Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context

Published Online:17 Sep 2020https://doi.org/10.1287/isre.2020.0941

References

  • Abernethy MA, Vagnoni E (2004) Power, organization design and managerial behaviour. Accounting Organ. Soc. 29(3):207–225.CrossrefGoogle Scholar
  • Abraham J, Reddy MC (2008) Moving patients around: A field study of coordination between clinical and non-clinical staff in hospitals. Proc. 2008 ACM Conf. Comput. Supported Cooperative Work (ACM, San Diego, CA), 225–228.CrossrefGoogle Scholar
  • American College of Emergency Physicians (1986) EMTALA fact sheet. Accessed May 2, 2020, https://www.acep.org/life-as-a-physician/ethics--legal/emtala/emtala-fact-sheet/.Google Scholar
  • Acosta DER (2017) Smashing the information security policy for fun and profit. ISACA J. (1):1–6.Google Scholar
  • Adams A, Sasse MA (1999) Users are not the enemy. Commun. ACM 42(12):40–46.CrossrefGoogle Scholar
  • Adler PS, Seok-Woo K, Charles H (2008) Professional work: The emergence of collaborative community. Organ. Sci. 19(2):359–376.LinkGoogle Scholar
  • Ajzen I (1985) From intentions to actions: A theory of planned behavior. Kuhl J, Beckmann J, eds. Action Control: From Cognition to Behavior (Springer-Verlag, New York), 11–39.Google Scholar
  • Alexander CS, Becker HJ (1978) The use of vignettes in survey research. Public Opinion Quart. 42(1):93–104.CrossrefGoogle Scholar
  • Alter Steven (2014) Theory of workarounds. Comm. Assoc. Inform Systems 34(1):1041–1066.Google Scholar
  • Ammenwerth E, Spötl H (2009) The time needed for clinical documentation vs. direct patient care. Methods Inform. Medicine 48(1):84–91.CrossrefGoogle Scholar
  • Anderson C, Berdahl JL (2002) The Experience of Power: Examining the Effects of Power on Approach and Inhibition Tendencies. J. Personality Soc. Psych. 83(6):1362–1377.CrossrefGoogle Scholar
  • Angst CM, Agarwal R (2009) Adoption of Electronic Health Records in the presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion. MIS Quart. 33(2):339–370.CrossrefGoogle Scholar
  • Bagozzi RP (2007) The legacy of the technology acceptance model and a proposal for a paradigm shift. J. Assoc. Inform. Systems 8(4):244–254.Google Scholar
  • Bai G, Jiang J, Flasher R (2017) Hospital risk of data breaches. JAMA Internal Medicine 177(6):878–880.CrossrefGoogle Scholar
  • Barley SR (1990) Images of imaging: Notes on doing longitudinal work. Organ. Sci. 1(3):220–245.LinkGoogle Scholar
  • Bellandi T, Cerri A, Carreras G, Walter S, Mengozzi C, Albolino S, Mastrominico E, Renzetti F, Tartaglia R, Westbrook J (2018) Interruptions and multitasking in surgery: A multicentre observational study of the daily work patterns of doctors and nurses. Ergonomics 61(1):40–47.CrossrefGoogle Scholar
  • Bloor G, Dawson P (1994) Understanding professional culture in organizational context. Organ. Stud. 15(2):275–295.CrossrefGoogle Scholar
  • Bluedorn AC, Kaufman CF, Lane PM (1992) How many things do you like to do at once? An introduction to monochronic and polychronic time. Acad. Management Perspective 6(4):17–26.CrossrefGoogle Scholar
  • Boss SR, Galletta DF, Benjamin Lowry P, Moody GD, Polak P (2015) What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quart. 39(4):837–864.CrossrefGoogle Scholar
  • Boudreau M-C, Robey D (2005) Enacting integrated information technology: A human agency perspective. Organ. Sci. 16(1):3–18.LinkGoogle Scholar
  • Boudreau M-C, Gefen D, Straub DW (2001) Validation in information systems research: A state-of-the-art assessment. MIS Quart. 25(1):1–16.CrossrefGoogle Scholar
