Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

How Do EHRs and a Meaningful Use Initiative Affect Breaches of Patient Information?

Published Online:19 Jul 2019https://doi.org/10.1287/isre.2019.0858

References

  • Amato N (2016) The hidden costs of a data breach. J. Accountancy (July 25), https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html.Google Scholar
  • An J, Kim H-W (2018) A data analytics approach to the cybercrime underground economy. IEEE Access 6:26636–26652.CrossrefGoogle Scholar
  • Anderson CL, Agarwal R (2011) The digitization of healthcare: Boundary risks, emotion, and consumer willingness to disclose personal health information. Inform. Systems Res. 22(3):469–490.LinkGoogle Scholar
  • Angst CM, Agarwal R (2009) Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quart. 33(2):339–370.CrossrefGoogle Scholar
  • Angst CM, Agarwal R, Sambamurthy V, Kelley K (2010) Social contagion and information technology diffusion: The adoption of electronic medical records in U.S. hospitals. Management Sci. 56(8):1219–1241.LinkGoogle Scholar
  • Angst CM, Block ES, D’Arcy J, Kelley K (2017) When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quart. 41(3):893–916.CrossrefGoogle Scholar
  • Appari A, Johnson ME, Anthony DL (2012) Meaningful use of electronic health record systems and process quality of care: Evidence from a panel data analysis of U.S. acute-care hospitals. Health Services Res. 48(2 Pt 1):354–375.Google Scholar
  • Ayvaci M, Cavusoglu H, Raghunathan S (2015) Incentivizing health information exchange adoption through alternative payment models. Workshop Inform. Systems Econom., Dallas.Google Scholar
  • Barua A, Kriebel CH, Mukhopadhyay T (1995) Information technologies and business value: An analytic and empirical investigation. Inform. Systems Res. 6(1):3–23.LinkGoogle Scholar
  • Barua A, Mukhopahdyay T (2000) Information technology and business performance: Past, present and future. Zmud RW, ed. Framing the Domains of IT Management Research: Glimpsing the Future Through the Past (Pinnaflex Educational Resources, Cincinnati).Google Scholar
  • Bhargava HK, Mishra AN (2014) Electronic medical records and physician productivity: Evidence from panel data analysis. Management Sci. 60(10):2543–2562.LinkGoogle Scholar
  • Blumenthal D, Tavenner M (2010) The “meaningful use” regulation for electronic health records. New England J. Medicine 363(6):501–504.CrossrefGoogle Scholar
  • Boyes W, Hoffman D, Low SA (1989) An econometric analysis of the bank credit scoring problem. J. Econometrics 40(1):3–14.CrossrefGoogle Scholar
  • Buntin MB, Burke MF, Hoaglin MC, Blumenthal D (2011) The benefits of health information technology: A review of the recent literature shows predominantly positive results. Health Affairs 30(3):464–471.CrossrefGoogle Scholar
  • Carter J (2013) EHR systems and decreased productivity: What’s wrong? EHR Science (June 25), https://www.ehrscience.com/2018/06/25/the-dark-side-of-e-prescribing/.Google Scholar
  • Centers for Medicare and Medicaid Services. Electronic health records. Accessed April 23, 2019, https://www.cms.gov/medicare/e-health/ehealthrecords/index.html.Google Scholar
  • Cohen LE, Felson M (1979) Social change and crime rate trends: A routine activity approach. Amer. Sociol. Rev. 44(4):588–608.CrossrefGoogle Scholar
  • Culp LM, Adams JA, Byron JS, Boyer EA (2005) Phased implementation. Walker JMM, Bieber EJ, Richards F, eds. Implementing an Electronic Health Record System (Springer, New York), 111–119.CrossrefGoogle Scholar
  • D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: A deterrence perspective. Inform. Systems Res. 20(1):79–98.LinkGoogle Scholar
  • Devaraj S, Kohli R (2000) Information technology payoff in the healthcare industry: A longitudinal study. J. Management Inform. Systems 16(4):39–64.CrossrefGoogle Scholar
  • Devaraj S, Kohli R (2003) Performance impacts of information technology: Is actual usage the missing link? Management Sci. 49(3):273–289.LinkGoogle Scholar
  • DiMaggio PJ, Powell WW (1983) The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. Amer. Sociol. Rev. 48(2):147–160.CrossrefGoogle Scholar
  • Edwards B, Hofmeyr S, Forrest S (2016) Hype and heavy tails: A closer look at data breaches. J. Cybersecurity 2(1):3–14.Google Scholar
  • Fichman RG, Kemerer CF (1997) The assimilation of software process innovations: An organizational learning perspective. Management Sci. 43(10):1345–1363.LinkGoogle Scholar
  • Fichman RG, Kemerer CF (1999) The illusory diffusion of innovation: An examination of assimilation gaps. Inform. Systems Res. 10(3):255–275.LinkGoogle Scholar
