A Study of Factors in HIPAA Non-Compliant Behavior

2018 | Americas Conference on Information Systems | Citations: 0

Authors: Gaia, Joana; Wang, Xunyi; Basile, Jennifer; Sanders, G L; Murray, David

Abstract: The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented ... Expand

Abstract: The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat, because they have access to systems, administrative privileges and skills to disclose health information for monetary benefit. This study uses economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenariobased survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rate high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed. Collapse

Topics: criminality Health Insurance Portability and Accountability Act data security data breach healthcare data

Methods: survey survey design theory development structural equation modeling

Theories: expected utility theory criminal theory