Litcius/Paper detail

Information security cultural differences among health care facilities in Indonesia

Puspita Kencana Sari, Adhi Prasetio, Candiwan Candiwan, Putu Wuri Handayani, Achmad Nizar Hidayanto, Syaza Syauqina, Eka Fuji Astuti, Farisha Pratami Tallei

2021Heliyon20 citationsDOIOpen Access PDF

Abstract

BACKGROUND: Health information security (IS) breaches are increasing with the use of information technology for health care services, and a strong security culture is important for driving employees' information asset protection behavior. OBJECTIVE: This study aimed to analyze differences in information security cultures (ISCs) across health care providers based on factors drawn from the ISC model. METHODS: We used twelve factors to measure the ISCs of health care providers. This research applied a survey method with the Kruskal-Wallis H Test and the Mann-Whitney U Test as data analysis techniques. We collected the data through a questionnaire distributed to 470 employees of health care facilities (i.e. hospitals, community health centers, and primary care clinics) in Indonesia. RESULTS: The results revealed the differences between health care provider types for 9 of the 12 security culture factors. Top management support, change management, and knowledge were the differentiating factors between all types of health care providers. Organizational culture and security compliance only differed in primary care clinics. Meanwhile, security behavior, soft issues and workplace independence, information security policies, training, and awareness only differed in hospitals. CONCLUSION: The results indicated that each type of health care provider required different approaches to develop an ISC considering the above factors. They provided insight for top management to design suitable programs for cultivating ISCs in their institutions.

Topics & Concepts

Health careBusinessAsset (computer security)Information securityTest (biology)Organizational cultureNursingHRHISInformation security managementKnowledge managementPublic relationsHealth educationMedicinePublic healthCloud computing securityComputer securityCloud computingSecurity information and event managementPolitical scienceComputer scienceBiologyPaleontologyLawInformation and Cyber SecurityAccess Control and TrustInformation Technology Governance and Strategy