  • Furukawa MF, Raghu TS, Shao BBM (2010) Electronic medical records, nurse staffing, and nurse-sensitive patient outcomes: Evidence from California hospitals, 1998 - 2007. Health Services Res. 45(4):941–962.CrossrefGoogle Scholar
  • Gaynor MS, Hydari MZ, Telang R (2012) Is patient data better protected in competitive healthcare markets? Workshop Econom. Inform. Security (WEIS), Berlin.Google Scholar
  • Hadley J, Yabroff KR, Barrett MJ, Penson DF, Saigal CS, Potosky AL (2010) Comparative effectiveness of prostate cancer treatments: Evaluating statistical adjustments for confounding in observational data. National J. Cancer Inst. 102(23):1780–1793.CrossrefGoogle Scholar
  • Hah H, Bharadwaj A (2012) A multi-level analysis of the impact of health information technology on hospital performance. Internat. Conf. Inform. Systems, Orlando, FL.Google Scholar
  • Hampton T (2008) Groups push physicians and patients to embrace electronic health records. J. Amer. Medical Assoc. 299(5):507–509.CrossrefGoogle Scholar
  • HealthIT (2015) Meaningful use definition & objectives. Accessed February 14, 2015, http://www.healthit.gov/providers-professionals/meaningful-use-definition-objectives.Google Scholar
  • Heckman J (1979) Sample selection bias as a specification error. Econometrica 47(1):153–161.CrossrefGoogle Scholar
  • Healthcare Information and Management Systems Society. Electronic health records. Accessed April 23, 2019, https://www.himss.org/library/ehr.Google Scholar
  • Hosseinian SS, Torghabeh ZJ (2012) Major theories of construction accident causation models: A literature review. Internat. J. Adv. Engrg. Tech. 4(2):53–66.Google Scholar
  • Hsu C, Wang T (2014) Exploring the association between board structure and information security breaches. Asia Pacific J. Inform. Systems 24(4):531–557.CrossrefGoogle Scholar
  • Hui KL, Kim SH, Wang Q (2017) Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. MIS Quart. 41(2):497–523.CrossrefGoogle Scholar
  • Jha AK (2010) Meaningful use of electronic health records the road ahead. J. Amer. Medical Assoc. 304(15):1709–1710.CrossrefGoogle Scholar
  • Jha AK, DesRoches CM, Campbell EG, Donelan K, Rao SR, Ferris TG, Shields A, Rosenbaum S, Blumenthal D (2009) Use of electronic health records in U.S. hospitals. New England J. Medicine 360(16):1628–1638.CrossrefGoogle Scholar
  • Kim SH, Kim BC (2014) Differential effects of prior experience on the malware resolution process. MIS Quart. 38(3):655–678.CrossrefGoogle Scholar
  • Kuypers MA, Maillart T, Pate-Cornell E (2016) An empirical analysis of cyber security incidents at a large organization. Working paper, Stanford University, Stanford, CA.Google Scholar
  • Kwon JH, Johnson E (2018) Meaningful healthcare security: Does meaningful-use attestation improve information security performance. MIS Quart. 42(4):1043–1067.CrossrefGoogle Scholar
  • Kwon JH, Johnson ME (2013) Health-care security strategies for data protection and regulatory compliance. J. Management Inform. Systems 30(2):41–66.CrossrefGoogle Scholar
  • Kwon JH, Johnson ME (2014) Proactive vs. reactive security investments in the healthcare sector. MIS Quart. 38(2):451–472.CrossrefGoogle Scholar
  • Lamberg L (2001) Confidentiality and privacy of electronic medical records. J. Amer. Medical Assoc. 285(24):3075–3076.CrossrefGoogle Scholar
  • Lawton R, Ward NJ (2005) A systems analysis of the Ladbroke Grove rail crash. Accident Anal. Prevention 37(2):235–244.CrossrefGoogle Scholar
  • Liang H, Xue Y (2009) Avoidance of information technology threats: A theoretical perspective. MIS Quart. 33(1):71–90.CrossrefGoogle Scholar
  • Lin Y-K, Lin M, Chen H (2014) Beyond adoption: Does meaningful use of EHR improve quality of care? Workshop Inform. Systems Econom. (WISE), Auckland, New Zealand.Google Scholar
  • Macwan A, Mosleh A (1994) A methodology for modeling operator errors of commission in probabilistic risk assessment. Reliability Engrg. System Safety 45(1–2):139–157.CrossrefGoogle Scholar
  • Menon NM, Kohli R (2013) Blunting Damocles’ Sword: A longitudinal model of healthcare IT impact on malpractice insurance premium and quality of patient care. Inform. Systems Res. 24(4):918–932.LinkGoogle Scholar
  • Miller AR, Tucker C (2009) Privacy protection and technology diffusion: The case of electronic medical records. Management Sci. 55(7):1077–1093.LinkGoogle Scholar
  • Miller AR, Tucker C (2011a) Encryption and the loss of patient data. J. Policy Anal. Management 30(3):534–556.CrossrefGoogle Scholar
  • Miller AR, Tucker CE (2011b) Can healthcare information technology save babies? J. Political Econom. 119(2):289–324.CrossrefGoogle Scholar
