1 Universiti Teknologi MARA, Malaysia.
2 University of Malaya, Malaysia.
Health Inf Manag. 2018 Jan;47(1):17-27. doi: 10.1177/1833358317700255. Epub 2017 Mar 30.
Health information systems are innovative products designed to improve the delivery of effective healthcare, but they are also vulnerable to breaches of information security, including unauthorised access, use, disclosure, disruption, modification or destruction, and duplication of passwords. Greater openness and multi-connectedness between heterogeneous stakeholders within health networks increase the security risk.
The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment.
Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs.
Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study.
The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management-user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.
健康信息系统是旨在提高有效医疗保健服务提供的创新产品,但它们也容易受到信息安全漏洞的影响,包括未经授权的访问、使用、披露、中断、修改或破坏以及密码的复制。健康网络中异构利益相关者之间更大的开放性和多连接性增加了安全风险。
本研究的重点是管理支持(MS)对选定马来西亚公立医院卫生专业人员对信息安全政策(ISP)的用户遵从行为(UCB)的间接影响。目的是确定重要因素,并更清楚地了解卫生部门环境中遵从行为的性质。
采用调查设计和分层随机抽样方法,向三所医院的 454 名医疗保健专业人员发放了自我管理问卷。借鉴计划行为理论、感知行为控制(自我效能感(SE)和 MS 成分)和信任因素,开发了一个信息系统安全政策遵从模型,以测试三个相关构念(MS、SE 和感知信任(PT))及其与 ISP 对 UCB 的关系。
结果表明,通过显著因素,UCB 的变化率为 52.8%。偏最小二乘结构方程模型表明,所有因素均具有统计学意义,并且在本研究的受访者中,MS 通过 PT 和 SE 对 UCB 具有间接影响。
基于计划行为理论的研究模型结合了其他人和组织因素,对解释与组织 ISP 相关的遵从行为做出了有益的贡献,信任是最重要的因素。通过采用多维方法来管理-用户交互,通过多学科概念和理论来评估综合管理-用户价值观与所选卫生专业人员对 ISP 的遵从性质之间的关系,本研究对文献做出了独特的贡献。
