Skip to main content
SpringerLink
Log in

A Conceptual Model Towards Information Security Culture in Health Informatics

  • Conference paper
  • First Online:
The Malaysia-Japan Model on Technology Partnership

Abstract

Despite the widely recognized importance of information security as vital assets in organization, there is a little understanding of how organizations actually promote information security culture among the employees in a particular environment. The diversity of problems facing the public-service organization is paramount than before because of competitive growth of services and rapid changes in technology. As information technology is widely adopted, the health organization must undergo boundless transformation to fulfil the nation’s demand yet provide a good information security. This research looks into the social aspects of information security. It further identifies key factors influencing the information security culture in health informatics. A review based on multiple definitions and descriptions of security culture from a previous study was conducted. This study proposes a conceptual model taking into consideration the influencing factors in information security culture that is developed based on Detert organizational culture model and health belief model (HBM). This in-progress study suggests organization in promoting information security culture particularly for health informatics. The proposed conceptual model will be further evaluated with selected healthcare organization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 26(4):276–289. doi:10.1016/j.cose.2006.11.004

    Article  Google Scholar 

  2. Bansal G, Zahedi F, Gefen D (2010) The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst 49(2):138–150

    Article  Google Scholar 

  3. Carpenter CJ (2010) A meta-analysis of the effectiveness of health belief model variables in predicting behavior. Health Comm 25(8):661–669. doi:10.1080/10410236.2010.521906

    Article  Google Scholar 

  4. Chia PA, Maynard SB, Ruighaver AB (2002) Understanding organizational security culture. In: Proceedings of Pacific Asia conference on information system 2002. Japan, pp 1–23

    Google Scholar 

  5. Da Veiga A, Eloff JHP (2010) A framework and assessment instrument for information security culture. Comput Secur 29(2):196–207. doi:10.1016/j.cose.2009.09.002

    Article  Google Scholar 

  6. Detert JR, Schroeder RG, Mauriel JJ (2000) A framework for linking culture and improvement initiatives in organizations. Acad Manage Rev 25(4):850–863

    Google Scholar 

  7. Garg V, Brewer J (2011) Telemedicine security: a systematic review. J Diabetes Sci Technol 5(3):768–777

    Article  Google Scholar 

  8. Gaunt N (2000) Practical approaches to creating a security culture. Int J Med Inform 60(2):151–157

    Article  Google Scholar 

  9. Gebrasilase T, Lessa L (2011) Information security culture in public hospitals: the case of Hawassa referral hospital. Afr J Inform Syst 3(3):72–86

    Google Scholar 

  10. Hersh W, Bhupatiraju R (2006) Adopting e-learning standards in health care: competency-based learning in the medical informatics domain. AMIA Annual Symposium Proceedings, pp 334–338

    Google Scholar 

  11. Humaidi N, Balakrishnan V (2012) The influence of security awareness and security technology on users’ behavior towards the implementation of health information system: a conceptual framework. In: Proceeding of international conference on management and artificial intelligence, Singapore, 35:1–6

    Google Scholar 

  12. Katsikas S (2000) Health care management and information systems security: awareness, training or education? Int J Med Informat 2(1):129–135

    Article  Google Scholar 

  13. Knapp K, Marshall T (2006) Information security: management’s effect on culture and policy. Inform Manag Comput Secur 14(1):24–36. doi:10.1108/09685220610648355

    Google Scholar 

  14. Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28(7):509–520. doi:10.1016/j.cose.2009.04.006

    Article  Google Scholar 

  15. Lim JS, Ahmad A, Chang S, Maynard S (2010) Embedding information security culture. In: Proceedings of the PACIS 2010, pp 463–474

    Google Scholar 

  16. Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. Conference proceedings. Annual international conference of the IEEE engineering in medicine and biology society. IEEE engineering in medicine and biology society. conference, vol 1, pp 5453–5458. doi:10.1109/IEMBS.2006.260060

