HIPAA security: Intercultural perspectives of health information technology professionals and clinicians

The Health Insurance Portability and Accountability Act (HIPAA) affects Information Technology (IT) professionals and clinicians. A successful security implementation requires cooperation between professional and clinical staff and an equal understanding of the Act with an organizational viewpoint.; A three-phased human subjectivity study of the intercultural impacts on the security perceptions of IT personnel and clinicians within a complex health care organization was conducted using Q-methodology. Phases I and II were attended by each participant, with each phase consisting of a Q-sort and a different Condition of Instruction (COI): Phase I COI focused on how each respondent perceived the importance of stimuli selected from HIPAA's Security Rule in protecting electronic protected health information (EPHI). Phase II's COI appraised participant's ability to correctly forecast their counterpart's perception of a situation during three realistic security problems involving EPHI. These scenarios also tested any changes in the subjects' perception when faced with a practical application rather than a theoretical question. Phase III enabled the researcher to validate any changes in perception when a subject is confronted with realistic practical applications of security.; Phase I revealed four distinctive viewpoints, two of which, administratively minded and patient centric, indicate divergence in point of view. This phase also implies that professional and departmental cultures might be confounders and impact security perceptions together with job task Phase II outcomes revealed the inability of the respondents to predict what their coworkers will perceive as salient in any given security situation with an accuracy less than that of a flip of a coin, implying professionals should not be expected to know how security implementations will be perceived by their coworker without the coworker's input. Phase III results indicate people might adapt to security situations if the modifications or applications were described in a role-based environment modeled on a team concept. This study suggests that health care organizations need to include all departments in security development, and training should be conducted using behavior modification (modeling) if security programs are to be completely successful. Health care executives must view security as an organizational effort, committee based, and executively chaired.