  • Mishra A, Anderson C, Angst CM, Agarwal R (2012) Electronic health records assimilation and physician identity evolution: An identity theory perspective. Inform. System Res. 23(3-part-1):738–760.Google Scholar
  • Mukhopadhyay T, Singh PV, Kim SH (2011) Learning curves of agents with diverse skills in information technology-enabled physician referral systems. Inform. Systems Res. 22(3):586–605.LinkGoogle Scholar
  • National Learning Consortium (2013) Change management in EHR implementation. National Learning Consortium. Accessed February 10, 2015, http://www.healthit.gov/sites/default/files/nlc_changemanagementprimer.pdf.Google Scholar
  • Patterson JM, Shappell SA (2010) Operator error and system deficiencies: Analysis of 508 mining incidents and accidents from Queensland, Australia using HFACS. Accident Anal. Prevention 42(4):1379–1385.CrossrefGoogle Scholar
  • Ponemon (2015) Cost of Data Breach Study: Global Analysis (Ponemon Institute, Traverse City, MI).Google Scholar
  • Ransbotham S, Mitra S (2009) Choice and chance: A conceptual model of paths to information security compromise. Inform. Systems Res. 20(1):121–139.LinkGoogle Scholar
  • Reason J (1990) Human Error (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • Reason J (2000) Human error: Models and management. British Medical J. 320(7237):768–770.CrossrefGoogle Scholar
  • Shappell SA, Wiegmann DA (2001) Applying reason: The human factors analysis and classification system (HFACS). Human Factors Aerospace Safety 1(1):59–86.Google Scholar
  • Shappell SA, Wiegmann DA (2009) A methodology for assessing safety programs targeting human error in aviation. Internat. J. Aviation Psych. 19(3):252–269.CrossrefGoogle Scholar
  • Sittig DF, Singh H (2009) Eight rights of safe electronic health record use. J. Amer. Medical Assoc. 302(10):1111–1113.CrossrefGoogle Scholar
  • Soh C, Markus ML (1995) How IT creates business value: A process theory synthesis. Ariav CBD, DeGross J, Hoyer R, Kemerer CF, eds. Proc. 16th Internat. Conf. Inform. Systems, Amsterdam.Google Scholar
  • Stukel TA, Fisher ES, Wennberg DE, Alter DA, Gottlieb DJ, Vermeulen MJ (2007) Analysis of observational studies in the presence of treatment selection bias: Effects of invasive cardiac management on AMI survival using propensity score and instrumental variable methods. J. Amer. Medical Assoc. 297(3):278–285.CrossrefGoogle Scholar
  • Teo HH, Wei KK, Benbasat I (2003) Predicting intention to adopt interorganizational linkages: An institutional perspective. MIS Quart. 27(1):19–49.CrossrefGoogle Scholar
  • Terza JV (2017) Two-stage residual inclusion estimation: A practitioners guide to Stata implementation. Stata J. 17(4):916–938.Google Scholar
  • Terza JV, Basu A, Rathouz PJ (2008) Two-stage residual inclusion estimation: Addressing endogeneity in health econometric modeling. J. Health Econom. 27(3):531–543.CrossrefGoogle Scholar
  • Tewksbury RA, Mustaine EE (2010) Cohen, Lawrence E., and Marcus K. Felson: Routine activity theory. Cullen FT, Wilcox P, eds. Encyclopedia of Criminological Theory (SAGE Publications, Thousand Oaks, CA), 187–193.CrossrefGoogle Scholar
  • Van De Ven WPMM, Van Praag BMS (1981) The demand for deductibles in private health insurance: A probit model with sample selection. J. Econometrics 17(2):229–252.CrossrefGoogle Scholar
  • Vest JR, Gamm LD (2010) Health information exchange: persistent challenges and new strategies. J. Amer. Medical Inform. Assoc. 17(3):288–294.CrossrefGoogle Scholar
  • Wang Q-H, Kim SH (2009) Cyberattacks: Does physical boundary matter? Proc. Internat. Conf. Inform. Systems, Phoenix.Google Scholar
  • Wang J, Gupta M, Rao HR (2015) Insider threats in a financial institution: Analysis of attack-proneness of information systems applications. MIS Quart. 39(1):91–112.CrossrefGoogle Scholar
  • Yaraghi N (2016) Hackers, Phishers, and Disappearing Thumb Drives: Lessons Learned from Major Healthcare Data Breaches (The Brookings Institution, Washington, DC).Google Scholar
  • Yaraghi N, Gopal RD (2018) The role of HIPAA in reducing medical data breaches. Milbank Quart. 96(1):144–166.CrossrefGoogle Scholar
  • Yue WT, Wang Q-H, Hui K-L (2019) See no evil, hear no evil? Dissecting the impact of online hacker forums. MIS Quart. 43(1):73–95.CrossrefGoogle Scholar
  • Zheng K, Padman R, Krackhardt D, Johnson MP, Diamond HS (2010) Social networks and physician adoption of electronic health records: Insights from an empirical study. J. Amer. Medical Inform. Assoc. 17:328–336.CrossrefGoogle Scholar
  • Zhu K, Kraemer K (2005) Post-adoption variations in usage and value of E-business by organizations: Cross-country evidence from the retail industry. Inform. Systems Res. 16(1):61–84.LinkGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree