OBJECTIVE: The focus of this research was on the indirect effects of management support (MS) on user compliance behaviour (UCB) towards information security policies (ISPs) among health professionals in selected Malaysian public hospitals. The aim was to identify significant factors and provide a clearer understanding of the nature of compliance behaviour in the health sector environment.
METHOD: Using a survey design and stratified random sampling method, self-administered questionnaires were distributed to 454 healthcare professionals in three hospitals. Drawing on theories of planned behaviour, perceived behavioural control (self-efficacy (SE) and MS components) and the trust factor, an information system security policies compliance model was developed to test three related constructs (MS, SE and perceived trust (PT)) and their relationship to UCB towards ISPs.
RESULTS: Results showed a 52.8% variation in UCB through significant factors. Partial least squares structural equation modelling demonstrated that all factors were significant and that MS had an indirect effect on UCB through both PT and SE among respondents to this study.
CONCLUSION: The research model based on the theory of planned behaviour in combination with other human and organisational factors has made a useful contribution towards explaining compliance behaviour in relation to organisational ISPs, with trust being the most significant factor. In adopting a multidimensional approach to management-user interactions via multidisciplinary concepts and theories to evaluate the association between the integrated management-user values and the nature of compliance towards ISPs among selected health professionals, this study has made a unique contribution to the literature.
DESIGN/METHODOLOGY/APPROACH: A literature review was performed on issues, sources, management and approaches to HISs-induced errors. A critical review of selected models was performed in order to identify medical error dimensions and elements based on human, process, technology and organisation factors.
FINDINGS: Various error classifications have resulted in the difficulty to understand the overall error incidents. Most classifications are based on clinical processes and settings. Medical errors are attributed to human, process, technology and organisation factors that influenced and need to be aligned with each other. Although most medical errors are caused by humans, they also originate from other latent factors such as poor system design and training. Existing evaluation models emphasise different aspects of medical errors and could be combined into a comprehensive evaluation model.
RESEARCH LIMITATIONS/IMPLICATIONS: Overview of the issues and discourses in HIS-induced errors could divulge its complexity and enable its causal analysis.
PRACTICAL IMPLICATIONS: This paper helps in understanding various types of HIS-induced errors and promising prevention and management approaches that call for further studies and improvement leading to good practices that help prevent medical errors.
ORIGINALITY/VALUE: Classification of HIS-induced errors and its management, which incorporates a socio-technical and multi-disciplinary approach, could guide researchers and practitioners to conduct a holistic and systematic evaluation.