Deterrence approach on the compliance with electronic medical records privacy policy: the moderating role of computer monitoring

BACKGROUND: This study explored the possible antecedents that will motivate hospital employees’ compliance with privacy policy related to electronic medical records (EMR) from a deterrence perspective. Further, we also investigated the moderating effect of computer monitoring on relationships among the antecedents and the level of hospital employees’ compliance intention. METHODS: Data was collected from a large Taiwanese medical center using survey methodology. A total of 303 responses was analyzed via hierarchical regression analysis. RESULTS: The results revealed that sanction severity and sanction certainty significantly predict hospital employees’ compliance intention, respectively. Further, our study found external computer monitoring significantly moderates the relationship between sanction certainty and compliance intention. CONCLUSIONS: Based on our findings, the study suggests that healthcare facilities should take proactive countermeasures, such as computer monitoring, to better protect the privacy of EMR in addition to stated privacy policy. However, the extent of computer monitoring should be kept to minimum requirements as stated by relevant regulations.