Abstract
Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners’ neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study’s findings revealed that the MIs imitate their peers’ actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors’ (seniors) ISP non-compliance influences MI’s tendency to invoke neutralisation techniques. We found that trust between medical team members is an essential social facilitator that motivates MI’s to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Change history
28 February 2020
The book was inadvertently published with an error in the last name of the second author’s name as Karen Renoud. The spelling of the second author’s name was corrected.
References
Al-Moamary, M.S., Mamede, S., Schmidt, H.G.: Innovations in medical internship: benchmarking and application within the King Saud bin Abdulaziz University for Health Sciences. Educ. Health (Abingdon Engl.) 23(1), 367 (2010)
Altamimi, S., Storer, T., Alzahrani, A.: The role of neutralisation techniques in violating hospitals privacy policies in Saudi Arabia. In: 2018 4th International Conference on Information Management (ICIM), pp. 133–140. IEEE (2018)
Barlow, J.B., Warkentin, M., Ormond, D., Dennis, A.R.: Don’t make excuses! discouraging neutralization to reduce IT policy violation. Comput. Secur. 39, 145–159 (2013)
Bauer, S., Bernroider, E.W.N.: An analysis of the combined influences of neutralization and planned behavior on desirable information security behavior. In: 13th Annual Security Conference, Las Vegas, USA (2014)
Biernacki, P., Waldorf, D.: Snowball sampling: problems and techniques of chain referral sampling. Sociol. Methods Res. 10(2), 141–163 (1981)
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)
Byers, B., Crider, B.W., Biggers, G.K.: Bias crime motivation: a study of hate crime and offender neutralization techniques used against the Amish. J. Contemp. Crim. Justice 15(1), 78–96 (1999)
Chan, M., Woon, I., Kankanhalli, A.: Perceptions of information security in the workplace: linking information security climate to compliant behavior. J. Inf. Priv. Secur. 1(3), 18–41 (2005)
Coleman, J.W.: The Criminal Elite: The Sociology of White Collar Crime. Macmillan (2001)
Copes, H.: Streetlife and the rewards of auto theft. Deviant Behav. 24(4), 309–332 (2003)
Cram, W.A., D’Arcy, J., Proudfoot, J.G.: Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Q. 34(2), 525–554 (2019)
Cram, W.A., Proudfoot, J.G., D’Arcy, J., Alec, W.: Organizational information security policies: a review and research framework. Eur. J. Inf. Syst. 26(6), 605–641 (2017)
Cromwell, P., Thurman, Q.: The devil made me do it: use of neutralizations by shoplifters. Deviant Behav. 24(6), 535–550 (2003)
Fritsche, I.: Account strategies for the violation of social norms: integration and extension of sociological and social psychological typologies. J. Theory Soc. Behav. 32(4) (2002)
Harrington, S.J.: The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Q. 20(3), 257–278 (1996)
Henry, S., Eaton, R.: Degrees of Deviance: Student Accounts of Their Deviant Behavior. Avebury (1989)
ISO/IEC29100. ISO/IEC 29100:2011(en): Information technology—Security techniques—Privacy framework
HIPAA Journal. Healthcare data breach statistics (2018). https://www.hipaajournal.com/healthcare-data-breach-statistics/
Klockars, C.B.J.: The Professional Fence. Tavistock Pubns (1975)
Lim, V.K.G.: The it way of loafing on the job: cyberloafing, neutralizing and organizational justice. J. Organ. Behav.: Int. J. Ind. Occup. Organ. Psychol. Behav. 23(5), 675–694 (2002)
Marshall, M.N.: Sampling for qualitative research. Fam. Pract. 13(6), 522–526 (1996)
Maruna, S., Copes, H.: What have we learned from five decades of neutralization research? Crime Justice 32, 221–320 (2005)
Minor, W.W.: Techniques of neutralization: a reconceptualization and empirical examination. J. Res. Crime Delinq. 18(2), 295–318 (1981)
Parks, R., Xu, H., Chu, C.-H., Lowry, P.B.: Examining the intended and unintended consequences of organisational privacy safeguards. Eur. J. Inf. Syst. 26(1), 37–65 (2017)
Piquero, N.L., Tibbetts, S.G., Blankenship, M.B.: Examining the role of differential association and techniques of neutralization in explaining corporate crime. Deviant Behav. 26(2), 159–188 (2005)
Rogers, J.W., Buffalo, M.D.: Neutralization techniques: toward a simplified measurement scale. Pac. Sociol. Rev. 17(3), 313–331 (1974)
Narayana Samy, G., Ahmad, R., Ismail, Z.: Security threats categories in healthcare information systems. Health Inform. J. 16(3), 201–209 (2010)
Silic, M., Barlow, J.B., Back, A.: A new perspective on neutralization and deterrence: predicting shadow it usage. Inf. Manag. 54(8), 1023–1037 (2017)
Siponen, M., Vance, A., Willison, R.: New insights into the problem of software piracy: the effects of neutralization, shame, and moral beliefs. Inf. Manag. 49(7), 334–341 (2012)
Siponen, M.T., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q.: Manag. Inf. Syst. 34(SPEC. ISSUE 3), 487–502 (2010)
Sutherland, E.H., Cressey, D.R., Luckenbill, D.F.: Principles of Criminology. Altamira Press (1992)
Sykes, G.M., Matza, D.: Techniques of neutralization: a theory of delinquency. Am. Sociol. Rev. 22(6), 664–670 (1957)
Teh, P.-L., Ahmed, P.K., D’Arcy, J.: What drives information security policy violations among banking employees? Insights from neutralization and social exchange theory. J. Glob. Inf. Manag. 23(1), 44–64 (2015)
Verizon: Data breach investigations report. Verizon Bus. J. 1–77 (2019)
Wall, J., Lowry, P.B., Barlow, J.B.: Organizational violations of externally governed privacy and security rules: explaining and predicting selective violations under conditions of strain and excess. J. Assoc. Inf. Syst. 17(1), 39–76 (2015)
Wartenberg, D., Thompson, W.D.: Privacy versus public health: the impact of current confidentiality rules. Am. J. Public Health 100(3), 407–412 (2010)
Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1–20 (2013)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Altamimi, S., Renaud, K., Storer, T. (2020). “I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-41568-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41567-9
Online ISBN: 978-3-030-41568-6
eBook Packages: Computer ScienceComputer Science (R0)