We use coping theory to explore an underlying relationship between employee stress caused by burdensome, complex, and ambiguous information security requirements (termed “security-related stress” or SRS) and deliberate information security policy (ISP) violations. Results from a survey of 539 employee users suggest that SRS engenders an emotion-focused coping response in the form of moral disengagement from ISP violations, which in turn increases one’s susceptibility to this behavior. Our multidimensional view of SRS—comprised of security-related overload, complexity, and uncertainty—offers a new perspective on the workplace environment factors that foster noncompliant user behavior and inspire cognitive rationalizations of such behavior. The study extends technostress research to the information systems security domain and provides a theoretical framework for the influence of SRS on user behavior. For practitioners, the results highlight the incidence of SRS in organizations and suggest potential mechanisms to counter the stressful effects of information security requirements.
Despite the fact that about 90 percent of information transactions in hospitals are communications between patients, doctors, nurses, and other staff, little research has addressed the role that information technology (IT) plays in improving the efficiency and effectiveness of these communications-based transactions. Addressing this research gap is important considering that a substantial number of adverse hospital events stem from communication failures. Furthermore, effective communication is a major driver of patient satisfaction in hospitals. Using a structure-process-outcome (SPO) framework and guided by the strategic role of IT literature, we develop a model that includes "structure," operationalized as organizational characteristics and two different categories of IT; "process," two different communication-based processes; and "outcomes," quantified as case-mix adjusted mortality, patient loyalty, and patient ratings. Specifically, we hypothesize that a subset of clinical IT (cardiology IT) will affect technical protocols of patient care, which in turn affects mortality, while administrative IT will affect interpersonal patient care, which relates to patient loyalty and ratings. Thus, IT can serve as a double-edged sword affecting both technical and interpersonal processes of care, but possibly independently and differentially. We test our hypotheses on 2,179 hospitals using data collected and matched from three different sources. Our findings suggest that different types of IT differentially affect hospital processes and these same processes influence performance metrics such as mortality and patient satisfaction. For example, cardiology IT has a greater effect on objective patient health status through improvements in the technical protocols of care. Surprisingly, administrative IT was shown to adversely affect interpersonal care processes. It could be true that the IT is intrusive and interferes in the doctor-patient relationship; however, a post hoc analysis suggests the possibility of curvilinear impacts. Thus, managers should recognize that over- and underinvestment in IT can potentially have negative effects on performance and these results vary by IT type. Both technical and interpersonal processes yielded significant relationships to their respective outcomes and some cross-outcome effects were found, further suggesting that the mediating role of processes is an important link between IT and value.