Readiness for Health Information Technology is Associated to Information Security in Healthcare Institutions.

BACKGROUND: Health information technologies (HITs) present numerous opportunities for the improvement and transformation of healthcare, which include reducing human errors, improving clinical outcomes, facilitating care coordination, improving efficiency of practice and tracking data over time. HITs involve various technologies that range from simple charting, to a more advanced decision support and integration with medical technology.
OBJECTIVE: The aims of this study were to examine the readiness for the implementation of health information technologies (HITs) among medical and administrative staff as well as to evaluate the effects of information security status on the readiness.
METHODS: In this cross-sectional study, 236 medical employees (F/M: 192/44; mean age: 34±7.43 years) and 139 administrative employees (F/M: 93/46, mean age: 36±7.64 years) from 15 public health institutions in Kocaeli, Marmara Region were included. The data were collected via a structured questionnaire regarding opinions about information security and privacy, use of information technologies and the Organizational Information Technology Innovation Readiness Scale (OITIRS). After an explanatory factor analysis was performed for the scale, two subgroups regarding Organizational Readiness and Technological Readiness were obtained. Binary logistic regression analyses were performed to evaluate related factors for these subgroups of OITIRS.
RESULTS: According to binary logistic regression analysis, establishing of a password management system was found to be a crucial factor for both organizational and technological readiness among medical and administrative employees in health institutions (p<0.05). The enhancement of collaboration among staff by implementing information technologies was a critical factor for the medical staff; whereas, the attitude of employees to ensure information security was an important factor for the administrative employees in both subgroups (p<0.05).
CONCLUSION: Both medical and administrative unit employees stated that establishing a password management system that determines the frequency of changing passwords in the organization would affect both organizational and technical readiness in healthcare institutions.

INTRODUCTION

Nowadays, information technologies have critical importance for productivity, healthcare service quality and competitiveness of health institutions (1). Healthcare organizations not only provide healthcare services, but also compete with each other for long-term business goals. The increasing pressures for reducing health care costs, improving healthcare quality, ensuring patient safety as well as reducing medical failures have led to an increasing amount of use of information systems in healthcare organizations (2-5).

In this respect, health information technologies (HITs) present numerous opportunities for the improvement and transformation of healthcare, which include reducing human errors, improving clinical outcomes, facilitating care coordination, improving efficiency of practice and tracking data over time. HITs involve various technologies that range from simple charting, to a more advanced decision support and integration with medical technology. (3).

Hospitals are complex socio-technical systems with various contextual characteristics. Moreover, multiple functions are carried out cooperatively among healthcare institutions. Therefore, health managers may take more assertive actions during the adoption of health information technologies (4). Hospital Information Management Systems (HIMS) as an example of HITs, store, maintain and transmit massive amounts of data to support the delivery of efficient and proper care (5,6). Besides, new security and privacy threats originate from the system (7). Therefore, organizations aim to upgrade the security of their information systems to protect their databases against unauthorized access (7, 8). Because of the complexity of HIMS, numerous factors impact their success or failure namely functional, technical, cultural, economic, legal, political, ethical, organizational and managerial factors. Thus, it is critical to evaluate the readiness of employees in health institutions for HITs. In this respect, evaluating the users’ readiness for HITs is very important because inadequate training and resistance of the users to the application are the main causes of information system’s failure (6, 9). However, recent trends in healthcare sector, technological advancements and interdependence among departments in healthcare institutions are the driving motives for readiness (10). To prevent failure in the adoption of new health information technologies, identifying barriers and limitations in healthcare institutions is a recommended process (7, 11). Readiness for health information technology consists of core readiness, engagement readiness, technological readiness, health information technology funding readiness, regulatory and policy readiness, workforce readiness and change management readiness (12). The assessment of user perspective’s readiness assessment is essential for the efficient implementation of health information technologies. Focusing on human resource capability, user-friendly health information technology, user involvement in the health information technology and implementation processes should be heeded in the adaptation of technology in healthcare institutions. Finally, the level of organizational and technological readiness of the users is an important issue for the efficient use of new technologies (13, 14, 15).

AIM

The aims of this study were to examine the readiness for health information technologies (HITs) among medical and administrative staff as well as to evaluate the effects of information security status on the readiness.

