Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Feb 3, 2023
Date Accepted: Oct 11, 2024
The role of the organization in promoting information security-related behavior in hospitals: A web-based survey among resident physicians in Germany
ABSTRACT
Background:
Nowadays, optimal patient care should be based on data-driven decisions. In the course of digitization, hospitals in particular are becoming complex organizations with an enormously high density of digital information. Ensuring information security is therefore essential and has become a major challenge. Researchers have shown that – in addition to technological and regulatory measures – it is also necessary for all employees to follow security policies and consciously use information technology (compliance) because non-compliance can lead to security breaches with far-reaching consequences for the organization. There is little empirical research on information security-related behavior in hospitals and its organizational antecedents.
Objective:
The aim of this study was to explore the impact of specific job demands and job resources on resident physicians’ information security-related compliance in hospitals through the mediating role of work engagement and information security-related awareness.
Methods:
We used a cross-sectional survey-based study design to collect relevant data from our target population, namely resident physicians in hospitals. For data analysis, we applied structural equation modeling. Our research model consisted of a total of seven job demands and resources as exogenous variables, two mediators, and information security-related compliance as the dependent variable.
Results:
Overall, data from 281 participating physicians were included in the analyses. Both mediators – work engagement and awareness – had a significant positive effect on information security-related compliance (β = .208, p = .001 vs. β = .552, p < .001). Quality of leadership was found to be the only resource with a significant indirect effect on physicians’ compliance mediated by work engagement (β = .086, p = .027). Furthermore, awareness mediated the relationships between information security-related communication and information security-related compliance (β = .192, p < .001) as well as between further education and training and the dependent variable (β = .096, p = .015). Contrary to our hypothesis, IT resources had a negative effect on compliance, mediated by awareness (β = -.114, p = .018).
Conclusions:
Our results highlight the importance of work engagement and information security-related awareness as mediators of the relationship between job resources and information security-related compliance. Supervisors and the hospital management should pay particular attention to the quality of leadership, good further education and training as well as clear information security-related communication.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.