Abstract
This study aims to review the literature on antecedent factors of information security related to the protection of health information systems (HISs) in the healthcare organization. We classify those factors into organizational and individual aspects. We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Academic articles were sourced from five online databases (Scopus, PubMed, IEEE, ScienceDirect, and SAGE) using keywords related to information security, behavior, and healthcare facilities. The search yielded 35 studies, in which the three most frequent individual factors were self-efficacy, perceived severity, and attitudes, while the three most frequent organizational factors were management support, cues to action, and organizational culture. Individual factors for patients and medical students are still understudied, as are the organizational factors of academic healthcare facilities. More individual factors have been found to significantly influence security behavior. Previous studies have been dominated by the security compliance behavior of clinical and non-clinical hospital staff. These research gaps highlight the theoretical implications of this study. This study provides insight for managers of healthcare facilities and governments to consider individual factors in establishing information security policies and programs for improving security behavior.