Date of Award


Document Type


Copyright Status, No Creative Commons License

All Rights Reserved

Degree Name

Doctor of Philosophy (Ph.D.) Nursing




Background. Health information system security and privacy are critical issues that impact the wide use of the Electronic Health Record (EHR) in healthcare including hospitals, providers and health systems (Breaches Affecting 500 or More Individuals, 2017). These issues have been researched from a technology standpoint in this era of accelerated electronic health record adoption, but less has been done related to the EHR users in the United States. Most of the literature related to security and privacy explores research topics, peripheral and direct, regarding policy adherence mechanisms. Yet to be studied is a social science exploration of nurses’ risk knowledge and risk behaviors associated with security and privacy issues. Purpose. This dissertation examines characteristics related to cybersecurity practices of new nurses a year following graduation from nursing school where they may have been prepared to work in environments with EHRs. The study will explore their understanding of cybersecurity as it relates to use and protection of the sources of information in the EHRs, and their own personal risk behaviors with mobile technologies that may put them at risk to outside hacking or misuse of information. The questions that drive the study are the associations with nurses’ knowledge of information system security, risk behaviors specifically with mobile device use, and their threat appraisal that may influence their personal habits and their concern for potential misuse of their own electronic health information. Method. A web-based survey was emailed to a sample of new graduates who completed the National Student Nurses’ Association (NSNA) Annual Survey and gave their permanent email address voluntarily to be contacted again for additional surveys. The survey designed in SurveyMonkey®, the same approach used with this sample in prior studies, was sent to a list of 3,000 addresses. The variables of interest are Knowledge of Information System Security (KISS), ii Risk Behaviors (RB), Personal Technology Practices (PTP), Mobile Device Habits (MDH), Threat Appraisal (Internal and External), Concern for Information Privacy (CFIP), and Information Privacy Protection Response (IPPR). Pilot Testing. Several measures developed for the study were tested on a sample of senior graduating nursing students (n=167) to assess their validity and reliability, including KISS, RB and PTP. Prior to data collection, the new items were assessed for content validity by five judges in preparation to be tested for reliability analysis. A paper-pencil version of the new items was distributed to the nursing students just prior to their graduation. Their responses were entered and analyzed using SPSS, which yielded a final set of items with acceptable reliability (α = .700), These new items were combined with the other variables of previously studied items, slightly modified, for integration on the final tool. Additional demographic questions and mobile device usage were added. Procedures. The final survey was distributed to the list of participants (n=3,000), anticipating a 10 - 20% return rate that would yield 300 - 600 subjects. A reminder was sent every 2 weeks for 6 weeks while the study remained open. Participants were offered an incentive of being eligible for a $250 drawing at the conclusion of the study. Analysis. The first level of analysis included an extensive descriptive analysis of the frequencies and measures of central tendency for subject self-reported mobile device frequency and types of use. The subsequent analysis included a series of correlations calculated on the variables of interest to determine the relationships of predicted relationships. The model did not support the predictions and an adjusted model was proposed for future studies on the measured variables and demographic variables of interest. iii Limitations. The pilot study was distributed in a paper format whereas the proposed format for the national study used an electronic medium. Conclusions. This study provided information about the relationship between the core variables and demographic components. These findings could inform educators and employers about new nurses’ knowledge and risk behaviors related to information system security.

Related Pillar(s)


Included in

Nursing Commons