A model for information security compliant behaviour in the healthcare context

Healthcare professionals are dedicated to maintaining the confidentiality of patient information but are resistant to maintaining an information security compliant environment within a health information system. In this paper, a literature review is used to gain knowledge about the factors that affect this information security compliance. An overview of the security threats and those specific to healthcare is presented. The information security misuse deterrence and compliance promoting factors that affect information security compliant behavior are identified. Their role in strengthening information security compliant behavior is examined. The information security compliance model is introduced and its part in fostering compliant security behavior is reviewed. Its components comprise a body of knowledge, skills and attitude, and behavioural intervention, together with the misuse deterrence and compliance promoting factors. The application of the model is intended to instill, within the user, an attitude that is more conducive to information security compliant behaviour in the healthcare context. © 2014. Published by Elsevier Ltd.Peer-review under responsibility of the Organizing Committees of CENTERIS/ProjMAN/HCIST 2014