The role of information security learning and individual factors in disclosing patients' health information

One of the most vulnerable stakeholders that may violate health information privacy prescribed in HIPAA (Health Insurance Portability and Accountability Act) are nursing students who have some limited access to EMR systems to retrieve health records while freely communicating with patients and relevant stakeholders. However, limited attention has been given to nursing students' deviant behaviors. To fill this gap, this study develops a research model of a nursing student's behavior of disclosing health information by identifying the deterrent effects of health information security awareness (HISA) nurtured by nursing schools and personal values such as personal norms and self-control. Our study empirically tests the model and found that three learning components ((1) general information security awareness, (2) health information security regulation awareness, and (3) punishment severity awareness) are significantly important to develop HISA. We find that HISA significantly affects personal norms and self-control which play as deterrence against the intention to disclose patients' health information. As the importance of complying with HIPAA regulations and information security policies by employees who work in health care industry increases, our findings shed new light on the role of HISA and personal values in nursing education and the health care industry's efforts to protect patients' health information. (C) 2016 Elsevier Ltd. All rights reserved.