    Google Scholar 

  17. Ng B-Y, Kankanhalli A, Xu Y (2009) Studying users’ computer security behavior: a health belief perspective. Decis Support Syst 46(4):815–825. doi:10.1016/j.dss.2008.11.010

    Article  Google Scholar 

  18. Parkin SE, van Moorsel A, Coles R (2009) An information security ontology incorporating human-behavioural implications. In: Proceedings of the 2nd international conference on security of information and networks, ACM, pp 46–55

    Google Scholar 

  19. Samy GN, Ahmad R, Ismail Z (2010) Security threats categories in healthcare information systems. Health Informat J 16(3):201–209. doi:10.1177/1460458210377468

    Article  Google Scholar 

  20. Savastano M, Hovsto A, Pharow P, Blobel B (2008) Identity-management factors in e-health and telemedicine applications. J Telemed Telecare 14(7):386–388

    Article  Google Scholar 

  21. Stahl B, Doherty N, Shaw M (2012) Information security policies in the UK healthcare sector: a critical evaluation. Inform Syst J 22(1):77–94

    Article  Google Scholar 

  22. Stanton JM, Mastrangelo P, Stam KR, Jolton J (2004) Behavioral information security: two end user survey studies of motivation and security practices. In: Association for information system conference (AMCIS), pp 175–181

    Google Scholar 

  23. Thomson K, Von Solms R, Louw L (2006) Cultivating an organizational information security culture. Comput Fraud Secur 2006:49–50

    Google Scholar 

  24. Van Niekerk JF, Von Solms R (2010) Information security culture: a management perspective. Comput Secur 29(4):476–486. doi:10.1016/j.cose.2009.10.005

    Article  Google Scholar 

  25. Von Solms B, Von Solms R (2004) The 10 deadly sins of information security management. Comput Secur 23(5):371–376. doi:10.1016/j.cose.2004.05.002

    Article  Google Scholar 

  26. Vroom C, Von Solms R (2004) Towards information security behavioural compliance. Comput Secur 23(3):191–198. doi:10.1016/j.cose.2004.01.012

    Article  Google Scholar 

  27. Whitman ME (2008) Security policy: from design to maintenance. Adv Manag Inform Syst 11(2007):123–151

    Google Scholar 

  28. Williams P (2009) Capturing culture in medical information security research. Methodological Innovat Online 4(3):15–26. doi:10.4256/mio.2010.0003

    Google Scholar 

  29. Zakaria O, Gani A, Nor MM, Anuar NB (2007) Reengineering information security culture formulation through management perspective. Proceedings of the international conference on electrical engineering and informatics institut Teknologi Bandung, pp 638–641

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Advanced Informatics School, University Technology Malaysia, Kuala Lumpur, 54100, Malaysia

    Noor Hafizah Hassan & Zuraini Ismail

Authors
  1. Noor Hafizah Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zuraini Ismail
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zuraini Ismail .

Editor information

Editors and Affiliations

  1. Universiti Malaysia Sarawak, Sawawak, Malaysia

    Khairuddin Ab. Hamid

  2. Meiji University, Tokyo, Japan

    Osamu Ono

  3. Sony Corporation, Tokyo, Japan

    Anas Muhamad Bostamam

  4. The University of Tokyo, Tokyo, Japan

    Amy Poh Ai Ling

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Japan

About this paper

Cite this paper

Hassan, N.H., Ismail, Z. (2015). A Conceptual Model Towards Information Security Culture in Health Informatics. In: Ab. Hamid, K., Ono, O., Bostamam, A., Poh Ai Ling, A. (eds) The Malaysia-Japan Model on Technology Partnership. Springer, Tokyo. https://doi.org/10.1007/978-4-431-54439-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-4-431-54439-5_17

  • Published:

  • Publisher Name: Springer, Tokyo

  • Print ISBN: 978-4-431-54438-8

  • Online ISBN: 978-4-431-54439-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation