医护人员信息安全行为影响因素的研究进展

doi:10.16460/j.issn1008-9969.2024.17.022

摘要/Abstract

摘要： 目的探讨医护人员信息安全行为的影响因素。方法通过检索国内外相关文献,从人口学因素、医护人员的信息安全意图和动机、组织因素3个方面对医护人员的信息安全的影响因素进行分析。结果医护人员信息安全行为影响因素包括：性别、职业、医院类型、健康信息安全意识、自我效能、响应效能和响应成本、感知严重性和感知易感性、亲社会规则破坏动机、信息安全氛围和文化、管理支持、内部审查有效性,等等。结论我国应增加对医护人员信息安全行为的相关横断面调查研究,明确年龄、年资、性别、医院类型、组织层面等相关因素对其信息安全行为的影响;借助成熟的行为理论,从意识和行为层面推进相关实证研究验证其可能的影响因素。

关键词: 信息安全, 医疗信息, 安全行为, 医护人员, 影响因素

中图分类号:

徐亦虹, 吴文瑾, 徐虹霞, 王佳楠, 丁珊妮, 吴觅之, 杨志超, 潘红英. 医护人员信息安全行为影响因素的研究进展[J]. 护理学报, 2024, 31(17): 22-27.

参考文献

[1] 王晨光, 张怡. 《基本医疗卫生与健康促进法》的功能与主要内容[J]. 中国卫生法制, 2020,28(2):1-8.DOI:10.19752/j.cnki.1004-6607.2020.02.001.
[2] Lee E, Seomun G.Structural model of the healthcare information security behavior of nurses applying protection motivation theory[J]. Int J Environ Res Public Health, 2021,18(4):1-13.DOI:10.3390/ijerph18042084.
[3] Safa NS, Sookhak M, Von Solms R, et al.Information security conscious care behaviour formation in organizations[J]. Comput Secur, 2015,53(SEP):65-78.DOI:10.3390/ijerph18042084.
[4] Yeng PK, Yang B, Snekkenes EA.Healthcare staffs' information security practices towards mitigating data breaches: a literature survey[C]//16th International Conference on Wearable Micro and Nano Technologies for Personalized Health (pHealth), Genoa, 2019.
[5] Ahmad A, Maynard SB, Desouza KC, et al.How can organizations develop situation awareness for incident response: a case study of management practice[J]. Comput Secur, 2021,101:1.DOI:10.1016/j.cose.2020.102122.
[6] Kessler SR, Pindek S, Kleinman G, et al.Information security climate and the assessment of information security risk among healthcare employees[J]. Health Inform J, 2020,26(1):461-473.DOI:10.1177/1460458219832048.
[7] 竺佳琪. 企业差错管理氛围对员工信息安全行为的影响研究[D]. 长春:长春理工大学, 2021.
[8] Morganelli C.Exploring user-centric innovation in the design of information security awareness programs in health care: a case study[D]. Minneapolis:Capella University, 2021.
[9] Koppel R, Smith S, Blythe J, et al.Workarounds to computer access in healthcare organizations: you want my password or a dead patient?[J]. Stud Health Technol Inform, 2015,208:215-220.
[10] Sari PK, Handayani PW, Hidayanto AN.Demographic comparison of information security behavior toward health information system protection: survey study[J].JMIR Form Res, 2023,7:e49439.DOI:10.2196/49439.
[11] Gangire Y, Da Veiga A, Herselman M.A conceptual model of information security compliant behaviour based on the self-determination theory[C]//2019 Conference on Information Communications Technology and Society(ICTAS), Durban, 2019.
[12] Ifinedo P, Akinnuwesi BA.Employees' non-malicious, Counterproductive Computer Security Behaviors (CCSB) in Nigeria and Canada: an empirical and comparative analysis[C]// 2014 IEEE 6th International Conference on Adaptive Science Technology (ICAST), Ota, 2014.
[13] Sarkar S, Vance A, Ramesh B, et al.The influence of professional subculture on information security policy violations: a field study in a healthcare context[J].Inf Syst Res, 2020,31(4):1240-1259.DOI:10.1287/isre.2020.0941.
[14] Ma CC, Kuo KM, Alexander JW.A survey-based study of factors that motivate nurses to protect the privacy of electronic medical records[J]. BMC Med Inform Decis Mak, 2016,16.DOI:10.1186/s12911-016-0254-y.
[15] Alhuwail D, Al-Jafar E, Abdulsalam Y, et al.Information security awareness and behaviors of health care professionals at public health care facilities[J]. Appl Clin Inform, 2021,12(4):924-932.DOI:10.1055/s-0041-1735527.
[16] Park EH, Kim J, Wiles LL, et al.Factors affecting intention to disclose patients' health information[J]. Comput Secur, 2019,87.DOI:10.1016/j.cose.2018.05.003.
