Information Security Management: The Impacts of Organizational Commitment and Perceived Consequences of Security Breach on the Intention of Patients’ Information Security Violation

Information security is a vital issue and nowadays, organizations all over the world have felt this fact. In the majority of the research conducted in this field, the role of human factor has been neglected and the past research has employed a technical approach to tackle this issue. The present article has been conducted with the aim of studying the impacts of personnel’s perceptions about the consequences of sensitive information disclosure and personnel’s organizational commitment on their intention to violate the information security.

The sample for this research was composed of 118 physicians, working in education specialized hospitals in Isfahan, who were nonrandomly surveyed by using the scale adapted from D’Arcy et al. for security policy, including 7 items and Allen and Meyer for organizational commitment, including 24 items. After confirming its validity by face validity, content validity and construct validity, and its reliability by Cronbach’s alpha and composite reliability, the hypotheses were examined by using partial least square technique, using SmartPLS.

The results of this study illustrated that physicians’ perceptions toward organizational policies- which is an indication of certainty and severity of sanctions against unauthorized information disclosure has a negative impact on their intention to violate information security (P<0.001). Moreover, the results demonstrated that physicians’ perceptions about the impact of organizational commitment, consisting of affective commitment, normative commitment, and continuance commitment had no significant impact on their intention to violate information security. Ethical Considerations: Participation was voluntarily, participants’ oral consent was obtained and their identity confidentiality was also assured.

Organizational policies in the sense of severity and certainty of the sanctions should be enhanced at the hospital and even ministry level and communicated with service providers in the health centers by using different tools.