Information privacy compliance in the healthcare industry

Purpose – The Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on healthcare employees, especially since the privacy provisions are still evolving and healthcare organizations are still struggling to meet compliance criteria. This study seeks to illuminate characteristics of both the environment (organization) and the individual (healthcare professional) and their relevant influence on compliance intentions by leveraging theories from the domains of social psychology, management, and information systems. Design/methodology/approach – A study of 208 healthcare professionals located at healthcare facilities throughout the USA were surveyed as to their perceptions regarding HIPAA compliance and the underlying organizational and individual factors that influence said compliance. Findings – The findings indicate that perceptions of organizational support and self-efficacy (SE) leading to HIPAA compliance vary based on organizational and occupational characteristics. Furthermore, these perceptions of organizational support and SE explain some of the differences in their intent to comply with this legislation. Research limitations/implications – For healthcare managers, the findings of this research may serve to validate HIPAA compliance initiatives. Through increased attention and resources dedicated to providing a supportive environment for HIPAA compliance, healthcare managers can increase the likelihood of compliance success by improving employee SE. Originality/value – This paper represents the first empirical study to account for environmental factors and their influence on individual intentions to comply with HIPAA.