Kraushaar Judith, Bohnet-Joschko Sabine
Chair of Healthcare Management and Innovation, Faculty of Management, Economics and Society, Witten/Herdecke University, Witten, Germany.
J Med Internet Res. 2025 Jan 7;27:e46257. doi: 10.2196/46257.
Nowadays, optimal patient care should be based on data-driven decisions. In the course of digitization, hospitals, in particular, are becoming complex organizations with an enormously high density of digital information. Ensuring information security is, therefore, essential and has become a major challenge. Researchers have shown that-in addition to technological and regulatory measures-it is also necessary for all employees to follow security policies and consciously use information technology (compliance), because noncompliance can lead to security breaches with far-reaching consequences for the organization. There is little empirical research on information security-related behavior in hospitals and its organizational antecedents.
This study aimed to explore the impact of specific job demands and resources on resident physicians' information security-related compliance in hospitals through the mediating role of work engagement and information security-related awareness.
We used a cross-sectional, survey-based study design to collect relevant data from our target population, namely resident physicians in hospitals. For data analysis, we applied structural equation modeling. Our research model consisted of a total of 7 job demands and resources as exogenous variables, 2 mediators, and information security-related compliance as the endogenous variable.
Overall, data from 281 participating physicians were included in the analyses. Both mediators-work engagement and awareness-had a significant positive effect on information security-related compliance (β=.208, P=.001 vs β=.552, P<.001). Quality of leadership was found to be the only resource with a significant indirect effect on physicians' compliance, mediated by work engagement (β=.086, P=.03). Furthermore, awareness mediated the relationships between information security-related communication and information security-related compliance (β=.192, P<.001), as well as between further education and training and the endogenous variable (β=.096, P=.02). Contrary to our hypothesis, IT resources had a negative effect on compliance, mediated by awareness (β=-.114, P=.02).
This study provides new insights into how a high standard of information security compliance among resident physicians could be achieved through strengthening physicians' security work engagement and awareness. Hospital management is required to establish an information security culture that is informative and motivating and that raises awareness. Particular attention should be paid to the quality of leadership, further education and training, as well as clear communication.
如今,最佳的患者护理应基于数据驱动的决策。在数字化进程中,医院尤其正成为拥有极高数字信息密度的复杂组织。因此,确保信息安全至关重要且已成为一项重大挑战。研究人员表明,除了技术和监管措施外,所有员工遵循安全政策并自觉使用信息技术(合规)也很有必要,因为违规可能导致安全漏洞,给组织带来深远影响。关于医院中与信息安全相关行为及其组织先行因素的实证研究很少。
本研究旨在通过工作投入和与信息安全相关的意识的中介作用,探讨特定工作需求和资源对住院医师在医院中与信息安全相关的合规性的影响。
我们采用基于调查的横断面研究设计,从目标人群即医院住院医师中收集相关数据。对于数据分析,我们应用了结构方程模型。我们的研究模型共有7个工作需求和资源作为外生变量、2个中介变量以及与信息安全相关的合规性作为内生变量。
总体而言,分析纳入了281名参与研究的医师的数据。两个中介变量——工作投入和意识——均对与信息安全相关的合规性有显著的正向影响(β = 0.208,P = 0.001;β = 0.552,P < 0.001)。领导质量被发现是唯一通过工作投入中介对医师合规性有显著间接影响的资源(β = 0.086,P = 0.03)。此外,意识中介了与信息安全相关的沟通和与信息安全相关的合规性之间的关系(β = 0.192,P < 0.001),以及继续教育与培训和内生变量之间的关系(β = 0.096,P = 0.02)。与我们的假设相反,信息技术资源通过意识中介对合规性有负面影响(β = -0.114,P = 0.02)。
本研究为如何通过加强医师的安全工作投入和意识来实现住院医师高标准的信息安全合规性提供了新见解。医院管理层需要建立一种信息丰富且能激发动力、提高意识的信息安全文化。应特别关注领导质量、继续教育与培训以及清晰的沟通。
