Start Date
16-8-2018 12:00 AM
Description
The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat because they have access to systems, administrative privileges, and skills to disclose health information for monetary benefit. This study used economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rated high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.
Recommended Citation
Gaia, Joana; Wang, XunYi; Basile, Jenn; Sanders, G.L.; and Murray, David, "A Study of Factors in HIPAA Non Complaint Behavior" (2018). AMCIS 2018 Proceedings. 36.
https://aisel.aisnet.org/amcis2018/Health/Presentations/36
A Study of Factors in HIPAA Non Complaint Behavior
The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat because they have access to systems, administrative privileges, and skills to disclose health information for monetary benefit. This study used economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rated high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.