To read this content please select one of the options below:

Information privacy compliance in the healthcare industry

Allen C. Johnston (Department of Accounting and Information Systems, University of Alabama, Birmingham, Alabama, USA)
Merrill Warkentin (Department of Management and Information Systems, Mississippi State University, Mississippi State, Mississippi, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 21 March 2008




The Health Insurance Portability and Accountability Act (HIPAA) is US legislation aimed at protecting patient information privacy, but it imposes a significant burden on healthcare employees, especially since the privacy provisions are still evolving and healthcare organizations are still struggling to meet compliance criteria. This study seeks to illuminate characteristics of both the environment (organization) and the individual (healthcare professional) and their relevant influence on compliance intentions by leveraging theories from the domains of social psychology, management, and information systems.


A study of 208 healthcare professionals located at healthcare facilities throughout the USA were surveyed as to their perceptions regarding HIPAA compliance and the underlying organizational and individual factors that influence said compliance.


The findings indicate that perceptions of organizational support and self‐efficacy (SE) leading to HIPAA compliance vary based on organizational and occupational characteristics. Furthermore, these perceptions of organizational support and SE explain some of the differences in their intent to comply with this legislation.

Research limitations/implications

For healthcare managers, the findings of this research may serve to validate HIPAA compliance initiatives. Through increased attention and resources dedicated to providing a supportive environment for HIPAA compliance, healthcare managers can increase the likelihood of compliance success by improving employee SE.


This paper represents the first empirical study to account for environmental factors and their influence on individual intentions to comply with HIPAA.



Johnston, A.C. and Warkentin, M. (2008), "Information privacy compliance in the healthcare industry", Information Management & Computer Security, Vol. 16 No. 1, pp. 5-19.



Emerald Group Publishing Limited

Copyright © 2008, Emerald Group Publishing Limited

Related articles