Health service employees and information security policies: An uneasy partnership?

Information Management and Computer Security

Volumn 20, Issue 4, 2012, Pages 296-311

  Renaud, Karen ^a   Goucher, Wendy ^a  

^a UNIVERSITY OF GLASGOW   (United Kingdom)

Author keywords

Data security; Employees behaviour; Information governance; Information management; National Health Service; Perceptions; Policies; United Kingdom

Indexed keywords

DESIGN/METHODOLOGY/APPROACH; HEALTH SERVICES; INCIDENT RESPONSE; INFORMATION GOVERNANCE; INFORMATION SECURITY POLICIES; NATIONAL HEALTH SERVICES; PHENOMENOLOGICAL APPROACH; SOCIAL IMPLICATION; UNITED KINGDOM; UPWARD COMMUNICATIONS;

INFORMATION MANAGEMENT; PUBLIC POLICY; SENSORY PERCEPTION;

SECURITY OF DATA;

EID: 84867013249     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685221211267666     Document Type: Article

References (54)

1. Adams, J.S., Tashchian, A., Shore, T.H. Codes of ethics as signals for ethical behavior Journal of Business Ethics 29 3 2001 199-211
2. Albrechtsen, E., Hovden, J. The information security digital divide between information security managers and users Computers & Security 28 6 2009 476-90
3. Anderson, J.R. Risk in rural development: challenges for managers and policy makers Agricultural Systems 75 2/3 2003 161-97
4. Baskerville, R., Siponen, M. An information security meta-policy for emergent organisations Logistics Information Management 15 5/6 2002 337-46
5. Bauman, A.E., Smith, N.A., Braithwaite, A., Free, A., Saunders, A. Asthma information: can it be understood Health Education Research 4 3 1989 377-82
6. BBC News Hull and east Yorkshire trust apology over data theft 2011 available at: www.bbc.co.uk/news/uk-england-humber-12219652 (accessed 23 November)
7. Beautement, A., Sasse, M.A., Wonham, M. The compliance budget: managing security behaviour in organisations 2008 47-58 paper presented at New Security Paradigms Workshop (NSPW), Lake Tahoe, CA
8. Beer, S. Brain of the Firm Wiley Chichester 1981
9. Besnard, D., Arief, B. Computer security impaired by legitimate users Computers & Security 23 3 2004 253-64
10. Big Brother Watch NHS patient confidentiality breached 5 times every week 2011 October, available at: www.bigbrotherwatch.org.uk/home/2011/10/nhs-data- protection.html#.TszWbVauTuc
11. Collman, J., Cooper, T. Breaching the security of the kaiser permanente internet patient portal: the organizational foundations of information security Journal of the American Medical Informatics Association 14 2 2007 239-43
12. Cowley, J. Personnel Management in Libraries Clive Bingley London 1982
13. de Lusignan, S., Chan, T., Dhoul, N. The roles of policy and professionalism in the protection of processed clinical data: a literature review International Journal of Medical Informatics 76 4 2007 261-8
14. Dhillon, G. Violation of safeguards by trusted personnel and understanding related information security concerns Computers & Security 20 2 2001 165-72
15. Doherty, N.F., Anastasakis, L., Fulford, H. The information security policy unpacked: a critical study of the content of university policies International Journal of Information Management 29 6 2009 449-57
16. Dörner, D. The Logic of Failure: Recognizing and Avoiding Error in Complex Situations Addison-Wesley Reading, MA 1996
17. Drücker, P. Management Challenges for the 21st Century Harpers Business Oxford 1993
18. Ellingsen, T., Johannesson, M. Paying respect The Journal of Economic Perspectives 21 4 2007 135-50
19. Gal, I., Prigat, A. Why organizations continue to create patient information leaflets with readability and usability problems: an exploratory study Health Education Research 20 4 2004 485-93
20. Gaskell, G. Simplifying the onerous task of writing security policies 2000 paper presented at 1st Australian Security Management Workshop, Deakin University, Geelang
21. Gaunt, N. Installing an appropriate information security policy International Journal of Medical Informatics 131 1998 134
22. Gonzalez, J.J., Sawicka, A. Gonzalez, J.J. The role of learning and risk perception in compliance From Modeling to Managing Security: A System Dynamics Approach 35 Norwegian Academic Press Kristiansand 2003 Forskningsserien
23. Gunning, R. The fog index after twenty years Journal of Business Communication 6 2 1969 3-13
24. Hedström, K., Kolkowska, E., Allen, J.P. Value conflicts for information security management Journal of Strategic Information Systems 20 4 2011 373-84
