either type alone. Surprisingly, an organization's level of compliance is not significantly associated with actual security performance. This study contributes to demonstrating which security practices can help the organizations comply with the regulations and the effects of security practices and regulatory compliance on information security performance. This can provide healthcare organizations with strategic guidelines to improve their regulatory compliance and security performance. © (2011) by the AIS/ICIS Administrative Office, All rights reserved.

Research Area(s)

  • Compliance, Healthcare, HIPPA, HITECH, Security

Citation Format(s)

The impact of security practices on regulatory compliance and security performance. / Kwon, Juhee; Johnson, M. Eric.

International Conference on Information Systems 2011, ICIS 2011. Vol. 3 2011. p. 2204-2212.

Research output: Chapters, Conference Papers, Creative and Literary Works (RGC: 12, 32, 41, 45)32_Refereed conference paper (with ISBN/ISSN)