You are here

Risk in Privacy Breach Determination: The Application of Prospect Theory to Healthcare Privacy Officers

Download pdf | Full Screen View

Date Issued:
2018
Abstract/Description:
A significant concern in healthcare is that of patient privacy and how organizations protect against unauthorized access to protected health information. The federal government has responded by instituting policies and guidelines on requirements for protection. However, the policy language leaves areas open to interpretation by those following the guidelines. Reporting to the Office for Civil Rights and/or the patient can open an organization to risk of financial and possible criminal penalties. There is a risk of harm to their reputation which could impact patient visits and market share. Therefore, Privacy Officers might view risk in different ways and therefore handle breach reporting differently. Privacy Officers are responsible for determining an individual organization's breach reportability status. Their processes may vary dependent on their knowledge of the policy, the status of previous reported breaches, and their framing of an incident. This research aims to explore the following factors: (1) personal and organizational knowledge, (2) prior breach status, (3) and scenario framing, to explore if Prospect Theory is applicable to the choices a Privacy Officer makes regarding breach determination. The study uses primary data collection through a survey that includes loss and gain scenarios in accordance with Prospect Theory. Individuals listed as Privacy Officers within the American Health Information Management Association (AHIMA) were the target audience for the survey. Univariate, Bivariate, Multivariate, and Post Regression techniques were used to analyze the data collected. The findings of the study supported the theoretical framework and provided industry and public affairs implications. These findings show that there is a gap where Privacy Officers have to make their own decisions and there is a difference in the types of decisions they are making on a day to day basis. Future guidance and policies need to address these gaps and can use the insight provided by this study.
Title: Risk in Privacy Breach Determination: The Application of Prospect Theory to Healthcare Privacy Officers.
46 views
33 downloads
Name(s): Walden, Amanda, Author
Cortelyou-Ward, Kendall, Committee Chair
Noblin, Alice, Committee Member
Gabriel, Meghan, Committee Member
Knox, Claire, Committee Member
University of Central Florida, Degree Grantor
Type of Resource: text
Date Issued: 2018
Publisher: University of Central Florida
Language(s): English
Abstract/Description: A significant concern in healthcare is that of patient privacy and how organizations protect against unauthorized access to protected health information. The federal government has responded by instituting policies and guidelines on requirements for protection. However, the policy language leaves areas open to interpretation by those following the guidelines. Reporting to the Office for Civil Rights and/or the patient can open an organization to risk of financial and possible criminal penalties. There is a risk of harm to their reputation which could impact patient visits and market share. Therefore, Privacy Officers might view risk in different ways and therefore handle breach reporting differently. Privacy Officers are responsible for determining an individual organization's breach reportability status. Their processes may vary dependent on their knowledge of the policy, the status of previous reported breaches, and their framing of an incident. This research aims to explore the following factors: (1) personal and organizational knowledge, (2) prior breach status, (3) and scenario framing, to explore if Prospect Theory is applicable to the choices a Privacy Officer makes regarding breach determination. The study uses primary data collection through a survey that includes loss and gain scenarios in accordance with Prospect Theory. Individuals listed as Privacy Officers within the American Health Information Management Association (AHIMA) were the target audience for the survey. Univariate, Bivariate, Multivariate, and Post Regression techniques were used to analyze the data collected. The findings of the study supported the theoretical framework and provided industry and public affairs implications. These findings show that there is a gap where Privacy Officers have to make their own decisions and there is a difference in the types of decisions they are making on a day to day basis. Future guidance and policies need to address these gaps and can use the insight provided by this study.
Identifier: CFE0007382 (IID), ucf:52076 (fedora)
Note(s): 2018-12-01
Ph.D.
Community Innovation and Education, Dean's Office CCIE
Doctoral
This record was generated from author submitted information.
Subject(s): Healthcare -- Privacy -- Breach -- Privacy Officer
Persistent Link to This Record: http://purl.flvc.org/ucf/fd/CFE0007382
Restrictions on Access: campus 2021-12-15
Host Institution: UCF

In Collections