METHODS

In this cross-sectional study, 236 medical employees (F/M: 192/44; mean age: 34±7.43) and 139 administrative employees (F/M: 93/46, mean age: 36±7.64) from 15 public health institutions in Kocaeli, Marmara Region were included. Data were collected via a structured questionnaire in face-to-face interviews. The questionnaire consisted of items regarding the use of HITs, data security and privacy (6) as well as Organizational Information Technology Innovation Readiness Scale developed by Dr. Rita Snyder for healthcare. It provides information about the areas that need to be enhanced for the use of HITs (16). The Turkish validation of the scale was carried out with health managers by Şişman (17). The 8-point Likert scoring system has been used. As the scale to evaluate the responses to the items (1: absolutely disagree, 8: absolutely agree). An increase in the score indicates that the readiness for HITs is found to be high.

Since this study aimed to examine the readiness level for HITs among medical and administrative staff, 16 items out of 48 items were used for employees. The other items in the scale concerned the managers. Therefore, re-validation of the scale for employees was carried out by using both explanatory and confirmatory factor analyses in the study.

Moreover, “the institution’s capacity to use information technologies”, “attaching due importance to the information security in the institution” were scored by using a 10-cm visual-analogue scale. High scores sufficiently reflected enough institution’s capability to use information technology and the level of importance that the institution attached to the information security.

As a result of the explanatory factor analysis of the employees’ readiness scale, KMO sample adequacy value was found to be 0.950, and “Bartlett’s Test of Sphericity” was found to be p=0.000. Therefore, sample adequacy is considered to be “very good” and the tested items display a structure suitable for the analysis. Two factors, namely, (n=5) and (n=7) were distinguished in the explanatory factor analysis. The percentage of variance explanation for organizational readiness was 45.16% while the percentage variance explanation for technological readiness was came out to be 29.96% and the percentage of total variance explanation was found to be 75.14%. “Cronbach’s alpha value”, which is an internal consistency analysis, was applied to test the reliability of the subgroups of the scale. The “Cronbach’s alpha values” were 0.964 for the Organizational Readiness subgroup and 0.923 for the Technological Readiness subgroup. As a result of the confirmatory factor analysis, it was found that x2/df=4.654; RMSEA=0.099; GFI, AGFI, CFI, NFI indices were tolerable at 0.90 level and RMSEA value showed moderate conformance.

In the study, Mann Whitney-U Test, Kruskal-Wallis Test and Spearman Correlation Test were used owing to abnormal distribution of data. Chi-square Test was used for used the analysis of categorical data. After preliminary analyses, binary logistic regression analysis was carried out to find predictive factors for the scores of the subgroup’s readiness Organizational readiness score (≤5.45:1 vs ≥5.46:2) and the Technological Readiness score (≤5.60:1 vs ≥5.61:2) were categorized as dependent variables according to median values in the analysis. Independent variables were determined by preliminary analysis. Items regarding “information technologies increase cooperation among employees”, “establishing a password management system in the organization that determines the frequency of changing passwords”, “employees take due care to ensure information security”, “the capability of the organization to use information technologies” were used in the regression analysis.

The other independent variables were “working time in the current position (≤7:1, ≥8: 2)”, “age groups (20-24:1;25-29:2; 30-34:3; 35-39:4, 40-44:5;, ≥45:6)”, “education level (high school: 1; associate degree: 2, undergraduate: 3, postgraduate: 4)”, institution worked (training and research hospital:1; public hospital:2; oral and dental health center:3), “the institution’s capability to use information technologies”, “attaching adequate importance to the information security in the institution”, “participants’ views on information security” (yes:1, no:2).

RESULTS

236 medical unit employees and 139 administrative unit employees participated in this cross-sectional study. Scores related to the item“the institution’s capability to use information technologies” and “attaching adequate importance to the information security in the institution” yielded similar results in both groups (medical: 6.79±1.98; 7,15±2,1 vs administrative: 7.15±1.76; 7.48±1.82) (p=0.075, p=0.113, respectively).

The Organizational Readiness score was significantly higher for employees who were over 45 years old than the group aged 20-24 (p=0.003). In addition, the score was higher in employees who had graduated from high school than the score of those with a bachelor’s degree (p=0.049). Moreover, increases in the Organizational Readiness score and Technological Readiness score were observed in Oral and Dental Health Centers when compared with others (p<0.05). Technological Readiness subgroup score was lower in employees aged 20-24 years and 25-29 years than the group 45 years and older (p<0.05) (Table 1).

Table 1.

