• Login
    View Item 
    •   DSpace@RPI Home
    • Rensselaer Libraries
    • RPI Theses Online (Complete)
    • View Item
    •   DSpace@RPI Home
    • Rensselaer Libraries
    • RPI Theses Online (Complete)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Three essays on data breaches and hospital operations : examining relationships with operating performance, it investments, and patient choice

    Author
    Ahn, Kyung Seon
    View/Open
    Ahn_rpi_0185E_12050.pdf (821.8Kb)
    Other Contributors
    McDermott, Christopher M.; Hekimoglu, M. Hakan; Yu, Shan; Sharma, Luv;
    Date Issued
    2022-08
    Subject
    Management
    Degree
    PhD;
    Terms of Use
    This electronic version is a licensed copy owned by Rensselaer Polytechnic Institute (RPI), Troy, NY. Copyright of original work retained by author.;
    Metadata
    Show full item record
    URI
    https://hdl.handle.net/20.500.13015/6241
    Abstract
    The importance of information in modern society cannot be overemphasized. The entry into the information society created the new opportunities for firms and the convenience for customers, but at the same time created an anxiety about data breaches. Despite the warnings and concerns of IT security experts, the number of data breaches is increasing every year, especially in the healthcare field. The purpose of this dissertation is to examine the direct and indirect effects of data breaches on healthcare organization. While the first essay examines the indirect effect of data breaches, the third essay explorers the direct effect. The second essay is about the critical factors of data breach incident at the healthcare organization.The chapter 2 investigates the relationship between data breaches and hospital operating expenses in the year of the data breach and in subsequent years with sample size of 9,430 hospitals with 128 data breach cases from 2012 to 2016. The data are collected from different sources. The list of hospitals that had the data breaches are collected U.S. Department of Health and Human Services Office for Civil Rights (HHS) and Privacy Rights Clearinghouse (PRC) and other variables are from RAND hospital data, the Centers for Medicare & Medicaid Servi ces (CMS), and HIMMS Analytics. The result of panel regression fixed model shows that when there’s a data breach in hospital, the operating expenses tend to increase. To explore whether this effect changes depending on the hospital characteristics, this essay adapts Routine Activity Theory from criminology. Since the data breaches can be occurred from insider, such as lost, improper disposal, or unauthorized access, this essay focuses the training the employees as the corrective action plan after data breaches which is the effort of decreasing the motivated offender inside the hospital. The two factors, Case Mix Index (CMI) and resident intensity are turned out to be function as the moderators of relationship between data breaches and hospital operating expenses. To be specific, if the CMI is higher, the hospital operating expenses tend to increase by 0.12% with the data breach incident. Likewise, the hospitals with high resident intensity shows 1.4% increase in operating expenses when the data breach occurred in the hospital. The chapter 3 seeks to find the antecedents of the data breach at the healthcare organizations. This essay begins from the contradictory result of the prior studies that while some studies found that more IT investments are associated with more likelihood of data breaches while another study found that IT investment decreases the chances of the data breaches. Employing the theory of information technology capability, this essay classifies EMR adoption speed, administrative HIT, and clinical HIT as the IT infrastructure, and augmented HIT as the human IT resources. With the 12,129 hospitals (200 data breaches) from 2012 to 2016, this study uses panel probit model to test the hypothesis. The result shows that while the EMR adoption speed, administrative HIT, and clinical HIT are associated with more data breach occurrences, the augmented HIT is with less data breach occurrences. The chapter 4 begins from the research question if the hospital volume decreases after data breaches for the short-term period while the prior paper found that there is no significant relationship between data breach and the number of patients with yearly data. Employing the theory of information privacy concern, this essay uses the data from Florida HealthFinder.gov which provides the quarterly data of the number of inpatient and outpatient data. By 1:5 propensity score matching using nearest neighbor within a caliper, this essay uses the difference-in-differences regression analysis to test the hypothesis.;
    Description
    August 2022; School of Management
    Department
    Lally School of Management;
    Publisher
    Rensselaer Polytechnic Institute, Troy, NY
    Relationships
    Rensselaer Theses and Dissertations Online Collection;
    Access
    Restricted to current Rensselaer faculty, staff and students in accordance with the Rensselaer Standard license. Access inquiries may be directed to the Rensselaer Libraries.;
    Collections
    • RPI Theses Online (Complete)

    Browse

    All of DSpace@RPICommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    Login

    DSpace software copyright © 2002-2023  DuraSpace
    Contact Us | Send Feedback
    DSpace Express is a service operated by 
    Atmire NV