Abstract
This study examines how a healthcare organization’s security practices (including IT controls, policies, education, and hiring practices) influence their perceived regulatory compliance and security performance. We utilized qualitative and quantitative survey data provided by senior IT managers from 250 healthcare organizations. Healthcare organizations must focus on preventing breaches as well as complying with government regulation. Using hierarchical linear modeling (HLM), we examine how specific security practices improve regulatory compliance, protect patient information, and minimize the impact of a breach incident. The results show that audit polices are positively associated with perceived regulatory compliance and security policies are associated with security performance. We also find that the interaction of both audit and security policies has a more significant effect than either type alone. Surprisingly, an organization’s level of compliance is not significantly associated with actual security performance. This study can provide healthcare organizations with strategic guidelines to improve their regulatory compliance and security performance.
Recommended Citation
Juhee, Kwon and M.Eric, Johnson, "The Impact of Security Practices on Regulatory Compliance and Security Performance" (2011). ICIS 2011 Proceedings. 6.
https://aisel.aisnet.org/icis2011/proceedings/ISsecurity/6
The Impact of Security Practices on Regulatory Compliance and Security Performance
This study examines how a healthcare organization’s security practices (including IT controls, policies, education, and hiring practices) influence their perceived regulatory compliance and security performance. We utilized qualitative and quantitative survey data provided by senior IT managers from 250 healthcare organizations. Healthcare organizations must focus on preventing breaches as well as complying with government regulation. Using hierarchical linear modeling (HLM), we examine how specific security practices improve regulatory compliance, protect patient information, and minimize the impact of a breach incident. The results show that audit polices are positively associated with perceived regulatory compliance and security policies are associated with security performance. We also find that the interaction of both audit and security policies has a more significant effect than either type alone. Surprisingly, an organization’s level of compliance is not significantly associated with actual security performance. This study can provide healthcare organizations with strategic guidelines to improve their regulatory compliance and security performance.