Organizational and Technological Scores of the Readiness Scale and Overall Evaluation of Technology Use and Information Security According to the Profile of the Study Group. * Kruskal-Wallis Test and ** MannWhitney U Test were used in the analysis

			Medical Staff			p *	Administrative Staff			p *
			n	Mean	SD		n	Mean	SD
Organizational Readiness	Age	20-24	15	3.91	1.30	0.006	5	5.60	1.58	0.399
		25-29	65	5.28	1.48		21	5.07	2.10
		30-34	40	5.23	1.77		32	5.37	1.94
		35-39	60	5.19	1.70		32	5.60	2.09
		40-44	29	5.36	1.73		26	4.75	1.68
		≥45 years	26	5.96	1.91		21	5.59	1.95
	Educational level	High school	30	6.02	1.65	0.035	22	6.22	1.77	0.053
		Associate’s degree	60	5.20	1.62		52	5.00	2.05
		Bachelor’s degree	92	5.06	1.77		53	5.13	1.85
		Master’s degree, Doctorate degree	54	5.12	1.68		12	5.58	1.63
	Institution	Training and Research Hospital	22	5.07	1.39	0.047	24	4.82	2.10	0.355
		Public Hospital	177	5.13	1.73		93	5.41	1.87
		Oral and Dental Health Center	37	5.78	1.71		22	5.29	1.97
Technological Readiness	Age	20-24	15	4.28	1.32	0.001	5	5.72	1.64	0.232
		25-29	65	5.08	1.51		21	4.92	1.88
		30-34	40	5.24	1.77		32	5.28	2.02
		35-39	60	5.40	1.61		32	5.48	2.16
		40-44	29	5.61	1.48		26	4.78	1.90
		≥45 years	25	6.35	1.88		21	5.91	1.92
	Educational level	High school	30	5.97	1.85	0.133	22	6.19	1.72	0.087
		Associate’s degree	60	5.31	1.54		52	4.95	2.10
		Bachelor’s degree	91	5.18	1.66		53	5.25	1.91
		Master’s degree, Doctorate degree	54	5.22	1.73		12	5.50	2.01
	Institution	Training and Research Hospital	22	4.68	1.69	0.014	24	4.65	2.14	0.189
		Public Hospital	176	5.28	1.65		93	5.48	1.85
		Oral and Dental Health Center	37	5.89	1.69		22	5.29	2.29

When scores were analyzed according to the information security related items, subgroup scores of Organizational Readiness and Technological Readiness were observed to be higher for employees who responded positively the items regarding “access to information security policy”, “taking the necessary care”, “rendering work life easier”, “storing personal information securely”, “paying due attention to security and privacy” in contrast to others (p<0.05) (Table 2).

Table 2.

Subgroup Scores of Organizational Information Technology Innovation Readiness Scale According to Information Security Related Items * Mann Whitney U Test was used in the analysis. **1: Absolutely Disagree–8: Absolutely Agree

Variables			Medical Staff				Administrative Staff
			n	Mean	SD		n	Mean	SD p*
	Information Security Related Items		n	Mean	SD	p*	n	Mean	SD	p*
Organizational Readiness**	I have access to the information security policy documents at the hospital	Yes	146	5.42	1.62	0.010	95	5.54	1.89	0.055
		No	74	4.78	1.84		37	4.90	1.92
	Employees take due care to ensure information security	Yes	161	5.43	1.67	0.000	87	5.80	1.83	0.000
		No	65	4.56	1.66		46	4.56	1.82
	Using information technology makes my work life easier	Yes	213	5.25	1.66	0.050	131	5.37	1.88	0.264
		No	15	4.26	2.05		4	4.27	2.57
	Personal information is stored via information technologies securely	Yes	188	5.39	1.69	0.000	114	5.56	1.88	0.002
		No	35	4.18	1.41		19	4.20	1.71
	Due attention is paid to the information security and privacy of the patients	Yes	197	5.36	1.67	0.000	109	5.49	1.88	0.061
		No	29	4.05	1.58		24	4.80	2.00
Technological Readiness**	I have access to the information security policy documents at the hospital	Yes	145	5.50	1.60	0.012	95	5.44	2.03	0.324
		No	74	4.90	1.80		37	5.21	1.81
	Employees take due care to ensure information security	Yes	160	5.51	1.70	0.001	87	5.72	1.94	0.001
		No	65	4.72	1.48		46	4.70	1.84
	Using information technology makes my work life easier	Yes	212	5.37	1.60	0.023	131	5.43	1.96	0.066
		No	15	4.16	2.20		4	3.95	1.14
	Personal information is stored via information technologies securely	Yes	187	5.49	1.69	0.000	114	5.57	1.97	0.001
		No	35	4.20	1.18		19	4.22	1.45
	Due attention is paid to the information security and privacy of the patients	Yes	196	5.45	1.67	0.000	109	5.57	1.91	0.006
		No	29	4.25	1.45		24	4.47	1.97

