| The proliferation of digitized healthcare holds great promise for sharing medical data, improving healthcare quality, saving patient lives, and reducing costs. However, these potential benefits also draw much attention to the issue of information privacy. In the presence of increasing penalties for non-compliance, reputational loss, and privacy operational issues, organizations must find ways to appropriately respond to privacy threats without impeding healthcare workflow and work practices. Thus, the broad research question examined in this study is: How do healthcare organizations respond to information privacy threats and issues?.;This dissertation reports the results of a grounded theory study investigating the organizational responses to information privacy threats. The empirical evidence has been derived from healthcare organizations within the United States of America. The key finding is the emergence of the Privacy Impact Assessment, a central element in the process of effective organizational response to information privacy threats. Assessing the influences and dynamics of different drivers, while simultaneously accounting for the intended (positive impacts) and unintended (negative impacts) consequences is critical to understanding the processes by which organizations respond to privacy threats. The findings are summarized within a theoretical framework of organizational responses to information privacy threats.;The theoretical framework developed from this work is stated below: The Privacy Impact Assessment (PIA) within healthcare organizations is shaped by a dynamic interplay between privacy threats, organizational drivers, and the Imbalance Challenge. Responding to privacy threats without accounting for the Imbalance Challenge causes potential negative operational impacts to outweigh positive impacts. Therefore, the Privacy Impact Assessment is characterized by the iteration between undertaking a risk assessment of privacy threats and existing drivers, management of privacy safeguards, and evaluation of their impacts. In order to manage this process, healthcare leaders are driven to act proactively and to apply appropriate strategies to accurately assess privacy threats while handling the impact of privacy safeguard enactments on healthcare workflow and work practices..;This dissertation makes several contributions to the research literature in information systems, organizational behavior, and health informatics. First, this research provides new theoretical insights into understanding privacy management by targeting the organizational level of analysis through a grounded theory approach. Second, this study responds to a compelling call for research investigating the effectiveness and consequences of enacting privacy safeguards. Moreover, using a grounded theory, this study provides a rich lens to understand the consequences of privacy safeguards enactments and their implications on privacy compliance. Finally, this interdisciplinary study converges the research streams of information systems, organizational behavior, and Health informatics, and promotes synergy between academia and practice by offering practical implications for healthcare practitioners and insights for further theory development. |
