Information Security Management: The Impacts of Organizational Commitment and Perceived Consequences of Security Breach on the Intention of Patients’ Information Security Violation

Zahra Karimi, Hamid Reza Peikar



Background and Aim: Information security is a vital issue and nowadays, organizations all over the world have felt this fact. In the majority of the research conducted in this field, the role of human factor has been neglected and the past research has employed a technical approach to tackle this issue. The present article has been conducted with the aim of studying the impacts of personnel’s perceptions about the consequences of sensitive information disclosure and personnel’s organizational commitment on their intention to violate the information security.

Materials and Methods: The sample for this research was composed of 118 physicians, working in education specialized hospitals in Isfahan, who were non-randomly surveyed by using the scale adapted from D’Arcy et al. for security policy, including 7 items and Allen and Meyer for organizational commitment, including 24 items. After confirming its validity by face validity, content validity and construct validity, and its reliability by Cronbach’s alpha and composite reliability, the hypotheses were examined by using partial least square technique, using SmartPLS.

Findings: The results of this study illustrated that physicians’ perceptions toward organizational policies- which is an indication of certainty and severity of sanctions against unauthorized information disclosure has a negative impact on their intention to violate information security (P<0.001). Moreover, the results demonstrated that physicians’ perceptions about the impact of organizational commitment, consisting of affective commitment, normative commitment, and continuance commitment had no significant impact on their intention to violate information security.

Ethical Considerations: Participation was voluntarily, participants’ oral consent was obtained and their identity confidentiality was also assured.

Conclusion: Organizational policies in the sense of severity and certainty of the sanctions should be enhanced at the hospital and even ministry level and communicated with service providers in the health centers by using different tools.


Cite this article as: Karimi Z, Peikari HR. Information Security Management: The Impacts of Organizational Commitment and Perceived Consequences of Security Breach on the Intention of Patients’ Information Security Violation. Med Ethics J 2019; 13(44): e4.


Organizational Commitment; Information Security Violation Intention; Security Policy

Full Text:




Peikari HR, Zakaria MS, Norjaya MN, Hussain Shah M, Elhissi A. Role of CPOE usability in the reduction of prescribing errors. Healthc Inform Res 2013; 19(2): 93-101.

Hussain Shah M, Peikari HR. Usability and reduction of workload and medical errors; a survey amongst community physicians. Telemedicine and e-Health 2016; 2(1): 36-44.

Kuo A, Dang S. Secure Messaging in Electronic Health Records and Its Impact on Diabetes Clinical Outcomes: A Systematic Review. Telemedicine and e-Health 2016; 22(9): 125-132.

Luxton DD, Kayl RA, Mishkind MC. Health Data Security: The Need for HIPAA-Compliant Standardization. Telemedicine and e-Health 2012; 18(4): 124-131.

Fakhrzad M, Fakhrzad N, Dehghani M. The Role of Electronic Health Records in Presenting Health Information. Media 2012; 2(4): 31-40. [Persian]

Huffman E. Electronic Medical Record. Translated by Langarizadeh M. Tehran: Dibagaran; 2006.

Ghazi-Asgar M, Peikari HR, Ehteshami A. Health Information Management: Psychological factors influencing information privacy concerns in psychiatric hospitals. Bali Medical Journal 2018; 7(1): 1-7.

Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform 2013; 46(3): 541-562.

Farzandipour M, Sadoughi F, Ahmadi M, Karimi I. Security requirements and solutions in electronic health records: lessons learned from a comparative study. J Med Syst 2010; 34(4): 629-642.

Fernández-Alemán JL, Sánchez-Henarejos A, Toval A, Sánchez-García AB, Hernández-Hernández I, Fernandez-Luque L. Analysis of health professional security behaviors in a real clinical setting: an empirical study. Int J Med Inform 2015; 84(6): 454-467.

Khosravani M, Khosravani M, Rafiei F, Mohsenpour M. Organizational commitment and its dimensions in nurses working in Arak’s hospitals. Med Ethics J 2017; 11(39): 37-44. [Persian]

Siponen M, Vance A. Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly 2010; 34(3): 487-502.

Peikari HR, Ramayah T, Shah MH, Lo MC. Patients’ perception of the information security management in health centers: The role of organizational and human factors. BMC Med Inform Decis Mak 2018; 18(1):102-122.

