Papers by Tonia San Nicolas-Rocca
Cloud-based multi-media systems for patient education and adherence: a pilot study to explore patient compliance with colonoscopy procedure preparation
Health Systems
Information Technology and Libraries
Libraries in the United States handle sensitive patron information, including personally identifi... more Libraries in the United States handle sensitive patron information, including personally identifiable information and circulation records. With libraries providing services to millions of patrons across the U.S., it is important that they understand the importance of patron privacy and how to protect it. This study investigates how knowledge transferred within an online cybersecurity education affects library employee information security practices. The results of this study suggest that knowledge transfer does have a positive effect on library employee information security and risk management practices.
Information Technology and Libraries
Libraries have historically made great efforts to ensure the confidentiality of patron personally... more Libraries have historically made great efforts to ensure the confidentiality of patron personally identifiable information (PII), but the rapid, widespread adoption of information technology and the internet have given rise to new privacy and security challenges. Hypertext Transport Protocol Secure (HTTPS) is a form of Hypertext Transport Protocol (HTTP) that enables secure communication over the public internet and provides a deterministic way to guarantee data confidentiality so that attackers cannot eavesdrop on communications. HTTPS has been used to protect sensitive information exchanges, but security exploits such as passive and active attacks have exposed the need to implement HTTPS in a more rigorous and pervasive manner. This report is intended to shed light on the state of HTTPS implementation in libraries, and to suggest ways in which libraries can evaluate and improve application security so that they can better protect the confidentiality of PII about library patrons.
Communications of the Association for Information Systems
E-health systems are often designed without considering user-centered design principles. Past res... more E-health systems are often designed without considering user-centered design principles. Past research on the topic of patient-centered e-health (PCEH) has lacked focus on the design and development of a PCEH artifact and the process for its development. In this study, information systems design theory (ISDT) is applied to design, develop, and evaluate an e-health system based on PCEH principles. The goal of the artifact in this study is to improve patient understanding of diagnoses, procedures, medications, and post-discharge instructions and empower patients with the information needed pre-and post-discharge to make informed healthcare decisions. The artifact justification, meta-requirements, meta-design, development, and evaluation are presented in multiple iterationsbeginning with a simple picture book, and ending with a Web-based, mobile, multimedia system. Findings indicate that a PCEH approach can be useful for achieving multiple design goals. The artifact illustrates achievement of an important organizational quality improvement goal for the case study organization involved, a key physician goal to improve patient-physician engagement, and an important patient goal-to improve understanding about patientspecific diagnoses and health conditions prior to discharge from a hospital visit and initiation of home health care.
Information system outsourcing and its impact on supply chain performances
International Journal of Logistics Systems and Management
Knowledge Transfer in Information Security Capacity Building for Community-Based Organizations
International Journal of Knowledge Management, 2015
Community-based organizations (CBOs) in the health and human services sector handle very sensitiv... more Community-based organizations (CBOs) in the health and human services sector handle very sensitive client information, such as psychiatric, HIV testing, criminal justice, and financial records. With annual revenue often in the range of $1 to $10 million, these organizations typically lack the financial, labor, and technical resources to identify and manage information security risks within their environment. Therefore, information security risk assessments were conducted at CBOs as part of a university service learning course intended to ultimately improve security within participating CBOs. Knowledge transfer between trainees and trainers is essential in order for security improvements to be realized. Therefore, this paper constructs a theoretical model of knowledge transfer that is used as a lens through which to examine initial study results of the CBO interventions as part of an exploratory study.
Designing a Knowledge Management System - A Case Study of a Global Telecommunications Company
Globalization and the growth of multinational corporations, coupled with advanced information tec... more Globalization and the growth of multinational corporations, coupled with advanced information technology have brought GVTs (GVT's) into the spotlight. The authors examine prior research on group technologies, group structures and group decision making to develop a framework for research on GVT's. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing criteria for team effectiveness. A framework is presented to suggest paths researchers may take in determining factors including knowledge, skills, and abilities that may improve GVT outcomes.
Toward Better Decisions with Respect to IS Security: Integrating Mindfulness into IS Security Training
Many of the information systems (IS) security breaches in organizations can be attributed to the ... more Many of the information systems (IS) security breaches in organizations can be attributed to the security related decisions of individuals. To combat this, many organizations have placed an emphasis on IS security training. However, despite this emphasis, the number and impact of IS security breaches continues to rise. This paper argues that current IS security training encourages a mindless adherence to policy that inhibits its effectiveness, and presents a theoretical framework for IS security training that integrates mindfulness into the decision making process and then applies that framework in the context of IS security training with the goal of improving the effectiveness of training to improve the ability of employees to make effective decisions with respect to IS security.
Patient-provider communications in outpatient clinic settings: a clinic-based evaluation of mobile device and multimedia mediated communications for patient education
JMIR mHealth and uHealth, 2015
Many studies have provided evidence of the importance of quality provider-patient communications ... more Many studies have provided evidence of the importance of quality provider-patient communications and have suggested improvements to patient understanding by using video-based instruction. The objective of this study was to understand how mobile information technology assisted video and three-dimensional (3D) image instruction, provided by a health care worker, influences two categories of outcome: (1) patient understanding of information about their condition and detailed medical discharge instructions; and (2) patient perceptions and attitudes toward their health care providers, which included physicians, nurses, and staff. We hypothesize that video and 3D image instruction, provided on a mobile, tablet hardware platform, will improve patient understanding about the diagnostic testing, diagnoses, procedures, medications, and health topics provided to them. We also propose that use of the tablet/video combination will result in improved attitudinal evaluation by patients of their pr...
Exploring the Effect of Knowledge Transfer Practices on User Compliance to IS Security Practices
International Journal of Knowledge Management, 2014
Institutions of higher education capture, store and disseminate information that is protected by ... more Institutions of higher education capture, store and disseminate information that is protected by state and federal regulations. As a result, IS security policies are developed and implemented to ensure end user compliance. This case study investigates end user knowledge of their university's IS security policy and proposes a new approach to improve end user compliance. The results of this study suggest that users may be contributors to the transfer of IS security policies when provided with an opportunity to participate in the development of an IS security awareness and training program.
Journal of Organizational and End User Computing, 2000
Identification and access management (I/AM) is among the top security issues facing institutions ... more Identification and access management (I/AM) is among the top security issues facing institutions of higher education. Most institutions of higher education require end users to provide usernames and passwords to gain access to personally identifiable information (PII). This leaves universities vulnerable to unauthorized access and unauthorized disclosure of PII as, according to recent literature, usernames and passwords alone are insufficient for proper authentication of users into information and information systems. This study examines a critical element in the successful implementation of any information security initiative, end user training. Specifically, this study advances research in the area of end user security training by using canonical action research (CAR) to develop and refine an IT security training framework that can guide institutions of higher education in the implementation of USB security tokens for two-factor authentication using public key infrastructure (PKI).
International Journal of Knowledge Management, 2000
The Chamorro people have a long history and rich cultural traditions that have survived the affec... more The Chamorro people have a long history and rich cultural traditions that have survived the affects of colonization and loss of political control. However, these traditions are in danger of being lost if they are not passed from one generation to the next. The purpose of this study is to understand if information and communication technologies, specifically social media, are used to capture and convey Chamorro cultural knowledge. Two data collection methods were used to understand the type(s) of Chamorro cultural knowledge that is valued, and what social media is used by the Chamorro people today to capture and convey cultural knowledge. The results indicate that the Chamorro people today share the core Chamorro cultural values, and do use information and communication technologies, including social media to capture and convey Chamorro cultural knowledge.
Uploads
Papers by Tonia San Nicolas-Rocca