  • Bryant A, Charmaz K (2007) The SAGE Handbook of Grounded Theory (Sage, Thousand Oaks, CA).CrossrefGoogle Scholar
  • Bryman A (2006) Integrating quantitative and qualitative research: How is it done? Qualitative Res. 6(1):97–113.CrossrefGoogle Scholar
  • Callen J, Braithwaite J, Westbrook J (2009) The importance of medical and nursing sub-cultures in the implementation of clinical information systems. Methods Inform. Medicine 48(2):196–202.Google Scholar
  • Calvin AO, Lindy CM, Clingon SL (2009) The cardiovascular intensive care unit nurse’s experience with end-of-life care: A qualitative descriptive study. Intensive Critical Care Nursing 25(4):214–220.CrossrefGoogle Scholar
  • Cao J, Crews JM, Lin M, Deokar A, Burgoon JK, Nunamaker JF Jr (2006) Interactions between system evaluation and theory testing: A demonstration of the power of a multifaceted approach to information systems research. J. Management Inform. Systems 22(4):207–235.CrossrefGoogle Scholar
  • Chan TW, Goldthorpe JH (2007) Class and status: The conceptual distinction and its empirical relevance. Amer. Soc. Rev. 72(4):512–532.CrossrefGoogle Scholar
  • Charmaz K (2006)Theoretical sampling, saturation and sorting. Charmaz K, ed. Constructing Grounded Theory: A Practical Guide through Qualitative Analysis (Sage, Thousand Oaks, CA), 96–122.Google Scholar
  • Chatterjee S, Gao X, Sarkar S, Uzmanoglu C (2019) Reacting to the scope of a data breach: The differential role of fear and anger. J. Bus. Res. 101:183–193.CrossrefGoogle Scholar
  • Chisholm CD, Collison EK, Nelson DR, Cordell WH (2000) Emergency department workplace interruptions are emergency physicians “interrupt-driven” and “multitasking”? Acad. Emergency Medicine 7(11):1239–1243.CrossrefGoogle Scholar
  • Corbin JM, Strauss AL (2015) Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, 4th ed. (Sage Publications, Newbury Park, CA).Google Scholar
  • Correll SJ, Ridgeway CL (2006) Expectation states theory. DeLamater J, ed. Handbook of Social Psychology (Springer, Boston), 29–51.CrossrefGoogle Scholar
  • Cram WA, D’arcy J, Proudfoot JG (2019) Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quart. 43(2):525–554.CrossrefGoogle Scholar
  • Cram WA, Proudfoot JG, D’Arcy J (2017) Organizational information security policies: A review and research framework. Eur. J. Inform. Systems 26(6):605–641.CrossrefGoogle Scholar
  • Crossler RE, Johnston AC, Lowry PB, Hu Q, Warkentin M, Baskerville R (2013) Future directions for behavioral information security research. Comput. Security 32(0):90–101.CrossrefGoogle Scholar
  • Crozier M (1964) Power and uncertainty. Crozier M, ed. The Bureaucratic Phenomenon (University of Chicago Press, Chicago), 145–174.Google Scholar
  • D’Arcy J, Herath T (2011) A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. Eur. J. Inform. Systems 20(6):643–658.CrossrefGoogle Scholar
  • D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Inform. Systems Res. 20(1):79–98.LinkGoogle Scholar
  • DiBenigno J (2018) Anchored personalization in managing goal conflict between professional groups: The case of U.S. Army mental healthcare. Adm. Sci. Quart. 63(3):526–569.CrossrefGoogle Scholar
  • Erasmus V, Daha TJ, Brug H, Richardus JH, Behrendt MD, Vos MC, van Beeck EF (2010) Systematic review of studies on compliance with hand hygiene guidelines in hospital care. Infection Control Hospital Epidemiology 31(3):283–294.CrossrefGoogle Scholar
  • Evans SM, Berry JG, Smith BJ, Esterman A, Selim P, O’Shaughnessy J, DeWit M (2006) Attitudes and barriers to incident reporting: A collaborative hospital study. Quality Safety Health Care 15(1):39–43.CrossrefGoogle Scholar
