Cyber Security in Mental Health: An Assessment of Current Practice and Behavioral Intent

Author

Richard Hamilton Stotts, St. Mary's University

Department

Counseling and Human Services

Degree Name

Doctor of Philosophy (PhD)

Date of Award

4-26-2020

Format

PDF

Degree Level

Ph.D.

LCSH subject

Medical records; Access controls; Research -- Cyberspace; Security measures -- Computer security -- Computer networks; Security measures -- Medical informatics

ISBN

9798645470203

Medium

Manuscript

Proquest Document ID

2410758778

Identifier

ETD2020Stotts

School/University

St. Mary's University

Size or duration

vi, 112 pages

Copyright date

2020

Document Type

Dissertation

First Advisor

Ratliff, Dan

Second Advisor

Northrup, Jason

Third Advisor

O'Phelan, Moonyeen

Abstract

Mental health practitioners rely on digital systems to interact with and in some instances treat patients (Hydari, Telang, & Marella, 2015; Recupero, & Rainey, 2005). Yet, while widespread use of digital devices provides significant practical advantages, that same use exacerbates the possibility of a cyber breach (Guterman, 1999). This research describes mental health practitioners’ current cyber security practices and the factors influencing their behavioral intentions to implement cyber security within clinical mental health settings. Factors assessed included knowledge, self-efficacy, norms, threat awareness and penalties. Mental health practitioners (n = 210) from across the United States formed the sample population, received a Qualtrics on-line survey link through their affiliated professional organizations, and responded with the completed survey. Data was analyzed using structural equation modeling and SmartPLS. Results indicated although practitioners profess knowledge of legal and ethical requirements, actual behaviors do not reflect those assertions. Practitioners claimed knowledge of federal law (76.7%); knowledge of state law (70.5%); and knowledge of ethical guidelines (90.5%), yet only 32.4% of practitioners have conducted a risk assessment within the last year and more than 50% do not know how to conduct an assessment. Additionally, more than 20% of our colleagues believe professional liability insurance alone will prevent financial losses from a breach. Finally, 66% of our colleagues believe the cyber security threat is exaggerated. These findings suggest practitioner understanding of the requirements for addressing privacy and confidentiality risks in the use of digital systems fall short of desired standards

Recommended Citation

Stotts, Richard Hamilton, "Cyber Security in Mental Health: An Assessment of Current Practice and Behavioral Intent" (2020). Dissertations. 40.
https://commons.stmarytx.edu/dissertations/40

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.