Both Organizational Readiness and Technological Readiness scores were moderately correlated with technology-related items as well as the aptitude for the use of information technology and awareness of the importance of information security (p<0.05) (Table 3). According to the binary regression analysis, “increase in cooperation” and “existence of password management system” were predicted factors for both Organizational Readiness and Technological Readiness subgroups (p<0.05). In addition, “the institution” and “ability to use information technology” were other variables related with Technological readiness score for the medical staff (p<0.05) (Table 4).

Table 3.

Association between Technology Related Items and Subgroup Scores of Organizational Information Technology Innovation Readiness Scale Scores * Spearman Correlation Test was used in the analysis

Variables		Medical Staff		Administrative Staff
		r	p *	r	p *
Organizational Readiness	The capability of the organization to use information technologies	0.45	0.000	0.37	0.000
	Heeding the information security in the institution	0.41	0.000	0.29	0.000
	Information Security-Related Items
	Information technologies provide support in decision-making	0.30	0.000	0.37	0.000
	Information technologies are compatible with workflows	0.47	0.000	0.51	0.000
	It is faster to operate by using the information technology system	0.46	0.000	0.40	0.000
	Information technologies enhance collaboration among employees	0.54	0.000	0.43	0.000
	The organization has a password management system by which the frequency of changing password is determined	0.43	0.000	0.32	0.000
Technological Readiness	The capability of the organization to use information technologies	0.48	0.000	0.45	0.000
	Heeding the information security in the institution	0.46	0.000	0.35	0.000
	Information Security-Related Items
	Information technologies provide support for decision-making	0.32	0.000	0.50	0.000
	Information technologies are compatible with workflows	0.53	0.000	0.58	0.000
	It is faster to operate by using the information technology system	0.46	0.000	0.55	0.000
	Information technologies enhance collaboration among employees	0.54	0.000	0.49	0.000
	The organization has a password management system by which the frequency of changing password is determined	0.44	0.000	0.46	0.000

Table 4.

Binary Logistic Regression Analysis for Organizational Information Technology Innovation Readiness Scale * Binary Logistic Regression Test was used in the analysis

		B	SE	p *	OR	Limits
						Lower	Upper
Organizational Readiness	Medical Unit
	Information technologies increase cooperation among employees	0.65	0.24	0.007	1.92	1.19	3.08
	Establishing a password management system in the organization determines the frequency of changing passwords	0.45	0.17	0.007	1.56	1.13	2.16
	Administrative Unit
	Employees take due care to ensure information security	1.12	0.56	0.044	3.06	1.03	9.10
Technological Readiness	Medical Unit
	Institution	-1.64	0.83	0.047	0.19	0.04	0.98
	The capability of the organization to use information technologies	0.41	0.17	0.017	1.50	1.08	2.10
	Information technologies increase cooperation among employees	0.67	0.28	0.015	1.95	1.14	3.36
	Establishing a password management system in the organization that determines the frequency of changing passwords	0.53	0.18	0.003	1.70	1.19	2.41
	Administrative Unit
	Employees take due care to ensure information security	1.52	0.64	0.017	4.56	1.31	15.83
	Establishing a password management system in the organization that determines the frequency of changing passwords	0.57	0.26	0.030	1.76	1.06	2.94

No significant differences were observed in the Organizational Readiness scores and Technological Readiness scores according to the profile of the administrative staff (p>0.05) (Table 1). Subgroup scores of Organizational Readiness and Technological Readiness were higher in employees who responded positively to the items regarding “taking necessary care”, “storing personal information securely” when compared with others (p<0.05). In addition, Technological Readiness score was significantly higher in employees who positively responded to the item “necessary attention for information security and privacy” than the others (p=0.006) (Table 2).

Significant correlations were observed between Organizational Readiness and Technological Readiness scores and technology related items as well as “aptitude for information technology use” and “attaching due importance to the information security in the institution” (p<0.05) (Table 3). In binary regression analysis, “ensuring information security” was a predictive factor for the scores of Organizational Readiness and Technological Readiness and “establishing password management system” for Technological Readiness score among the administrative staff (p<0.05) (Table 4).

