One of the most vulnerable stakeholders that may violate health information privacy pre scribed in HIPAA (Health Insurance Portability and Accountability Act) are nursing students who have some limited access to EMR systems to retrieve health records while freely com municating with patients and relevant stakeholders. However, limited attention has been given to nursing students’ deviant behaviors. To fill this gap, this study develops a re search model of a nursing student’s behavior of disclosing health information by identifying the deterrent effects of health information security awareness (HISA) nurtured by nursing schools and personal values such as personal norms and self-control. Our study empirically tests the model and found that three learning components ((1) general information security awareness, (2) health information security regulation aware ness, and (3) punishment severity awareness) are significantly important to develop HISA. We find that HISA significantly affects personal norms and self-control which play as de terrence against the intention to disclose patients’ health information. As the importance of complying with HIPAA regulations and information security poli cies by employees who work in health care industry increases, our findings shed new light on the role of HISA and personal values in nursing education and the health care indus try’s efforts to protect patients’ health information.
Keywords: Health information security | awareness | Intention to disclose patients’ | health information | HIPAA | Nursing education | Health information privacy

The rapid digital transformation and technological disruption in modern organisations demand the development of people-centric security workplaces, whereby the employees can build up their security awareness and accountability for their actions via participation in the organisation’s social networks. The social network analysis approach offers a wide array of analytical capabilities to examine in-depth the interactions and relations within an organisation, which assists the development of such security workplaces. This paper pro poses the novel and practical adoption of social network analysis methods in behavioural information security field. To this end, we discuss the core features of the social network analysis approach and describe their empirical applications in a real case study of a large organisation in Vietnam, which utilised these methods to improve employees’ informa tion security awareness. Towards the end of the paper, a framework detailing the strategies for conducting social network analysis in the behavioural information security field is de veloped and presented.
Keywords: Information security behaviour | Information security compliance | Information security management | Information security governance | Social network analysis

computer law & s e c u r i t y review 33 ( 2 0 1 7 ) 309–323 http://dx.doi.org/10.1016/j.clsr.2017.03.002 Available online at www.sciencedirect.com www.compseconline.com/publications/prodclaw.htm A B S T R A C T Big Data analytics in national security, law enforcement and the fight against fraud have the potential to reap great benefits for states, citizens and society but require extra safeguards to protect citizens’ fundamental rights. This involves a crucial shift in emphasis from regulating Big Data collection to regulating the phases of analysis and use. In order to benefit from the use of Big Data analytics in the field of security, a framework has to be developed that adds new layers of protection for fundamental rights and safeguards against erroneous and malicious use. Additional regulation is needed at the levels of analysis and use, and the oversight regime is in need of strengthening. At the level of analysis – the algorithmic heart of Big Data processes – a duty of care should be introduced that is part of an internal audit and external review procedure. Big Data projects should also be subject to a sunset clause. At the level of use, profiles and (semi-) automated decision-making should be regulated more tightly. Moreover, the responsibility of the data processing party for accuracy of analysis – and decisions taken on its basis – should be anchored in legislation. The general and security-specific oversight functions should be strengthened in terms of technological expertise, access and resources. The possibilities for judicial review should be expanded to stimulate the development of case law. © 2017 Dennis Broeders, Erik Schrijvers, Bart van der Sloot, Rosamunde van Brakel, Josta de Hoog & Ernst Hirsch Ballin. Published by Elsevier Ltd. All rights reserved.
Keywords:Big Data | Security | Data protection | Privacy | Regulation | Fraud | Policing | Surveillance | Algorithmic accountability | the Netherlands