25. Herath, T., Rao, H.R. Encouraging information security behaviors: role of penalties, pressures and perceived effectiveness Decision Support Systems 47 2 2009 154-65
26. Herley, C. So long, and no thanks for the externalities: the rational rejection of security advice us users 2009 133-44 paper presented at New Security Paradigms Workshop (NSPW), Oxford
27. Hone, K., Eloff, J. What makes an effective information security policy? Network Security 6 1 2002 14-16
28. Hoverstadt, P. The Fractal Organization Wiley Chichester 2008
29. Identity Theft Resource Centre Breaches 2008 Identity Theft Resource Centre San Diego, CA 2009 26 March, available at: www.idtheftcenter.org/artman2/ publish/lib-survey/Breaches-2008.shtml
30. Karyda, M., Kiountouzis, E., Kokolakis, S. Information systems security policies: a contextual perspective Computers & Security 24 3 2005 246-60
31. Kingston, M.J., Evans, A.M., Smith, B.J., Berry, J.G. Attitudes of doctors and nurses towards incident reporting: a qualitative analysis The Medical Journal of Australia 181 1 2004 36-9
32. Knapp, K.J., Marshall, T.E., Rainer, E.K., Ford, F.N. Information security: management's effect on culture and policy Information Management & Computer Security 14 1 2006 24-36
33. Levesque, C., Copeland, K.J., Pattie, M.D., Deci, E.L. Peterson, P., Baker, E., McGaw, B. Intrinsic and extrinsic motivation International Encyclopedia of Education 6 Elsevier Amsterdam 2010 618-23
34. Oliver, P. Rewards and punishments as selective incentives for collective action: theoretical investigations American Journal of Sociology 85 6 1980 1356-75
35. Patel, V.L., Arocha, J.F., Shortcliffe, E.H. Cognitive models in training health professionals to protect patients' confidential information International Journal of Medical Informatics 60 2 2000 143-50
36. Plymouth Herald Man's Outrage as Jobcentre Gives Personal Details to Another Claimant Plymouth Herald 2012 7 February, available at: www.thisisplymouth.co.uk/Man-s-outrage-Jobcentre-gives-personal-details/ story-15155581-detail/story.html
37. Post, G.-V., Kagan, A. Evaluating information security tradeoffs: restricting access can interfere with user tasks Computers & Security 26 3 2007 229-37
38. Reason, J. Managing the Risks of Organisational Accidents Cambridge University Press Cambridge 1997
39. Rego, G., Nunes, R. Hospital foundation: a SWOT analysis iBusiness 2 2010 210-17
40. Saunders, M.N.K., Thornhill, A. Organisational justice, trust and the management of change: an exploration Personnel Review 32 3 2003 360-75
41. Schneier, B. Liars & Outliers Wiley Indianapolis, IN 2012
42. Scholtz, T. The role of the corporate information security steering committee SC Magazine 2003 available at: www.scmagazineus.com/the-role-of-the- corporate-information-security-steering-committee/article/30595/
43. Skinner, B.F. The science of learning and the art of teaching Harvard Educational Review 24 2 1954 86-97
44. Sohlenius, G. Computer integrated manufacturing and the society Computers in Industry 14 1-3 1990 213-24
45. Sullivan, M. Missing: Laptop with 8.6 million medical records The Sun 2011 15 June, available at: www.thesun.co.uk/sol/homepage/news/3637704/Missing- Laptop-with-86million-medical-records.html (accessed 23 November)
46. Thomson, K.-L., von Solms, R. Information security obedience: a definition Computers & Security 24 1 2005 69-75
47. Tourish, D., Robson, P. Critical upward feedback in organisations: processes, problems and implications for communication management Journal of Communication Management 8 2 2004 150-67
48. Vaast, E. Danger is in the eye of the beholders: social representations in information systems security in healthcare Journal of Strategic Information Systems 16 2 2007 130-52
49. Villamarín-Salomón, R.M., Brustoloni, J.C. Using reinforcement to strengthen users' secure behaviors Proceedings of the 28th International Conference on Human Factors in Computing Systems (CHI '10), ACM, New York, NY 2010 363-72
50. von Solms, R., von Solms, B. From policies to culture Computers & Security 23 4 2004 275-9
51. Vroom, C., von Solms, R. Towards information security behavioural compliance Computers & Security 23 3 2004 191-8
52. Wood, C. An unappreciated reason why information security policies fail Computer Fraud & Security 10 2000 13-14
53. Zipf, G.K. Human Behavior and the Principle of Least Effort Hafner Publishing Oxford 1949
54. Ross, S., Masters, R. Creating a Culture of Security ISACA 2011 available at: www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/ Creating-a-Culture-of-Security.aspx