Abstract

Healthcare breaches have continued to increase in recent years (Koczkodaj et al., 2019), with human factors often being listed as a primary factor. Unfortunately, “human factors” encompass a broad range of ideas and do not adequately answer the question of what truly happened in these incidents.  

This research explores the problem of such breaches within US startups in the mental health space, asking current and former employees about their experiences to understand what led individuals with good intentions to perform acts that led to breaches. In doing so, it attempts to answer five research questions: First, do employees understand the need for security within an organization? Second, are employees aware of existing controls within their organization? Third, is there any point of friction between the individual and implemented security controls that affects their ability to comply securely? Fourth, is there any point of friction between the individual and the organization that affects their ability to comply securely? Why do they feel this way? Fifth and finally, what actual or theoretical situations would cause a detour from the individual’s intention?

Using a combination of surveys and interviews, this qualitative research tested and identified participants’ knowledge and attitudes, subsequently examining their responses utilizing grounded theory. This analysis identified several factors contributing to healthcare breaches, including the discovery of how organizations and individuals understand the value of the healthcare data they strive to protect.