A significant concern in healthcare is that of patient privacy and how organizations protect against unauthorized access to protected health information. The federal government has responded by instituting policies and guidelines on requirements for protection. However, the policy language leaves areas open to interpretation by those following the guidelines. Reporting to the Office for Civil Rights and/or the patient can open an organization to risk of financial and possible criminal penalties. There is a risk of harm to their reputation which could impact patient visits and market share. Therefore, Privacy Officers might view risk in different ways and therefore handle breach reporting differently. Privacy Officers are responsible for determining an individual organization's breach reportability status. Their processes may vary dependent on their knowledge of the policy, the status of previous reported breaches, and their framing of an incident. This research aims to explore the following factors: (1) personal and organizational knowledge, (2) prior breach status, (3) and scenario framing, to explore if Prospect Theory is applicable to the choices a Privacy Officer makes regarding breach determination. The study uses primary data collection through a survey that includes loss and gain scenarios in accordance with Prospect Theory. Individuals listed as Privacy Officers within the American Health Information Management Association (AHIMA) were the target audience for the survey. Univariate, Bivariate, Multivariate, and Post Regression techniques were used to analyze the data collected. The findings of the study supported the theoretical framework and provided industry and public affairs implications. These findings show that there is a gap where Privacy Officers have to make their own decisions and there is a difference in the types of decisions they are making on a day to day basis. Future guidance and policies need to address these gaps and can use the insight provided by this study.
Doctor of Philosophy (Ph.D.)
College of Community Innovation and Education
Public Affairs; Health Services Management and Research
Length of Campus-only Access
Doctoral Dissertation (Campus-only Access)
Walden, Amanda, "Risk in Privacy Breach Determination: The Application of Prospect Theory to Healthcare Privacy Officers" (2018). Electronic Theses and Dissertations, 2004-2019. 6270.