DISCUSSION

The use of HITs is of great importance in healthcare because health institutions with a complex and dynamic structure use them to carry out their business processes (18). Information technologies are essential for providing effective solutions to the provision of health services, enabling institutions, health professionals and patients to save time, perform their task more easily, improve the quality of health services and facilitate technology acceptance (14, 19). Therefore, we aimed to examine the readiness for HITs among medical and administrative employees as well as to evaluate readiness-related factors in the perspective of health management.

In the present study, Organizational Readiness and Technological Readiness subgroups in OITIRS were defined through the Explanatory Factor Analysis. These are expected subgroups of readiness for HITs. Among medical employees, increases in these subgroup scores were seen in the group aged ≥ 45 years old and staff in Oral and Dental Health Centers. Also, high-school-graduate employees exhibited higher Organizational Readiness score. Based on these results, it can be assumed that employees aged 45 and over could realize the benefits of HITs for their business processes. When the relation between readiness and age is evaluated, conflicting results are found. As better-informed individuals are more apt to using information technologies, readiness could increase with age. However, this relation is not supported or an inverse relation is also observed with increasing age (15, 20, 21).

In the study, increases in Organizational Readiness and Technological Readiness subgroup scores in the medical staff group were also seen in Oral and Dental Health Centers. Since HITs could be more specialized in Oral and Dental Health Services when compared to public hospitals, these results could be foreseen. In addition, digital technology is changing clinical practices and patient care in Oral and Dental Health Services. Since dental apps, digital workflow models and digital health information are transforming dental practices (22), these results could be predicted.

In the medical employees group, two subgroup scores were found to be high for high-school-graduates in the study. These results could be associated with gaining advantages from them in the competitive healthcare environment. According to previous studies, the acceptance of these technologies is achieved when employees believe that information systems are beneficial (23). Employees with a high educational level exhibited an increase in the readiness status in the previous studies. It is necessary to use the system efficiently to provide healthcare services. Contrary to our results, the enhancement of readiness could be seen with increasing educational level (24).

Medical employees who positively responded to items regarding “access to information security policy”, “taking necessary care”, “using information technology makes my work life easier”, “storing personal information securely”, “heeding privacy and security” scored high in Organizational Readiness and Technological Readiness subgroups. These opinions of medical staff are explicable since HITs are considered as a great potential to increase the quality, continuity, safety and efficiency of health services. It is stated that physicians are more likely to accept when they believe that information systems benefit them (23).

In the administrative employees group, Organizational Readiness and Technological Readiness subgroups scores were found to be similar in accordance with their profile. Since use of technology is a critical component of their working life, these results were predictable. However, no significant differences were seen in the aptitude for the use of organizational technology and the importance of information security among medical and administrative employees.

In the administrative employees group, scores of items “taking due care” and, “storing personal information securely” for both Organizational Readiness and Technological Readiness scores were high and “heeding security and privacy” Technological Readiness score was highin the administrative staff group. Administrative employees could be more apt to the use of information technologies due to their role-based usage pattern in healthcare. Users adapt the health information technology to meet the information and workflow needs. Therefore, medical and administrative employees use HIMS due to different needs of their workflows (25).In this respect, trends in health information technology enforce health information technology innovations upon health care institutions (11, 18, 26). However, threats to information security in health institutions may seriously harm their healthcare services provision (6,27).

According to the regression analysis, “increasing cooperation” and “establishing password system” in the medical staff group and “ensuring information security” in the administrative staff group are predictive factors for Organizational Readiness and Technological Readiness. Information technology readiness is one of the essential observational variables in information security. Therefore, it is very vital to increase the awareness level of the employees about the information security in corporate information security. In addition to the technological investments to be made in ensuring corporate information security, it is important to train the employees of the institution on this issue. In this way, information security risks can be eliminated (6, 28). The focus of an organization’s information security approach should be on employee behavior. Information security is more than just a simple technical or legal issue. Compliance with guidelines is largely dependent on healthcare workers who understand the value of the data they have and health managers (6,9).

Moreover, “institution type” and “capability of the institution to use information technology” were other factors affecting Technological Readiness scores in the medical staff group participating in the study. Usage of technology and information security are two essential components in the provision of healthcare services (6, 29). When role-based usage profile is considered, all the users’ experiences may have an impact on the readiness status of organizations. However, users have vital roles in contributing to the institutions’ information security performance as well as security awareness and cautious behavior.

CONCLUSION

All in all, it was approved that information technology readiness was also related to information security. These were the main advantages of the current study. Considering the importance of study results, it would be advisable for both employees and health managers to heed these two components for an enhanced corporate culture.