Academic Publications: Healthcare IT & Ops

  • Institutionalizing HIPAA Compliance Organizations and Competing Logics in U.S. Health Care Photo

    Institutionalizing HIPAA Compliance Organizations and Competing Logics in U.S. Health Care

    Ajit Appari, Denise L. Anthony Ph.D , M. Eric Johnson
    Journal of Health and Social Behavior, March 2014

    Health care in the United States is highly regulated, yet compliance with regulations is variable. For example, compliance with two rules for securing electronic health information in the 1996 Health Insurance Portability and Accountability Act took longer than expected and was highly uneven across U.S. hospitals. We analyzed 3,321 medium and large hospitals using data from the 2003 Health Information and Management Systems Society Analytics Database. We find that organizational strategies and institutional environments influence hospital compliance, and further that institutional logics moderate the effect of some strategies, indicating the interplay of regulation, institutions, and organizations that contribute to the extensive variation that characterizes the U.S. health care system. More ›

    Topics: Electronic Health Record, Healthcare IT & Ops


  • Security Practices and Regulatory Compliance in the Healthcare Industry Photo

    Security Practices and Regulatory Compliance in the Healthcare Industry

    Juhee Kwon, M. Eric Johnson
    Journal of the American Medical Informatics Association, October 2012

    Objective: Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design: We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement: We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results: Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions: Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. More ›

    Topics: Compliance, Healthcare IT & Ops, Information Security


  • The Economics of Financial and Medical Identity Theft Photo

    The Economics of Financial and Medical Identity Theft

    M. Eric Johnson
    Springer, March 2012

    Center director Eric Johnson and Indiana University computer scientist Jean Camp reveal the business models of identity thieves and examine potential solutions for organizations and consumers. Financial identity theft is well understood with clear underlying motives. Medical identity theft is new and presents a growing problem. The solutions to both problems however, are less clear. The Economics of Financial and Medical Identity Theft discusses how the digital networked environment is critically different from the world of paper, eyeballs and pens. The Economics of Financial and Medical Identity Theft also presents an overview of the current technology for identity management. The book closes with a series of vignettes in the last chapter, looking at the risks we may see in the future and how these risks can be mitigated or avoided. More ›

    Topics: Healthcare IT & Ops, Identity Theft


  • Medication Administration Quality and Health Information Technology: National Study of US Hospitals Photo

    Medication Administration Quality and Health Information Technology: National Study of US Hospitals

    Ajit Appari, Denise Anthony, M. Eric Johnson, Emily Carian
    Journal of the American Medical Informatics Association

    A retrospective cross-sectional analysis of data from three sources: CPOE/eMAR usage from HIMSS Analytics (2010), medication quality scores from CMS Hospital Compare (2010), and hospital characteristics from CMS Acute Inpatient Prospective Payment System (2009). The analysis focused on 11 quality indicators (January–December 2009) at 2603 medium-to-large (≥100 beds), non-federal acute-care hospitals measuring proportion of eligible patients given (or prescribed) recommended medications for conditions, including acute myocardial infarction, heart failure, and pneumonia, and surgical care improvement.  More ›

    Topics: Healthcare IT & Ops


  • Usability Failures and Healthcare Data Hemorrhages Photo

    Usability Failures and Healthcare Data Hemorrhages

    M. Eric Johnson, Nicholas D. Willey
    IEEE Security & Privacy

    Data leaks are often the result of usability failures. In healthcare, usability failures risk both patients' health and their identity. In this article, the authors analyze samples of medical-related files collected from peer-to-peer file-sharing networks. These leaked files contained significant protected health information and demonstrate the risk to patients and institutions. Through interviews and field research, they document how usability failures lead to such hemorrhages. More ›

    Usability Failures and Healthcare Data Hemorrhages (1.1M)

    Topics: Data, Healthcare IT & Ops


  • Information Security Risk and Privacy in Healthcare: Current State of Research Photo

    Information Security Risk and Privacy in Healthcare: Current State of Research

    M. Eric Johnson, Ajit Appari
    International Journal of Internet and Enterprise Management, 6(4), pp. 279-314, 2010

    Information security and privacy in the healthcare sector is an issue of growing importance. The adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. We critically survey the literature on information security and privacy in healthcare, published in information systems journals as well as many other related disciplines including health informatics, public health, law, medicine, the trade press and industry reports. In this paper, we provide a holistic view of the recent research and suggest new areas of interest to the information systems community.

    Paper in PDF Format (1.2K)

    Topics: Healthcare IT & Ops, Information Security, Privacy


Browse Entire Site by Topic


Academic Publications by Topic

Academic Publications by Date