Good News and Bad News About Incentives to Violate the Health Insurance Portability and Accountability Act (HIPAA): Scenario-Based Questionnaire Study

JMIR Med Inform 2020 | vol. 8 | iss. 7 | e15880 | p. 1

15 Pages Posted: 5 Aug 2021

See all articles by Joana Gaia

Joana Gaia

State University of New York at Buffalo

Xunyi Wang

Baylor University - Hankamer School of Business

Chul Woo Yoo

Florida Atlantic University

G. Lawrence Sanders

State University of New York at Buffalo

Date Written: 2020

Abstract

Background: The health care industry has more insider breaches than any other industry. Soon-to-be graduates are the trusted insiders of tomorrow, and their knowledge can be used to compromise organizational security systems.

Objective: The objective of this paper was to identify the role that monetary incentives play in violating the Health Insurance Portability and Accountability Act’s (HIPAA) regulations and privacy laws by the next generation of employees. The research model was developed using the economics of crime literature and rational choice theory. The primary research question was whether higher perceptions of being apprehended for violating HIPAA regulations were related to higher requirements for monetary incentives.

Methods: Five scenarios were developed to determine if monetary incentives could be used to influence subjects to illegally obtain health care information and to release that information to individuals and media outlets. The subjects were also asked about the probability of getting caught for violating HIPAA laws. Correlation analysis was used to determine whether higher perceptions of being apprehended for violating HIPAA regulations were related to higher requirements for monetary incentives.

Results: Many of the subjects believed there was a high probability of being caught. Nevertheless, many of them could be incentivized to violate HIPAA laws. In the nursing scenario, 45.9% (240/523) of the participants indicated that there is a price, ranging from US $1000 to over US $10 million, that is acceptable for violating HIPAA laws. In the doctors’ scenario, 35.4%(185/523) of the participants indicated that there is a price, ranging from US $1000 to over US $10 million, for violating HIPAA laws. In the insurance agent scenario, 45.1% (236/523) of the participants indicated that there is a price, ranging from US $1000 to over US $10 million, for violating HIPAA laws. When a personal context is involved, the percentages substantially increase. In the scenario where an experimental treatment for the subject’s mother is needed, which is not covered by insurance, 78.4%(410/523) of the participants would accept US $100,000 from a media outlet for the medical records of a politician. In the scenario where US $50,000 is needed to obtain medical records about a famous reality star to help a friend in need of emergency medical transportation, 64.6% (338/523) of the participants would accept the money.

Conclusions: A key finding of this study is that individuals perceiving a high probability of being caught are less likely to release private information. However, when the personal context involves a friend or family member, such as a mother, they will probably succumb to the incentive, regardless of the probability of being caught. The key to reducing noncompliance will be to implement organizational procedures and constantly monitor and develop educational and training programs to encourage HIPAA compliance.

Note: Funding: This study is based upon the work supported by the National Science Foundation under Grant No 1754085.

Declaration of Interests: None declared.

Ethics Approval Statement: The local institutional review board approved the protocol for the pilot study and the main study.

Keywords: cyber security; data security; Health Insurance Portability and Accountability Act; motivation; economics of crime; rational choice theory

Suggested Citation

Gaia, Joana and Wang, Xunyi and Yoo, Chul Woo and Sanders, G. Lawrence, Good News and Bad News About Incentives to Violate the Health Insurance Portability and Accountability Act (HIPAA): Scenario-Based Questionnaire Study (2020). JMIR Med Inform 2020 | vol. 8 | iss. 7 | e15880 | p. 1, Available at SSRN: https://ssrn.com/abstract=3881329

Joana Gaia

State University of New York at Buffalo

Amherst, NY 14260
United States

Xunyi Wang

Baylor University - Hankamer School of Business ( email )

United States

Chul Woo Yoo

Florida Atlantic University

Boca Raton, FL 33431
United States

G. Lawrence Sanders (Contact Author)

State University of New York at Buffalo ( email )

Amherst, NY 14260
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
6
Abstract Views
32
PlumX Metrics