Hospital characteristics associated with HIPAA breaches

The avoidance of HIPAA breaches has been important to hospital administrators since 1996. Research has not provided insight into what strategies are most effective. The purpose of this paper is to identify the relationship between hospital organizational characteristics and specific types of HIPAA breaches (hacking, improper disposal, loss, theft, and unauthorized access/disclosure. We sought to better equip hospital administrators' to both assess their organization's relative risk for certain types of breaches. We propose, based on the sociotechnical approach that the occurrence of a HIPAA breach can be conceived as a misalignment between the social aspects of an organization and its technical capabilities. A purposive sample of hospitals with active HIPAA breach investigations (n = 163) is analyzed via a dataset that combines hospital characteristics from the American Hospital Association and HIPAA breach data from the Office of Civil Rights. The results of the analyses support the hypothesis of a relationship between hospital organizational characteristics and the types of HIPAA breaches, and most especially the influence of EMR capabilities, hospital size, system membership, and teaching status on various types of HIPAA Breach. This finding might assist healthcare leaders with proactively dealing with their organizational risks for HIPAA breaches.