Stanton JM, Stam KR, Mastrangelo P, Jolton J. Analysis of end user security behaviours. Computer & Security 2005; 24(2): 124-133.

Lusignan SD, Chan T, Theadom A, Dhoul N. The roles of policy and professionalism in the protection of processed clinical data: a literature review. Int J Med Inform 2007; 76(4): 261-268.

Mahdad A. Industrial and Organizational Psychology. Tehran: Jangal Publisher; 2016. [Persian]

Sedaghatifard M, Khalaj Asadi SH. Relation with job satisfaction Index to organizational commitment in faculty members of Islamic Azad University-Garmsar Branch. Journal of Modern Industrial/ Organization Psychology 2011; 2(6): 39-51. [Persian]

Allen N, Meyer J. The measurement and antecedents of affective, continuance and normative commitment. Journal of Occupational Psychology 1990; 63(1): 1-18.

Ghayour Baghbani SM, Shojaei Kalate Bali N, Chenarani H, Ashoori J. The Relationship between Organizational Commitment, Job Satisfaction and Social Orientation, and the Nurses’ Moral Behavior. Med Ethics J 2016; 10(37): 27-36. [Persian]

Zahed Babelan A, Khaleg Khah A, Kazemi S, Gharibzadeh R. The Role of Spiritual Leadership and Professional Ethics in Organizational Commitment of Health Care Workers. Bioethics Journal 2017; 7(26): 23-30. [Persian]

D’Arcy J, Hovav A, Galletta D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 2009; 20(1): 79-98.

Albert L, Michelle M, Yair L. Examining users’ personal information sharing awareness, habits, and practices in social networking sites and e-learning systems. Online Journal of Applied Knowledge Management 2015; 3(1): 180-207.

Kruger HA, Kearney WD. A prototype for assessing information security awareness. Computer & Security 2006; 25(4): 289-296.

Sohrabi Safa N, Von Solms R, Furnell S. Information security policy compliance model in organizations. Computers & Security 2016; 56: 70-82. [Persian]

Karami M, Safdari R, Soltani A. Patient's Information Rights: Strategies for Information Security in the Electronic Environment. Medical ethics 2013; 7(25): 83-96. [Persian]

Hasanzadeh M, Karimzadegan Moghadam D, Jahangiri N. Provide a conceptual framework for evaluating the enrichment and education of information security awareness of users. J of Syst Inf Serv 2011; 1(2): 1-16. [Persian]

Elahi S, Taheri M, Hassanzadeh A. A framework for the role of human factors in information systems' security. Management Research in Iran (Modares Human Sciences) 2009; 13(2): 1-22. [Persian]

Kluge EHW. Secure e-health: managing risks to patient health data. Int J Med Inform 2007; 76(5): 402-406.

Karimi Z, Peikari HR. The Impact of Nurses’ Perceived Information Security Training and Information Security Policy Awareness on their Perceived Severity and Certainty of Information Security Breach Penalties (Case: the Educational Specialized Hospitals of Isfahan City). JNE 2018; 7(2): 17-24. [Persian]

Waldo RF, Antonsen E, Ekstedt M. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security 2014; 43: 90-110.

Barton KA, Tejay G, Lane M, Terrell S. Information system security commitment: A study of external influences on senior management. Computers & Security 2016; 59: 9-25.

Chong VK, Eggleton IRC. The impact of reliance on incentive-based compensation schemes, information asymmetry and organisational commitment on managerial performance. Management Accounting Research 2007; 18(3): 312-342.

Koskosas I, Kakoulidis K, Siomos CH. Information Security: Corporate Culture and Organizational Commitment. International Journal of Humanities and Social Science 2011; 1(3): 1-12.

Ziaee MS, Roshandel Arbatani T, Nargesian A. Examine the relationship between organizational culture and organizational commitment among the staff of the library of Tehran University: Based on the Denison organizational culture model. Journal of Academic Library and Information Science (LIS) 2011; 45(1): 42-79. [Persian]


  • There are currently no refbacks.

Creative Commons License

This journal is distributed under the terms of CC BY-NC 4.0. Copyright © 2017 Medical Ethics Journal. All rights reserved. All credits and honors to PKP for their OJS.

For Author | Online Submission | About Contact