  • Fagenson EA (1990) Perceived masculine and feminine attributes examined as a function of individuals’ sex and level in the organizational power hierarchy: A test of four theoretical perspectives. J. Appl. Psychol. 75(2):204–211.CrossrefGoogle Scholar
  • Falk RF, Miller NB (1992) A Primer for Soft Modeling (University of Akron Press, Akron, OH).Google Scholar
  • Franceschi-Bicchierai L (2019) How a simple copy/paste revealed explosive new detail in Manafort’s case. Accessed May 2, 2020, https://www.vice.com/en_us/article/8xpye3/paul-manafort-russia-case-redaction-fail.Google Scholar
  • Frazier PA, Tix AP, Barron KE (2004) Testing moderator and mediator effects in counseling psychology research. J. Counseling Psychol. 51(1):115–134.CrossrefGoogle Scholar
  • Freidson E (1970) Profession of Medicine: A Study in the Sociology of Applied Knowledge (University of Chicago Press, Chicago).Google Scholar
  • Gaunt N (2000) Practical approaches to creating a security culture. Internat. J. Medical Inform. 60(2):151–157.CrossrefGoogle Scholar
  • Gefen D, Rigdon EE, Straub D (2011) An update and extension to SEM guidelines for administrative and social science research. MIS Quart. 35(2):iii–xiv.CrossrefGoogle Scholar
  • Gershon RRM, Vlahov D, Felknor SA, Vesley D, Johnson PC, Delcios GL, Murphy LR (1995) Compliance with universal precautions among healthcare workers at three regional hospitals. Amer. J. Infection Control 23(4):225–236.CrossrefGoogle Scholar
  • Haas J, Shaffir W (1977) The professionalization of medical students: Developing competence and a cloak of competence. Symbolic Interaction 1(1):71–88.CrossrefGoogle Scholar
  • Hair JF, Ringle CM, Sarstedt M (2011) PLS-SEM: Indeed a silver bullet. J. Marketing Theory Practice 19(2):139–152.CrossrefGoogle Scholar
  • Hair JFJ, Hult GTM, Ringle CM, Sarstedt M (2013) A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM) (Sage Publications, Inc., Thousand Oaks, CA).Google Scholar
  • Hall P (2005) Interprofessional teamwork: Professional cultures as barriers. J. Interprofessional Care (19):188–196.CrossrefGoogle Scholar
  • Harris LC, Ogbonna E (1998) Employee responses to culture change efforts. Human Resource Management J. 8(2):78–92.CrossrefGoogle Scholar
  • Hofstede G (1998) Identifying organizational subcultures: An empirical approach. J. Management Stud. 35(1):1–12.CrossrefGoogle Scholar
  • Hollingsworth JC, Chisholm CD, Giles BK, Cordell WH, Nelson DR (1998) How do physicians and nurses spend their time in the emergency department? Ann. Emergency Medicine 31(1):87–91.CrossrefGoogle Scholar
  • Hovav A, D’Arcy J (2012) Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Inform. Management 49(2):99–110.CrossrefGoogle Scholar
  • Huang JC, Newell S, Galliers RD, Shan-Ling P (2003) Dangerous liaisons? Component-based development and organizational subcultures. IEEE Trans. Engrg. Management 50(1):89–99.CrossrefGoogle Scholar
  • IBM (2019) 2019 cost of data breach report. Accessed May 2, 2020 https://www.ibm.com/security/data-breach.Google Scholar
  • ID Theft Resource Center (2018) ID Theft Resource Center (ITRC) data breach overview 2005 to 2017. Accessed May 2, 2020, https://www.idtheftcenter.org/images/breach/Overview20052017.pdf.Google Scholar
  • Jenkins JL, Durcikova A, Ross G, Nunamaker Jr JF (2010) Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior. Internat. Conf. Inform. Systems (ICIS), St. Louis, MO, 1–18.Google Scholar
  • Jick TD (1979) Mixing qualitative and quantitative methods: Triangulation in action. Admin. Sci. Quart. 24(4):602–611.Google Scholar
