This research draws upon the institutional theory and strategic IT adoption of organizations to examine the influence of meaningful-use of EHR systems and IT security investments on the likelihood of data breaches in hospitals. We expect that the intensity of such a relationship depends on hospitals symbolic or substantive adoption approaches. Mainly, we believe that organizations with symbolic adoption approach face a higher risk of security failures. Hospitals with (i) more complementary IT applications such as financial systems, scheduling systems, and HR systems, (ii) not-for-profit, and (iii) teaching and faith-oriented hospitals are less likely to classify as symbolic adopters. For that purpose, this paper takes advantage of unique data sets which provides detailed information on EHR system adoption by hospitals as well as the majority of data breaches. Further, we identify changes in the likelihood of breach performance consequent to meaningful-use and IT investment by employing Fixed-effect panel analysis and propensity score matching approach.
