Theory-Based Model and Prediction Analysis of Information Security Compliance Behavior in the Saudi Healthcare Sector

Sultan T Alanazi,Shouki A Ebad,Hadeer A Al-Ani,Mohammed Anbar,Shankar Karuppayah

doi:10.3390/sym12091544

Abstract

The adoption of health information systems provides many potential healthcare benefits. The government of the Kingdom of Saudi Arabia has subsidized this field. However, like those of other less developed countries, organizations in the Kingdom of Saudi Arabia struggle to secure their health information systems. This issue may stem from a lack of awareness regarding information security. To date, most related studies have not considered all of the factors affecting information security compliance behavior (ISCB), which include psychological traits, cultural and religious beliefs, and legal concerns. This paper aims to investigate the usefulness of a theory-based model and determine the predictors of ISCB among healthcare workers at government hospitals in the Kingdom of Saudi Arabia. The study investigated 433 health workers in Arar, the capital of the Northern Borders Province in the Kingdom of Saudi Arabia. Two phases involved in this study were the hypothetical model formulation and identification of ISCB predictors. The results suggest that moderating and non-common factors (e.g., religion and morality) impact ISCB, while demographic characteristics (e.g., age, marital status, and work experience) do not. All published instruments and theories were embedded to determine the most acceptable theories for Saudi culture. The theory-based model of ISCB establishes the main domains of theory for this study, which were religion/morality, self-efficacy, legal/punishment, personality traits, cost of compliance/noncompliance, subjective norms, information security policy, general information security, and technology awareness. Predictors of ISCB indicate that general information security, followed by self-efficacy and religion/morality, is the most influential factor on ISCB among healthcare workers in the Kingdom of Saudi Arabia. This study is considered as the first to present the symmetry between theory and actual descriptive results, which were not investigated before.

Highlights

The adoption of health information systems (HISs) provides many potential benefits, such as improved quality of care, the reduction of medical errors, and enhanced access to information [1,2].A reliable and coherent information system (IS) requires a solid security framework that follows the CIA triad
The primary goal of this study is to investigate the usefulness of the proposed model for determining predictors of information security compliance behavior (ISCB) among healthcare workers at governmental hospitals in the Kingdom of Saudi Arabia (KSA)
The reasons for using a regression test to predict factors influencing the information compliance behavior were as follows: (1) the assumptions of any statistical test should meet the requirements, which cannot be achieved using the SmartPLS; (2) the SmartPLS determines the influence of each variable separately without taking into account the influence of other variables; (3) the objective of the present study is to identify the predictors having the greatest impact on the ISCB, which could not be measured using the SmartPLS; (4) the regression test and results using SPSS are more robust than results obtained from SmartPLS; and (5) the influence of demographic characteristics, as predictors, showed weaker results with the use of SmartPLS than other software [33]

Summary

Introduction

The adoption of health information systems (HISs) provides many potential benefits, such as improved quality of care, the reduction of medical errors, and enhanced access to information [1,2].A reliable and coherent information system (IS) requires a solid security framework that follows the CIA triad (i.e., confidentiality, integrity, and availability). Symmetry 2020, 12, 1544 significant factor in maintaining information security and information policy compliance. Insider threats may be more dangerous than outsider threats because employees have prior information about their organization’s security policies and can access it’s IS [2,5–7]. For this reason, organizations normally establish IS policies to enhance employee awareness, which is the cornerstone of information security compliance behavior (ISCB). While there are many theories pertaining to information security behavior, the following subsections highlight those related to this study.

Objectives

Results

Discussion

Conclusion