Information Security Management: The Effect of Organizational Commitment and Perceived Consequences of Disclosure of Confidential Information on Patient Information Breach Intention
DOI:
https://doi.org/10.69760/gsrh.01012025008Keywords:
Security policy, Intent to Violate Information Security, CommitmentAbstract
Background and Objective: Information security is a vital issue in the field of health and medicine. In most of the research conducted in this field, the human factor has been ignored and a kind of technical view and approach has been adopted. The present article was conducted with the aim of determining the relationship between personnel's perception of the consequences of information disclosure and employees' commitment to their intention to violate information security.
Materials and Methods: The sample of this study consisted of 181 specialists from specialized teaching hospitals in Kabul city who were sampled using a locally developed questionnaire using a convenient method. To measure the perceived consequences of information disclosure, D’Arcy et al.’s questionnaire with 7 questions and two dimensions of perception of the certainty and severity of punishments was used, and to measure organizational commitment, Allen and Meyer’s 24-question questionnaire with three dimensions of affective, normative, and continuum commitment was used. After confirming the face validity, content and construct reliability using Cronbach's alpha and composite reliability, the hypotheses were tested using the partial least squares method and Smart PLS software.
Findings: The findings of this study showed that the perception of medical specialists of organizational policies that indicate the certainty and severity of penalties for information disclosure had a significant negative relationship with their intention to breach the security of patient information (P<0.001). The results also showed that the physicians' perception of commitment, which included affective, normative, and ongoing commitment, was not significantly related to their intention to breach patient information security.
Ethical considerations: Participation in data collection was voluntary, verbal consent was obtained from participants, and they were assured of the confidentiality of their identities.
Conclusion: Organizational policies regarding the severity and severity of punishments for doctors who violate information security should be tightened at the hospital level and even at the ministry level, and should be communicated to healthcare professionals, including doctors, through various tools.
References
Albert L, Michelle M, Yair L.(2015) Examining users’personal information sharing awareness, habits, and practices in social networking sites and e-learningsystems. Online Journal of Applied KnowledgeManagement 2015; 3(1): 180-207.
Allen N, Meyer J.(1990) The measurement and antecedents of affective, continuance and normative commitment. Journal of Occupational Psychology1990; 63(1): 1-18.
Barton KA, Tejay G, Lane M, Terrell S.(2016) Information system security commitment: A study ofexternal influences on senior management. Computers& Security 2016; 59: 9-25.
Chong VK, Eggleton IRC.(2007) The impact of reliance on incentive-based compensation schemes, information asymmetry and organisational commitment onmanagerial performance. Management AccountingResearch 2007; 18(3): 312-342.
D’Arcy J, Hovav A, Galletta D.(2009) User awareness ofsecurity countermeasures and its impact on information systems misuse: A deterrence approach. InformationSystems Research 2009; 20(1): 79-98.
Elahi S, Taheri M, Hassanzadeh A. (2009)A framework for the role of human factors in information systems'security. Management Research in Iran (Modares Human Sciences) 2009; 13(2): 1-22.
Fakhrzad M, Fakhrzad N, Dehghani M.(2012) The Role of Electronic Health Records in Presenting Health Information. Media 2012; 2(4): 31-40.
Farzandipour M, Sadoughi F, Ahmadi M, Karimi I.(2010)Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst 2010; 34(4): 629-642.
Fernández-Alemán JL, Sánchez-Henarejos A,Toval A, Sánchez-García AB, Hernández-Hernández I,Fernandez-Luque L.(2015) Analysis of health professional security behaviors in a real clinical setting: an empirical study. Int J Med Inform 2015; 84(6): 454-467.
Fernández-Alemán JL, Señor IC, Lozoya PÁO,Toval A.(2013) Security and privacy in electronic health records: A systematic literature review. J Biomed Inform 2013; 46(3): 541-562.
Ghayour Baghbani SM, Shojaei Kalate Bali N,Chenarani H, Ashoori J.(2016) The Relationship between Organizational Commitment, Job Satisfaction andSocial Orientation, and the Nurses’ Moral Behavior.Med Ethics J 2016; 10(37): 27-36.
Ghazi-Asgar M, Peikari HR, Ehteshami A.(2018) HealthInformation Management: Psychological factorsinfluencing information privacy concerns in psychiatric hospitals. Bali Medical Journal 2018; 7(1): 1 7.