[17] Alanazi ST, Anbar M, Ebad SA, et al.Theory-based model and prediction analysis of information security compliance behavior in the saudi healthcare sector[J].Symmetry (Basel), 2020,12(9):1544.DOI:10.3390/sym12091544.
[18] Herath T, Rao HR.Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness[J]. Decis Support Syst, 2009,47(2):154-165.DOI:10.1016/j.dss.2009.02.005.
[19] Alexandrou A, Chen L.A security risk perception model for the adoption of mobile devices in the healthcare industry[J]. Secur J, 2019,32(4):410-434.DOI:10.1057/s41284-019-00170-0.
[20] Dong K, Ali RF, Dominic PDD, et al.The effect of organizational information security climate on information security policy compliance: the mediating effect of social bonding towards healthcare nurses[J]. Sustainability, 2021,13(5):28.DOI:10.3390/su13052800.
[21] Hewitt B, Dolezel D, McLeod AJ. Mobile device security: perspectives of future healthcare workers[J].Perspect Health Inf Manag, 2017,14(Winter):1c.
[22] Park E, Kim J, Park YS.The role of information security learning and individual factors in disclosing patients' health information[J]. Comput Secur, 2016(65):64-76.DOI:10.1016/j.cose.2016.10.011.
[23] Bulgurcu B, Cavusoglu H, Benbasat I.Information security policy compliance:an empirical study of rationality-based beliefs and information security awareness[J]. MISQ, 2010,34(3):523-548.
[24] Humaidi N, Balakrishnan V.Indirect effect of management support on users' compliance behaviour towards information security policies[J]. Health Inf Manag, 2018,47(1):17-27.DOI:10.1177/1833358317700255.
[25] Kolkowska E, Karlsson F, Hedstrom K.Towards analysing the rationale of information security noncompliance: devising a value-based compliance analysis method[J]. J Strateg Inf Syst, 2017,26(1):39-57.DOI:10.1016/j.jsis.2016.08.005.
[26] Pathania A, Rasool G.Investigating power styles and behavioural compliance for effective hospital administration an application of AHP[J].Int J Health Care Qual Assur, 2019,32(6):958-977.DOI:10.1108/IJHCQA-02-2018-0059.
[27] Herath T, Rao HR.Protection motivation and deterrence: a framework for security policy compliance in organisations[J]. Eur J Inf Syst, 2009,18(2):106-125.DOI:10.1057/ejis.2009.6.
[28] Herath T, Rao HR.Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness[J]. Decis Support Syst, 2009,47(2):154-165.
[29] Ifinedo P.Understanding information systems security policy compliance:An integration of the theory of planned behavior and the protection motivation theory[J]. Comput Secur, 2012,31(1):83-95.DOI:10.1016/j.cose.2011.10.007.
[30] Jalali MS, Bruckes M, Westmattelmann D, et al.Why employees (still) click on phishing links: investigation in hospitals[J]. J Med Internet Res, 2020,22(1):e16775.DOI:10.2196/16775.
[31] Gibbs JP.Deterrence theory and research[J]. Nebr Symp Motiv, 1985,33:87-130.
[32] Hu Q, Dinev T,Hart P,et al.Managing employee compliance with information security policies: the critical role of top management and organizational culture[J].Decis Sci, 2012,43(4):615-659.DOI:10.1111/j.1540-5915.2012.00361.x.
[33] International Organization for Standar dization. ISO 27799: 2016 Health Infor matics: Information Security Management in Health Using ISO/IEC 27002[S]. ISO, Geneva, 2016.
[34] Yang C, Lee H.A study on the antecedents of healthcare information protection intention[J]. Inf Syst Front, 2016,18(2):253-263.DOI:10.1007/s10796-015-9594-x.
[35] International Standard Organization.ISO/IEC 27001 information technology-security techniques-information security management systems_x0002_requirements[S]. 2013.
