Compliance With Electronic Medical Records Privacy Policy: An Empirical Investigation of Hospital Information Technology Staff

The employment of Electronic Medical Records is expected to better enhance health care quality and to relieve increased financial pressure. Electronic Medical Records are, however, potentially vulnerable to security breaches that may result in a rise of patients’ privacy concerns. The purpose of our study was to explore the factors that motivate hospital information technology staff’s compliance with Electronic Medical Records privacy policy from the theoretical lenses of protection motivation theory and the theory of reasoned action. The study collected data using survey methodology. A total of 310 responses from information technology staff of 7 medical centers in Taiwan was analyzed using the Structural Equation Modeling technique. The results revealed that perceived vulnerability and perceived severity of threats from Electronic Medical Records breaches may be used to predict the information technology staff’s fear arousal level. And factors including fear arousal, response efficacy, self-efficacy, and subjective norm, in their turn, significantly predicted IT staff’s behavioral intention to comply with privacy policy. Response cost was not found to have any relationship with behavioral intention. Based on the findings, we suggest that hospitals could plan and design effective strategies such as initiating privacy-protection awareness and skills training programs to improve information technology staff member’s adherence to privacy policy. Furthermore, enhancing the privacy-protection climate in hospitals is also a viable means to the end. Further practical and research implications are also discussed.