  • Kalisch BJ, Kalisch PA (1977) An analysis of the sources of physician nurse conflict. J. Nursing Admin. 7(1):50–57.CrossrefGoogle Scholar
  • Kam H-J, Katerattanakul P, Hong S-G (2015) A tale of two cities: Information security policy compliance of the banking industry in the United States and South Korea. 23rd Eur. Conf. Inform. Systems (ECIS 2015) (Association for Information Systems, Atlanta), Paper 90.Google Scholar
  • Keddy B, Gillis MJ, Jacobs P, Burton H, Rogers M (1986) The doctor-nurse relationship: An historical perspective. J. Advanced Nursing 11(6):745–753.CrossrefGoogle Scholar
  • Keil M, Tan BCY, Wei K-K, Saarinen T, Tuunainen V, Wassenaar A (2000) A cross-cultural study on escalation of commitment behavior in software projects. MIS Quart. 24(2):299–325.CrossrefGoogle Scholar
  • Kim LE, Jeffe DB, Evanoff BA, Mutha S, Freeman B, Fraser VJ (2001) Improved compliance with universal precautions in the operating room following an educational intervention. Infection Control Hospital Epidemiology 22(8):522–524.CrossrefGoogle Scholar
  • Klein M (2016) Educational expansion, occupational closure and the relation between educational attainment and occupational prestige over time. Sociology 50(1):3–23.CrossrefGoogle Scholar
  • Klein HK, Myers MD (1999) A set of principles for conducting and evaluating interpretive field studies in information systems. MIS Quart. 23(1):67–94.CrossrefGoogle Scholar
  • Klein RL, Bigley GA, Roberts KH (1995) Organizational culture in high reliability organizations: An extension. Human Relations 48(7):771–793.CrossrefGoogle Scholar
  • Kotulic AG, Clark JG (2004) Why there aren’t more information security research studies. Inform. Management 41(5):597–607.CrossrefGoogle Scholar
  • Kruskal WH, Wallis WA (1952) Use of ranks in one-criterion variance analysis. J. Amer. Statist. Assoc. 47(260):583–621.CrossrefGoogle Scholar
  • Kwon J, Johnson E (2018) Meaningful healthcare security: Does meaningful-use attestation improve information security performance? MIS Quart. 42(4):1043–1067.CrossrefGoogle Scholar
  • Laxmisan A, Hakimzada F, Sayan OR, Green RA, Zhang J, Patel VL (2007) The multitasking clinician: Decision-making and cognitive demand during and after team handoffs in emergency care. Internat. J. Medical Inform. 76(11):801–811.CrossrefGoogle Scholar
  • Lok P, Westwood R, Crawford J (2005) Perceptions of organisational subculture and their significance for organisational commitment. Appl. Psych. 54(4):490–514.CrossrefGoogle Scholar
  • Lowry PB, Gaskin J (2014) Partial least squares (PLS) structural equation modeling (SEM) for building and testing behavioral causal theory: When to choose it and how to use It. IEEE Trans. Professional Comm. 57(2):123–146.CrossrefGoogle Scholar
  • Mackay L (1993) Conflicts in Care Medicine and Nursing (Chapman & Hall, London).Google Scholar
  • Martin J, Siehl C (1983) Organizational culture and counter-culture. Organ. Dynam. 12(2):52–64.CrossrefGoogle Scholar
  • Mattarelli E, Bertolotti F, Incerti V (2015) The interplay between organizational polychronicity, multitasking behaviors and organizational identification: A mixed-methods study in knowledge intensive organizations. Internat. J. Human Comput. Stud. 79(July):6–19.CrossrefGoogle Scholar
  • Mellott M, Thatcher JB, Roberts N (2013) Electronic medical record compliance and continuity in delivery of care: An empirical investigation in a combat environment. Health Systems (Basingstoke) (2):147–161.CrossrefGoogle Scholar
