Balancing Information Privacy and Operational Utility in Healthcare: Proposing a Privacy Impact Assessment (PIA) Framework
European Journal of Information Systems (EJIS), Forthcoming
45 Pages Posted: 15 Sep 2022
Date Written: July 05, 2022
Abstract
One needs to look only at recent data breaches to be reminded of the severe and far-reaching damage caused by privacy threats. Considering these threats, healthcare leaders strive to understand how to protect patient information without losing the benefits (utility) that result from privacy-preserving mechanisms. Our study examines the relatively unexplored issue of simultaneously responding to information privacy threats and maintaining utility. Thus, we also identify a symbiotic relationship between these two focal and interdependent efforts. We adopt an interpretive, qualitative research method leveraging the value-focused thinking (VFT) approach, which results in two major contributions: (1) the development of a value-driven framework presented as a means-end objective network that provides a list of 16 means objectives and seven key fundamental objectives enabling higher-quality decision-making vis-à-vis privacy and utility; (2) Our second and central contribution is a theoretical framework of privacy impact assessment (PIA), emphasising the interplay and balance between making appropriate decisions in responding to information privacy while not hindering business operations. This research provides the foundation for proposing four compelling propositions for future healthcare privacy research.
Keywords: information privacy, healthcare, operational utility, business impacts, value-focused thinking (VFT), qualitative research, organisational privacy, privacy impact assessment (PIA)
Suggested Citation: Suggested Citation