Accepted for/Published in: JMIR Human Factors
Date Submitted: Dec 24, 2019
Date Accepted: Apr 4, 2021
A Framework for Healthcare Professionals’ Information Security Practice Analysis: Psycho-Socio-Cultural Context
ABSTRACT
Background:
The purpose of this study was to develop a comprehensive framework which can be employed for measuring healthcare professionals’ (HP) information security (IS) practices in the psycho-socio-cultural-context. The PSC framework would be used in modelling and analyzing HPs’ information security practices related to their psycho-socio-cultural characteristics in a hospital setting in Norway, under Healthcare Security Practice Analysis, Modelling and Incentivization (HSPAMI) project. Conceptual and Design Science Research (DSR) methods were adopted for the development of this framework known as the Psycho-socio-cultural (PSC) framework.
Objective:
The main objective is to develop a comprehensive framework for modelling and analyzing healthcare professionals security practices towards incentivization
Methods:
With a design Science Research (DSR) approach, the existing literature was surveyed for relevant theories addressing HP’s security practices (e.g. Health Belief Model (HBM), Protection Motivation Theory (PMT), Theory of Planned Behavior (TPB) and Social Control Theory (SC)) in addition to some social demographic variables to form a comprehensive set of staffs’ characteristics. Furthermore, an ontology was developed from these theories to merge all the concepts together in a comprehensive way. The PSC framework was then developed from the combination of the various psychological and socio-cultural attributes of the ontology. Human Aspect of Information Security Questionnaire (HAIS-Q) was adopted as a comprehensive tool for gathering staff security practices as mediating variables in the framework.
Results:
A comprehensive framework capturing healthcare professionals’ security traits and practices in a holistic manner was developed focusing on psychological, socio-cultural and socio-demographic context.
Conclusions:
There are numerous data breaches in healthcare nowadays. This has been attributed to lack of experience of healthcare staffs in information security, lack of development of conscious care security practices and lack of motivation to incentivize healthcare staffs. This threatens the mutual trust between healthcare professionals and patients which has and implicit impact on quality of healthcare provision. The modelling and analysis of healthcare professionals’ security practices can be conducted with PSC framework by using mixed methods of statistical survey, observations and interviews in relation to the psycho-socio-cultural variables such as perceptions (perceived benefits, perceived threats, perceived barriers) or psychological traits, social factors, cultural factors and social demographics.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.