  • Menard P, Warkentin M, Lowry PB (2018) The impact of collectivism and psychological ownership on protection motivation: A cross-cultural examination. Comput. Security (75):147–166.CrossrefGoogle Scholar
  • Miles MB, Huberman MA, Saldana J (2014) Qualitative Data Analysis: A Methods Sourcebook, 3rd ed. (Sage Publications, Thousand Oaks, CA).Google Scholar
  • Mingers J (2001) Combining IS research methods: Toward a pluralist methodology. Inform. Systems Res. 12(3):240–259.LinkGoogle Scholar
  • Mountenay B, Brady C (2019) What your staff doesn’t know about HIPAA can kill you. Accessed May 2, 2020 https://news.bloomberglaw.com/bloomberg-law-analysis/analysis-what-your-staff-doesnt-know-about-hipaa-can-kill-you.Google Scholar
  • Myers MD, Newman M (2007) The qualitative interview in IS research: Examining the craft. Inform. Organ. 17(1):2–26.CrossrefGoogle Scholar
  • Nagin DS, Pogarsky G (2001) Integrating celerity, impulsivity, and extralegal sanction threats into a model of general deterrence and evidence. Criminology 39(4):865–891.CrossrefGoogle Scholar
  • Nylinder P (2011) Perception of budgetary control: A study of differences across managers in Swedish public primary healthcare related to professional background and sex. J. Nursing Management 19(5):664–672.CrossrefGoogle Scholar
  • Peace AG, Galletta DF, Thong JYL (2003) Software piracy in the workplace: A model and empirical test. J. Management Inform. Systems 20(1):153–177.CrossrefGoogle Scholar
  • Petter S (2018) Haters gonna hate’: PLS and information systems research. Data Base Adv. Inform. Systems 49(2):10–13.CrossrefGoogle Scholar
  • Pierson B (2017) Anthem to pay record $115 million to settle U.S. lawsuits over data breach. Accessed May 2, 2020, https://www.reuters.com/article/us-anthem-cyber-settlement-idUSKBN19E2ML.Google Scholar
  • Raman R, Bharadwaj A (2012) Power differentials and performative deviation paths in practice transfer: The case of evidence-based medicine. Organ. Sci. 23(6):1593–1621.LinkGoogle Scholar
  • Ringle CM, Wende S, Will A (2005) SmartPLS 2.0 (M3). Accessed June 6, 2020, http://www.smartpls.com.Google Scholar
  • Roberts SJ (1983) Oppressed group behavior: Implications for nursing. ANS. Adv. Nurs. Sci. 5(4):21–30.CrossrefGoogle Scholar
  • Robey D, Azevedo A (1994) Cultural analysis of the organizational consequences of information technology. Account. Management. Inform. Tech. 4(1):23–27.CrossrefGoogle Scholar
  • Sarker S, Sarker S (2009) Exploring agility in distributed information systems development teams: An interpretive study in an offshoring context. Inform. Systems Res. 20(3):440–461.Google Scholar
  • Sarker S, Ahuja M, Sarker S (2018) Work–life conflict of globally distributed software development personnel: An empirical investigation using border theory. Inform. Systems Res. 29(1):103–126.LinkGoogle Scholar
  • Sarkar S, Ghosh K, Petter S (2020) Using secondary data to tell a new story: A cautionary tale in health information technology research. Comm. Assoc. Inform. Systems. Forthcoming.Google Scholar
  • Sarker S, Xiao X, Bealieu T, Lee AS (2018a) Learning from first-generation qualitative approaches in the IS discipline: An evolutionary view and some implications for authors and evaluators (part 1/2). J. Assoc. Inform. Systems 19(8):752–774.Google Scholar
  • Schein EH (2010) Organizational Culture and Leadership, 4th ed. (Jossey-Bass, San Francisco).Google Scholar
  • Schneider SM, Gallery ME, Schafermeyer R, Zwemer FL (2003) Emergency department crowding: A point in time. Ann. Emergency Medicine 42(2):167–172.CrossrefGoogle Scholar
