Information security climate and the assessment of information security risk among healthcare employees

Stacey R. Kessler, Shani Pindek, Gary Kleinman, Stephanie A. Andel, Paul E. Spector

Research output: Contribution to journalArticlepeer-review


Since 2009, over 176 million patients in the United States have been adversely impacted by data breaches affecting Health Insurance Portability and Accountability Act–covered institutions. While the popular press often attributes data breaches to external hackers, most breaches are the result of employee carelessness and/or failure to comply with information security policies and procedures. To change employee behavior, we borrow from the organizational climate literature and introduce the Information Security Climate Index, developed and validated using two pilot samples. In this study, four categories of healthcare professionals (certified nursing assistants, dentists, pharmacists, and physician assistants) were surveyed. Likert-type items were used to assess the Information Security Climate Index, information security motivation, and information security behaviors. Study results indicated that the Information Security Climate Index was related to better employee information security motivation and information security behaviors. In addition, there were observed differences between occupational groups with pharmacists reporting a more favorable climate and behaviors than physician assistants.

Original languageEnglish
Pages (from-to)461-473
Number of pages13
JournalHealth Informatics Journal
Issue number1
StatePublished - 1 Mar 2020

Bibliographical note

Publisher Copyright:
© The Author(s) 2019.


  • cybersecurity
  • electronic health records
  • information protection
  • information security
  • organizational climate

ASJC Scopus subject areas

  • Health Informatics


Dive into the research topics of 'Information security climate and the assessment of information security risk among healthcare employees'. Together they form a unique fingerprint.

Cite this