Hasanzadeh M, Karimzadegan Moghadam D,Jahangiri N.(2011) Provide a conceptual framework forevaluating the enrichment and education of informationsecurity awareness of users. J of Syst Inf Serv 2011;1(2): 1-16.
Huffman E.(2006) Electronic Medical Record. Translated by Langarizadeh M. Tehran: Dibagaran; 2006.
Hussain Shah M, Peikari HR.(2016) Usability and reduction of workload and medical errors; a survey amongst community physicians. Telemedicine and e-Health 2016; 2(1): 36-44.
Karami M, Safdari R, Soltani A.(2013) Patient'sInformation Rights: Strategies for Information Securityin the Electronic Environment. Medical ethics 2013;7(25): 83-96.
Karimi Z, Peikari HR.(2018) The Impact of Nurses’Perceived Information Security Training and Information Security Policy Awareness on their Perceived Severity and Certainty of InformationSecurity Breach Penalties (Case: the EducationalSpecialized Hospitals of Isfahan City). JNE 2018; 7(2):17-24.
Khosravani M, Khosravani M, Rafiei F,Mohsenpour M.(2017) Organizational commitment and itsdimensions in nurses working in Arak’s hospitals. MedEthics J 2017; 11(39): 37-44.
Kluge EHW. (2007) Secure e-health: managing risks topatient health data. Int J Med Inform 2007; 76(5): 402-406.
Koskosas I, Kakoulidis K, Siomos CH.(2011) InformationSecurity: Corporate Culture and OrganizationalCommitment. International Journal of Humanities andSocial Science 2011; 1(3): 1-12.
Kruger HA, Kearney WD. A(2006) prototype for assessing information security awareness. Computer &Security 2006; 25(4): 289-296.
Kuo A, Dang S.(2016) Secure Messaging in Electronic Health Records and Its Impact on Diabetes Clinical Outcomes: A Systematic Review. Telemedicine and eHealth 2016; 22(9): 125-132.
Lusignan SD, Chan T, Theadom A, Dhoul N.(2007) Theroles of policy and professionalism in the protection ofprocessed clinical data: a literature review. Int J Med Inform 2007; 76(4): 261-268.
Luxton DD, Kayl RA, Mishkind MC.(2012) Health Data Security: The Need for HIPAA-CompliantStandardization. Telemedicine and e-Health 2012;18(4): 124-131.
Mahdad A.(2016) Industrial and Organizational Psychology. Tehran: Jangal Publisher; 2016.
Peikari HR, Ramayah T, Shah MH, Lo MC.Patients(2018)’ perception of the information security management in health centers: The role of organizational and human factors. BMC Med Inform Decis Mak 2018; 18(1):102-122.
Peikari HR, Zakaria MS, Norjaya MN, Hussain ShahM, Elhissi A.(2014) Role of CPOE usability in the reduction of prescribing errors. Healthc Inform Res 2013; 19(2):93-101.
Sedaghatifard M, Khalaj Asadi SH.(2011) Relation with job satisfaction Index to organizational commitment infaculty members of Islamic Azad University-GarmsarBranch. Journal of Modern Industrial/ OrganizationPsychology 2011; 2(6): 39-51.
Siponen M, Vance A.(2010) Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly 2010; 34(3):487-502.
Sohrabi Safa N, Von Solms R,(2016) Furnell S.Information security policy compliance model in organizations. Computers & Security 2016; 56: 70-82.
Stanton JM, Stam KR, Mastrangelo P, Jolton J.(2005) Analysis of end user security behaviours. Computer &Security 2005; 24(2): 124-133.
Waldo RF, Antonsen E, Ekstedt M.(2014) Information security knowledge sharing in organizations:Investigating the effect of behavioral information security governance and national culture. Computers &Security 2014; 43: 90-110.
Zahed Babelan A, Khaleg Khah A, Kazemi S,Gharibzadeh R.(2017) The Role of Spiritual Leadership and Professional Ethics in Organizational Commitment ofHealth Care Workers. Bioethics Journal 2017; 7(26):23-30.
Ziaee MS, Roshandel Arbatani T, Nargesian A.(2011) Examine the relationship between organizationalculture and organizational commitment among the staffof the library of Tehran University: Based on theDenison organizational culture model. Journal of Academic Library and Information Science (LIS) 2011;45(1): 42-79.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Global Spectrum of Research and Humanities

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.