  • Schofield J (2018) GDPR: How can I email data securely to comply with the new regulations? The Guardian (March 29), https://www.theguardian.com/technology/askjack/2018/mar/29/gdpr-email-data-protection-regulations-secure.Google Scholar
  • Schouten JW, McAlexander JH (1995) Subcultures of consumption: An ethnography of the new bikers. J. Consum. Res. 22(1):43–61.CrossrefGoogle Scholar
  • Scott T, Mannion R, Davies H, Marshall M (2003a) Healthcare Performance and Organisational Culture (Radcliff Medical Press, Oxon, UK).Google Scholar
  • Scott T, Mannion R, Davies HTO, Marshall MN (2003b) Implementing culture change in healthcare: Theory and practice. Internat. J. Qual. Health Care 15(2):111–118.CrossrefGoogle Scholar
  • Seidel S, Recker J, Brocke J (2013) Sensemaking and sustainable practicing: Functional affordances of information systems in green transformations. MIS Quart. 37(4):1275–1299.CrossrefGoogle Scholar
  • Sheeran P (2002) Intention-behaviour relations: A conceptual and empirical review. Eur. Rev. Soc. Psych. 12(1):1–36.Google Scholar
  • Shortell SM (1974) Occupational prestige differences within the medical and allied health professions. Soc. Sci. Medicine (1967) 8(1):1–9.Google Scholar
  • Silic M, Barlow JB, Back A (2017) A new perspective on neutralization and deterrence: Predicting shadow IT usage. Inform. Management 54(8):1023–1037.CrossrefGoogle Scholar
  • Siponen M, Vance A (2010) Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quart. 34(3):487–502.CrossrefGoogle Scholar
  • Siponen M, Vance A (2014) Guidelines for improving the contextual relevance of field surveys: The case of information security policy violations. Eur. J. Inform. Systems 23(3):289–305.Google Scholar
  • Siponen M, Puhakainen P, Vance A (2020) Can individuals’ neutralization techniques be overcome? A field experiment on password policy. Comput. Security 88:1–12.CrossrefGoogle Scholar
  • Skårderud F (2007) Eating one’s words: Part III. Mentalisation-based psychotherapy for anorexia nervosa—an outline for a treatment and training manual. Eur. Eating Disorder Rev. 15(5):323–339.CrossrefGoogle Scholar
  • Stratton KM, Blegen MA, Pepper G, Vaughn T (2004) Reporting of medication errors by pediatric nurses. J. Pediatric Nurse 19(6):385–392.CrossrefGoogle Scholar
  • Straub DW (1990) Effective IS security: An empirical study. Inform. Systems Res. 1(3):255–276.LinkGoogle Scholar
  • Straub DW, Nance WD (1990) Discovering and disciplining computer abuse in organizations: A field study. MIS Quart. 14(1):45–60.CrossrefGoogle Scholar
  • Straub D, Boudreau M-C, Gefen D (2004) Validation guidelines for IS positivist research. Comm. Assoc. Inform. Systems (13):380–427.Google Scholar
  • Strauss AL, Corbin J (1994) Grounded Theory Methodology: An Overview (Sage, Thousand Oaks, CA).Google Scholar
  • Sweet SJ, Norman IJ (1995) The nurse-doctor relationship: A selective literature review. J. Advanced Nursing 22(1):165–170.CrossrefGoogle Scholar
  • Sykes GM, Matza D (1957) Techniques of neutralization: A theory of delinquency. Amer. Sociol. Rev. 22(6):664–670.CrossrefGoogle Scholar
  • Trevino LK (1992) Experimental approaches to studying ethical-unethical behavior in organizations. Bus. Ethics Quart. 2(2):121–136.CrossrefGoogle Scholar
  • Tuunanen T, Kuo IT (2015) The effect of culture on requirements: a value-based view of prioritization. Eur. J. Inform. Systems 24(3):295–313.CrossrefGoogle Scholar
  • Ugrin JC, Pearson JM, Odom MD (2007) Profiling cyber-slackers in the workplace: Demographic, cultural, and workplace factors. J. Internet Commerce 6(3):75–89.CrossrefGoogle Scholar
