An Empirical Investigation on Increasing HIPAA Compliance
Basile, Jennifer L.
MetadataShow full item record
HIPAA noncompliance has become an increasingly regular occurrence throughout the healthcare industry, which leads to practitioners seeking ways to minimalize this never ending internal threat of HIPAA violations. Healthcare workers are continually hired into the field with limited knowledge of the individual implications (ie. Prison time, fines) that sharing any kind of patient information can lead to per HIPAA Regulations. One of the objectives of this research was to show that HIPAA Deterrent case information provided to incoming healthcare individuals will increase the overall level of HIPAA compliance. The study surveyed two groups, one provided with HIPAA Deterrent case information and one without. It also questioned the individual on whether or not their compliance level would change when being offered an incentive to be noncompliant. It also explored the individual's ethical level, knowledge of HIPAA Regulations and their belief in the Justice System. This study looked at the individual healthcare worker outside of the organizational perspective. Many studies have looked at how committed the employee is to their organization for a measure of compliance or investigate fear of noncompliance so not to be terminated (Siponen 2007, D'Arcy 2009). This study proposed an integrated model that developed evidence of HIPAA Deterrent case information increasing overall HIPAA compliance. The deterrent information supplied the individuals with the understanding that being HIPAA noncompliant can affect them directly (Up to ten years in prison and $250,000 fine), not just a fine to their organization. This made them aware of the individual affect noncompliance can have on their freedom. The motivation behind this study was to create a measurement tool for a practitioner which provides incoming healthcare workers with Deterrent information explaining that being HIPAA noncompliant can impact their individual freedom (not just their organization). This, in theory should lead to an overall higher HIPAA compliance level. We utilized two survey groups, the first with deterrent cases of real life individual healthcare workers imprisonments based upon HIPAA noncompliance, the second the same survey without the deterrent case information. This was used to identify if the deterrent information was statistically significant and shows benefit in compliance level when provided to the individual potential healthcare workers. Both groups were be provided an Ethical Index Scale of general ethical questions (Wood, 1988) to identify their overall ethical index level, as well as general questions on ones belief in the Justice System (Gopal, Sanders 1998). We then extended the framework to look at incentive, and how it affects the significance of the existing measurement tool determining whether or not individuals could be persuaded to be noncompliant for some type of incentive. The structural model developed suggested several testable hypotheses. The major hypotheses are that first, Individuals with some knowledge of HIPAA regulations will tend to be HIPAA compliant. Second, those Individuals with high Ethical levels will tend to be HIPAA compliant. Third, Individuals provided HIPAA deterrent information will tend to be HIPAA complaint. Forth, Incentives will reduce the level of compliance. Fifth, those Individuals with a strong belief in the Justice System will have a higher likelihood of being HIPAA compliant. Finally, the controlled variables will be age, gender and residential location. The research methods utilized involved a systematic development of a survey instrument to measure the constructs identified. Measurement items are taken from literature, along with some newly developed items (e.g. HIPAA compliance level). The surveys were pilot tested with local healthcare students looking to enter the healthcare industry covering multiple fields in healthcare (ie. nurses, doctors, technicians, medical records experts, medical assistants, etc.). The survey was given by hand to students in local colleges in the Western New York area. We went to several healthcare based classes and administered the surveys by hand. This dissertation will make theoretical and managerial contributions. The theoretical model was developed to describe the antecedents among constructs of relevance to HIPAA compliance. This framework was tested empirically. The managerial contribution has the intention to increase the understanding of the antecedents of HIPAA compliance, allowing practitioners a way to bring workers entering into the field a full understanding of the consequences of HIPAA noncompliance not only to their organization, but to individual worker as well.