Security Risk Management in Health Care: A Case Study

Authors

Humayun Zafar, Kennesaw State UniversityFollow
Myung S. Ko, University of Texas at San Antonio
Jan G. Clark, University of Texas at San Antonio

Department

Information Systems

Document Type

Article

Publication Date

2-1-2014

Abstract

We investigated the effectiveness of a security risk management (SRM) program at a large healthcare institution. Using a survey, we explored how nine critical success factors (CSFs): executive management support (EMS), organizational maturity (OM), open communication (OC), risk management stakeholders (RMS), team member empowerment (TME), holistic view for an organization (HVO), security maintenance (SM), corporate security strategy (CSS), and human resource development (HRD) impacted SRM effectiveness. Implementing a mixed research method, we found that employees had a positive perception of SRM toward all CSFs but one―team member empowerment (TME). Both medical professionals and staff had a negative perception of how TME was implemented at the institution.

Journal Title

Communications of the Association for Information Systems

Journal ISSN

1529-3181

Volume

37

Issue

1

First Page

737

Last Page

750