  • U.S. Department of Health and Human Services (2018a) Anthem pays OCR $16 million in record HIPAA settlement following largest U.S. health data breach in history. Accessed May 2, 2020, https://www.hhs.gov/about/news/2018/10/15/anthem-pays-ocr-16-million-record-hipaa-settlement-following-largest-health-data-breach-history.html.Google Scholar
  • U.S. Department of Health and Human Services (2018b) Federal register. Accessed May 2, 2020, https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf.Google Scholar
  • U.S. Department of Health and Human Services (2020) U.S. Department of Health and Human Services Office for Civil Rights. Breach portal: Notice to the secretary of HHS breach of unsecured protected health information. Accessed June 6, 2020, https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.Google Scholar
  • Vance A, Benjamin Lowry P, Eggett D (2015) Increasing accountability through user-interface design artifacts: A new approach to addressing the problem of access-policy violations. MIS Quart. 39(2):345–366.CrossrefGoogle Scholar
  • Vance A, Lowry PB, Eggett D (2013) Using accountability to reduce access policy violations in information systems. J. Management Inform. Systems 29(4):263–290.CrossrefGoogle Scholar
  • Vance A, Siponen M, Straub D (2020) Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures. Inform. Management 57(4):1–9.CrossrefGoogle Scholar
  • Vance A, Brinton Anderson B, Brock Kirwan C, Eargle D (2014) Using measures of risk perception to predict information security behavior: Insights from electroencephalography (EEG). J. Assoc. Inform. Systems 15(10):679–722.Google Scholar
  • Vance A, Jenkins JL, Anderson BB, Bjornn DK, Kirwan CB (2018) Tuning out security warnings: A longitudinal examination of habituation through fMRI, eye tracking, and field experiments. MIS. Quart. 42(2):355–380.CrossrefGoogle Scholar
  • Venkatesh V, Brown SA, Bala H (2013) Bridging the qualitative-quantitative divide: Guidelines for conducting mixed methods research in information systems. MIS Quart. 37(1):21–54.CrossrefGoogle Scholar
  • Venkatesh V, Brown SA, Sullivan YW (2016) Guidelines for conducting mixed-methods research: An extension and illustration. J. Assoc. Inform. Systems 17(7):435–495.Google Scholar
  • von Meier A (1999) Occupational cultures as a challenge to technological innovation. IEEE Trans. Engrg Management 46(1):101–114.CrossrefGoogle Scholar
  • Vroom C, von Solms R (2004) Toward information security behavioural compliance. Comput. Security 23(3):191–198.CrossrefGoogle Scholar
  • Wallander L (2009) 25 Years of factorial surveys in sociology: A review. Soc. Sci. Res. 38(3):505–520.CrossrefGoogle Scholar
  • Walsham G (1995) Interpretive case studies in IS research: Nature and method. Eur. J. Inform. Systems 4(2):74–81.CrossrefGoogle Scholar
  • Walsham G (2006) Doing interpretive research. Eur. J. Inform. Systems 15(3):320–330.CrossrefGoogle Scholar
  • Weber J (1992) Scenarios in business ethics research: Review, critical assessment, and recommendations. Bus. Ethics Quart. 2(2):137–160.CrossrefGoogle Scholar
  • West M, Topakas A, Dawson J (2014) Climate and culture for healthcare performance. Barbera KM, ed. The Oxford Handbook of Organizational Climate and Culture (Oxford University Press, New York), 335–359.Google Scholar
  • Willison R, Warkentin M (2013) Beyond deterrence: An expanded view of employee computer abuse. MIS Quart. 37(1):1–20.CrossrefGoogle Scholar
  • Workman M, Bommer WH, Straub D (2008) Security lapses and the omission of information security measures: A threat control model and empirical test. Comput. Human Behavior 24(6):2799–2816.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree