Why do Healthcare Organizations Choose to Violate Information Technology Privacy Regulations? Proposing the Selective Information Privacy Violations in Healthcare Organizations Model (SIPVHOM)

Abstract

Privacy concerns about protected healthcare information (PHI) are rampant because of the ease of access to PHI from the advent of Healthcare IT (HIT) and its exploding use. Continual negative cases in the popular attest to the fact that current privacy regulations are failing to keep PHI sufficiently secure in the climate of increate HIT use. To address these issues, this paper proposes a theoretical model with testable hypotheses to explain and predict organizational IT privacy violations in the healthcare industry. Our model, the Selective Information Privacy Violations in Healthcare Organizations Model (SIPVHOM), explains how organizational structures and processes and characteristics of regulatory environments alter perceptions of risk and thereby the likelihood of rule violations. Finally, based on SIPVHOM, we offer recommendations for the structuring of regulatory environments and organizational structures to decrease abuse of PHI