Juhee Kwon1, M Eric Johnson. 1. Tuck School of Business, Dartmouth College, Hanover, NH 03755, USA. juhee.kwon@dartmouth.edu
Abstract
OBJECTIVE: Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. DESIGN: We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. MEASUREMENT: We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. RESULTS: Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). CONCLUSIONS: Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.
OBJECTIVE: Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. DESIGN: We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. MEASUREMENT: We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. RESULTS: Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). CONCLUSIONS: Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.
Authors: Shawn N Murphy; Vivian Gainer; Michael Mendis; Susanne Churchill; Isaac Kohane Journal: J Am Med Inform Assoc Date: 2011-10-07 Impact factor: 4.497
Authors: Marco Brandizi; Olga Melnichuk; Raffael Bild; Florian Kohlmayer; Benedicto Rodriguez-Castro; Helmut Spengler; Klaus A Kuhn; Wolfgang Kuchinke; Christian Ohmann; Timo Mustonen; Mikael Linden; Tommi Nyrönen; Ilkka Lappalainen; Alvis Brazma; Ugis Sarkans Journal: BMC Med Inform Decis Mak Date: 2017-03-23 Impact factor: 2.796
Authors: Salem T Argaw; Nefti-Eboni Bempong; Bruce Eshaya-Chauvin; Antoine Flahault Journal: BMC Med Inform Decis Mak Date: 2019-01-11 Impact factor: 2.796
Authors: James R Hébert; William A Satariano; Daniela B Friedman; Cheryl A Armstead; Allen Greiner; Tisha M Felder; Thomas A Coggins; Sora Tanjasiri; Kathryn L Braun Journal: Prog Community Health Partnersh Date: 2015
Authors: Ioan C Cucoranu; Anil V Parwani; Andrew J West; Gonzalo Romero-Lauro; Kevin Nauman; Alexis B Carter; Ulysses J Balis; Mark J Tuthill; Liron Pantanowitz Journal: J Pathol Inform Date: 2013-03-14