A Multi-Objective Framework for Information Security Public Policy: The Case of Health Informatics

Author

Kane Smith, Virginia Commonwealth UniversityFollow

DOI

https://doi.org/10.25772/TDE2-7H20

Defense Date

2018

Document Type

Dissertation

Degree Name

Doctor of Philosophy

Department

Business

First Advisor

Dr. Gurpreet Dhillon

Second Advisor

Dr. Lemuria Carter

Abstract

Detailed holistic patient data is critical for healthcare organizations to better serve their patient populations. This information allows healthcare organizations to create a detailed and holistic record of a patient’s health. However, this large aggregation of personally identifiable patient data raises serious privacy and security concerns amongst patients. For this reason, patient concerns around the privacy and security of information retained by healthcare organizations must be addressed through the development of effective public policy. This research, therefore argues that any decision making process aimed at developing public policy dealing with patient data privacy and security concerns should not only address regulatory concerns, but also patient-centric values. To accomplish this task, multi-objective decision analytic techniques, with Nissenbaum’s (2004) contextual integrity as a normative framework are used. This is done to elicit patient-centric preferences to assist organizations and governmental institutions alike in dealing with their privacy and security concerns around patient data stored by Healthcare Systems.

Rights

© Kane J. Smith

Is Part Of

VCU University Archives

Is Part Of

VCU Theses and Dissertations

Date of Submission

5-1-2018