Security Policy Interpretation and Compliance Behavior Among NonTechnical Healthcare Staff

Abstract

Healthcare organizations have information security policies that are formal rules and procedures aimed at protecting sensitive patient data, providing confidentiality, and preventing cybersecurity threats. Even with the presence of such policies, non-technical healthcare workers usually find it difficult to read and understand them properly, which exposes a level of institutional security vulnerability of information. The paper explores the way in which non-technical employees perceive, read, and execute the security policies, as well as addresses the determinants of compliance behavior, such as individual cognitive factors (e.g., self-efficacy, perceived severity), organizational culture, management support, training programs, and technological usage. The study employs a qualitative approach, summarizes the results of the empirical studies, systematic reviews, and focus groups analyses to establish the patterns of policy interpretation and compliance. The findings indicate that correct interpretation of security policies which is supported by awareness programs and organizational supportive structures plays a great role in increasing the compliance behavior and improper interpretation or lack of awareness training fosters non-compliance practices. The results of the study present suggestions to healthcare administrators and policymakers on how to create specific training, incorporate technological assistance, and establish an organizational culture that is security-based and inspires appreciation and compliance with the policies. The study can be used to add to the theoretical and practical knowledge of human factors in healthcare information security by providing a framework of how to increase policy compliance among non-technical staff.