BACKGROUND
Most data breaches in health care organizations are caused by human factors. The medical environment has specific characteristics that might impact the decision and behavior of their employee, including in performing security practices.
OBJECTIVE
This study aims to review the literature on antecedent factors of information security behavior in health care organizations based on various stakeholders’ perspectives (clinical staff, non-clinical staff, medical students, and patients) and different types of health care entities (hospital, clinic, medical center, and others).
METHODS
This review searched academic articles on five online databases (Scopus, PubMed/MedLine, IEEE Xplore, Science Direct, SAGE) using specific keywords until 2022. Studies are selected following the Preferred Reporting Items for Systematic Reviews and Meta-Analyzes (PRISMA) protocol.
RESULTS
The result identifies antecedent factors that significantly influence the information security behavior of health information system users in various health care organizations. The factors are classified into individual and organizational factors. Top-three frequent individual factors are self-efficacy, perceived severity, and attitude, while frequent organizational factors are management support, cues to action, and organizational culture. Each factor is mapped on two types of security behavior, desirable and undesirable security behavior.
CONCLUSIONS
More individual factors are found significantly influence security behavior in health care organization. Previous studies in this field are still dominated by security compliance behavior. The researcher, manager of health care providers, and government should consider those factors to improve information security in health information system implementation.