[36] Kuo K, Talley PC, Lin DM.Hospital staff's adherence to information security policy: a quest for the antecedents of deterrence variables[J]. Inquiry, 2021, 58.DOI:10.1177/00469580211029599.
[37] Rogers RW.A protection motivation theory of fear appeals and attitude change1[J]. J Psychol, 1975,91(1):93-114.DOI:10.1080/00223980.1975.9915803.
[38] Samhan B.Security behaviors of healthcare providers using HIT outside of work:a technology threat avoidance perspective[C]//2017 8th international conference on information and communication systems (ICICS), Irbid, 2017.
[39] Kim J, Park EH, Park YS, et al.Prosocial rule breaking on health information security at healthcare organisations in South Korea[J]. Inf Syst J, 2022,32(1):164-191.DOI:10.1111/isj.12338.
[40] Hader AL, Brown ED.Patient privacy and social media[J]. AANA Journal, 2010,78(4):270-274.
[41] Fauzi MA, Yeng P, Yang B, et al.Examining the link between stress level and cybersecurity practices of hospital staff in indonesia[C]//ARES 2021:16th international conference on availability, reliability and security. Electr Network, 2021.
[42] Dong K, Ali RF, Dominic PDD, et al.The effect of organizational information security climate on information security policy compliance: the mediating effect of social bonding towards healthcare nurses[J].Sustainability, 2021,13(5):28.DOI:10.3390/su13052800.
[43] Beus JM, Dhanani LY, McCord MA. A meta-analysis of personality and workplace safety: addressing unanswered questions[J]. J Appl Psychol, 2015,100(2):481-498.DOI:10.1037/a0037916.
[44] Sari PK, Handayani PW, Hidayanto AN, et al.Information security behavior in health information systems: a review of research trends and antecedent factors[J]. Healthcare, 2022,10(12):25-31.DOI:10.3390/healthcare10122531.
[45] Humaidi N, Balakrishnan V.Indirect effect of management support on users' compliance behaviour towards information security policies[J]. Health Inf Manag J, 2018,47(1):17-27.DOI:10.1177/1833358317700255.
[46] Cuganesan S, Steele C, Hart A.How senior management and workplace norms influence information security attitudes and self-efficacy[J]. Behav Inf Technol, 2018,37(1):50-65.DOI:10.1080/0144929X.2017.1397193.
[47] Zohar D, Luria G.A multilevel model of safety climate: cross-level relationships between organization and group-level climates[J]. J Appl Psychol, 2005,90(4):616-628.DOI:10.1037/0021-9010.90.4.616.
[48] Yoo CW, Sanders GL, Cerveny RP.Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance[J].Decis Support Syst, 2018, 108:107-118.DOI:10.1016/j.dss.2018.02.009.
[49] Ahmad Z, Ong TS, Liew TH, et al.Security monitoring and information security assurance behaviour among employees an empirical analysis[J]. Inf Comput Secur, 2019, 27(2):165-188.DOI:10.1108/ICS-10-2017-0073.
[50] Hanskamp SM, Zegers M, Westert GP, et al.Effects of patient safety auditing in hospital care: results of a mixed-method evaluation (part 1)[J]. Int J Qual Health Care, 2019,31(7):8-15.DOI:10.1093/intqhc/mzy134.
[51] Ifinedo P.Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition[J]. Inf Manag, 2014,51(1):69-79.DOI:10.1016/j.im.2013.10.001.
[52] Safa NS, Von Solms R, Furnell S.Information security policy compliance model in organizations[J].Comput Secur, 2016,56:70-82.DOI:10.1016/j.cose.2015.10.006.
[53] Cram WA, D'Arcy J, Proudfoot JG. Seeing the forest and the trees:a Meta-analysis of the antecedents to information security policy compliance[J]. MISQ, 2019,43(2):525.DOI:10.25300/MISQ/2019/15117.

Metrics

Viewed

Full text

Abstract

Cited

Shared