Information Technology Reference
In-Depth Information
Directors, IT security officers, as well as the CTO,
CIO, CFO, and/or CSO from covered entities in
Washington State.
entities. The variables are the security require-
ments listed in the administrative simplification
section of the HIPAA regulation as stated in the
Federal Register volume 70.
Part 3 of the survey was designed using a
Likert scale. It was aimed at determining which
of the main factors suggested by the literature
(ambiguities in the HIPAA security rule, mis-
understanding of HIPAA security rules, lack of
guidance, the absence of an official certification
process, lack of interest in compliance, high cost,
lack of expertise in security, absence of effective
leadership, complexity of the HIPAA security
rule and lack of expertise) is/are a hindrance to
the implementation of the HIPAA security rule.
The last question was designed to capture the
level of HIPAA security rule readiness of covered
entities. It is also used to test the validity of the
data collected.
Pilot Test of the Instrument
The instrument used in this study has been through
a face validity process, which ensures that the
instrument is at least superficially capturing what
is intended to measure. A comparison between the
final HIPAA security rule requirements and the
instrument was also conducted to make sure that
the questionnaire is covering and reflecting the
security rule requirements.
Content validity was used to minimize the
subjectivity factor that may hinder the face validity
process. The feedback from a panel of experts was
used to achieve content validity. Enhancements
and changes suggested were made to the survey.
Reliability on the other hand is about the con-
sistency of results and whether it is free of random
or unstable errors. The use of an online form that
channel information directly to a database did
minimize these types of errors. The researcher,
also made every effort in minimizing errors in
the process of entering the data collected using
the paper version of the survey.
The rule of thumb suggests that if
n
>30, then
assume that
n
is sufficiently large, the sampling
distribution is approximately normal. The Central
Limit Theorem and triangulation were applied to
and used in this study.
DATA ANALYSIS
Pilot Test
A pilot test was conducted to evaluate the effec-
tiveness of the instrument, to ensure the clarity,
understandability, and choice exhaustivity of the
responses included in the instrument.
While the pilot test indicated that the instru-
ment was in fact well formulated and constructed,
minor wording changes were implemented to
improve the clarity and subsequently improve
the response rate.
The survey instrument was formulated directly
from the HIPAA Security Rule Official Document
(Federal Register / Vol. 70, No. 198 / Friday,
October 14, 2005) and field-tested. There did not
appear to be any misunderstanding or confusion
as to the questions being asked. The pilot test data
analysis indicated that the instrument is valid for
this research.
Variables to be Measured
Part 1 of the survey was designed to collect de-
mographic information about covered entities,
security officer identity and qualifications, and
when a budget is allocated for the implementation
of the HIPAA security rule process.
Part 2 on the other hand was designed to capture
the impact of the HIPAA security rule on ePHI
security within healthcare institutions or covered
Search WWH ::
Custom Search