A Conceptual Model Towards Information Security Culture in Health Informatics

  • Noor Hafizah Hassan
  • Zuraini IsmailEmail author
Conference paper


Despite the widely recognized importance of information security as vital assets in organization, there is a little understanding of how organizations actually promote information security culture among the employees in a particular environment. The diversity of problems facing the public-service organization is paramount than before because of competitive growth of services and rapid changes in technology. As information technology is widely adopted, the health organization must undergo boundless transformation to fulfil the nation’s demand yet provide a good information security. This research looks into the social aspects of information security. It further identifies key factors influencing the information security culture in health informatics. A review based on multiple definitions and descriptions of security culture from a previous study was conducted. This study proposes a conceptual model taking into consideration the influencing factors in information security culture that is developed based on Detert organizational culture model and health belief model (HBM). This in-progress study suggests organization in promoting information security culture particularly for health informatics. The proposed conceptual model will be further evaluated with selected healthcare organization.


Information Security Security Policy Healthcare Organization Intrusion Detection System Health Belief Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 26(4):276–289. doi: 10.1016/j.cose.2006.11.004 CrossRefGoogle Scholar
  2. 2.
    Bansal G, Zahedi F, Gefen D (2010) The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst 49(2):138–150CrossRefGoogle Scholar
  3. 3.
    Carpenter CJ (2010) A meta-analysis of the effectiveness of health belief model variables in predicting behavior. Health Comm 25(8):661–669. doi: 10.1080/10410236.2010.521906 CrossRefGoogle Scholar
  4. 4.
    Chia PA, Maynard SB, Ruighaver AB (2002) Understanding organizational security culture. In: Proceedings of Pacific Asia conference on information system 2002. Japan, pp 1–23Google Scholar
  5. 5.
    Da Veiga A, Eloff JHP (2010) A framework and assessment instrument for information security culture. Comput Secur 29(2):196–207. doi: 10.1016/j.cose.2009.09.002 CrossRefGoogle Scholar
  6. 6.
    Detert JR, Schroeder RG, Mauriel JJ (2000) A framework for linking culture and improvement initiatives in organizations. Acad Manage Rev 25(4):850–863Google Scholar
  7. 7.
    Garg V, Brewer J (2011) Telemedicine security: a systematic review. J Diabetes Sci Technol 5(3):768–777CrossRefGoogle Scholar
  8. 8.
    Gaunt N (2000) Practical approaches to creating a security culture. Int J Med Inform 60(2):151–157CrossRefGoogle Scholar
  9. 9.
    Gebrasilase T, Lessa L (2011) Information security culture in public hospitals: the case of Hawassa referral hospital. Afr J Inform Syst 3(3):72–86Google Scholar
  10. 10.
    Hersh W, Bhupatiraju R (2006) Adopting e-learning standards in health care: competency-based learning in the medical informatics domain. AMIA Annual Symposium Proceedings, pp 334–338Google Scholar
  11. 11.
    Humaidi N, Balakrishnan V (2012) The influence of security awareness and security technology on users’ behavior towards the implementation of health information system: a conceptual framework. In: Proceeding of international conference on management and artificial intelligence, Singapore, 35:1–6Google Scholar
  12. 12.
    Katsikas S (2000) Health care management and information systems security: awareness, training or education? Int J Med Informat 2(1):129–135CrossRefGoogle Scholar
  13. 13.
    Knapp K, Marshall T (2006) Information security: management’s effect on culture and policy. Inform Manag Comput Secur 14(1):24–36. doi: 10.1108/09685220610648355 Google Scholar
  14. 14.
    Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28(7):509–520. doi: 10.1016/j.cose.2009.04.006 CrossRefGoogle Scholar
  15. 15.
    Lim JS, Ahmad A, Chang S, Maynard S (2010) Embedding information security culture. In: Proceedings of the PACIS 2010, pp 463–474Google Scholar
  16. 16.
    Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. Conference proceedings. Annual international conference of the IEEE engineering in medicine and biology society. IEEE engineering in medicine and biology society. conference, vol 1, pp 5453–5458. doi:10.1109/IEMBS.2006.260060Google Scholar
  17. 17.
    Ng B-Y, Kankanhalli A, Xu Y (2009) Studying users’ computer security behavior: a health belief perspective. Decis Support Syst 46(4):815–825. doi: 10.1016/j.dss.2008.11.010 CrossRefGoogle Scholar
  18. 18.
    Parkin SE, van Moorsel A, Coles R (2009) An information security ontology incorporating human-behavioural implications. In: Proceedings of the 2nd international conference on security of information and networks, ACM, pp 46–55Google Scholar
  19. 19.
    Samy GN, Ahmad R, Ismail Z (2010) Security threats categories in healthcare information systems. Health Informat J 16(3):201–209. doi: 10.1177/1460458210377468 CrossRefGoogle Scholar
  20. 20.
    Savastano M, Hovsto A, Pharow P, Blobel B (2008) Identity-management factors in e-health and telemedicine applications. J Telemed Telecare 14(7):386–388CrossRefGoogle Scholar
  21. 21.
    Stahl B, Doherty N, Shaw M (2012) Information security policies in the UK healthcare sector: a critical evaluation. Inform Syst J 22(1):77–94CrossRefGoogle Scholar
  22. 22.
    Stanton JM, Mastrangelo P, Stam KR, Jolton J (2004) Behavioral information security: two end user survey studies of motivation and security practices. In: Association for information system conference (AMCIS), pp 175–181Google Scholar
  23. 23.
    Thomson K, Von Solms R, Louw L (2006) Cultivating an organizational information security culture. Comput Fraud Secur 2006:49–50Google Scholar
  24. 24.
    Van Niekerk JF, Von Solms R (2010) Information security culture: a management perspective. Comput Secur 29(4):476–486. doi: 10.1016/j.cose.2009.10.005 CrossRefGoogle Scholar
  25. 25.
    Von Solms B, Von Solms R (2004) The 10 deadly sins of information security management. Comput Secur 23(5):371–376. doi: 10.1016/j.cose.2004.05.002 CrossRefGoogle Scholar
  26. 26.
    Vroom C, Von Solms R (2004) Towards information security behavioural compliance. Comput Secur 23(3):191–198. doi: 10.1016/j.cose.2004.01.012 CrossRefGoogle Scholar
  27. 27.
    Whitman ME (2008) Security policy: from design to maintenance. Adv Manag Inform Syst 11(2007):123–151Google Scholar
  28. 28.
    Williams P (2009) Capturing culture in medical information security research. Methodological Innovat Online 4(3):15–26. doi: 10.4256/mio.2010.0003 Google Scholar
  29. 29.
    Zakaria O, Gani A, Nor MM, Anuar NB (2007) Reengineering information security culture formulation through management perspective. Proceedings of the international conference on electrical engineering and informatics institut Teknologi Bandung, pp 638–641Google Scholar

Copyright information

© Springer Japan 2015

Authors and Affiliations

  1. 1.Advanced Informatics SchoolUniversity Technology MalaysiaKuala LumpurMalaysia

Personalised recommendations