Abstract
This study investigates the antecedents of HIPI (Healthcare Information Protection Intention) of HIS (Healthcare Information Systems) users by introducing a model which incorporates constructs from GDT (General Deterrence Theory) and PMT (Protection Motivation Theory). The results show that (1) a clear awareness of the consequences of security threats increases HIS users’ understanding on the severity of healthcare information leakage, and thus may decreases abuse of HIS by users; (2) user satisfaction with the security system may make them have self-efficacy that they can handle the medical information leakage issue by themselves; and (3) although HIS users are realizing the consequences of healthcare information leakage, they think that they are unlikely to encounter such situations. The results imply that in order to increase HIPI of HIS users, ongoing security education is needed and motivating users to protect healthcare information through their satisfaction with the security system is important.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Agarwal, R., Gao, G. G., DesRoches, C., & Jha, A. K. (2010). Research commentary—the digital transformation of healthcare: current status and the road ahead. Information Systems Research, 21, 796–809.
Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50, 179–211.
Al-Omari, A., El-Gayar, O., & Deokar, A. (2012). Security policy compliance: User acceptance perspective, system science (HICSS), 2012 45th Hawaii international conference on. IEEE.
Anderson, C. L., & Agarwal, R. (2011). The digitization of healthcare: boundary risks, emotion, and consumer willingness to disclose personal health information. Information Systems Research, 22, 469–490.
Bønes, E., Hasvold, P., Henriksen, E., & Strandenæs, T. (2007). Risk analysis of information security in a mobile instant messaging and presence system for healthcare. International Journal of Medical Informatics, 76, 677–687.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34, 523–556.
Caro, D. H. J. (2008). Deconstructing symbiotic dyadic e-health networks: transnational and transgenic perspectives. International Journal of Information Management, 28, 94–101.
Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1, 18–41.
Chang, I., Hwang, H. G., Hung, M. C., Kuo, K. M., & Yen, D. C. (2009). Factors affecting cross-hospital exchange of electronic medical records. Information & Management, 46, 109–115.
Colling R.L., & York T.W. 2010 Electronic security system integration. Hospital and Healthcare Security (Fifth Edition)
Compeau, D. R., & Higgins, C. A. (1995). Computer self-efficacy: development of a measure and initial test. MIS Quarterly, 19, 189–211.
Crossler R.E. 2010. Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. System Sciences (HICSS), 2010 43rd Hawaii international conference on. IEEE.
D’Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89, 59–71.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20, 79–98.
Dhillon, G., & Backhouse, J. (2000). Technical opinion: information system security management in the new millennium. Communications of the ACM, 43, 125–128.
Duan, L., Street, W. N., & Xu, E. (2011). Healthcare information systems: data mining methods in the creation of a clinical recommender system. Enterprise Information Systems, 5, 169–181.
Edwards, W. (1954). The theory of decision making. Psychological Bulletin, 51, 380–417.
GE. 2012. “Centricity Radiology Mobile Access.” http://www3.gehealthcare.com/en/Products/Categories/Healthcare_IT/Medical_Imaging_Informatics_-_RIS-PACS-CVIS/Centricity_Radiology_Mobile_Access. Accessed Dec 2013.
Gopal, R. D., & Sanders, G. L. (1997). Preventive and deterrent controls for software piracy. Journal of Management Information Systems, 13, 29–48.
GOVTECH. 2012. “Utah CIO Steve Fletcher Resigns, State Promises Security Reforms.” http://www.govtech.com/policy-management/Utah-CIO-Steve-Fletcher-Resigns-State-Promises-Security-Reforms.html Accessed Dec 2013.
Gritzalis, D., & Lambrinoudakis, C. (2004). A security architecture for interconnecting health information systems. International Journal of Medical Informatics, 73, 305–310.
Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20, 257–278.
He, D. D., Yang, J., Compton, M., & Taylor, K. (2012). Authorization in cross-border eHealth systems. Information Systems Frontiers, 14, 43–55.
Herath, T., & Rao, H. (2009). Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47, 154–165.
HIMSS 2012. “HIMSS Annual Security Survey Results.” Accessed Dec 2013. http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=280
Hupert, N., Lawthers, A. G., Brennan, T. A., & Peterson, L. M. (1996). Processing the tort deterrent signal: a qualitative study. Social Science & Medicine, 43, 1–11.
Hurson, A., Ploskonka, J., Jiao, Y., & Haridas, H. (2004). Security issues and solutions in distributed heterogeneous mobile database systems. Advances in Computers, 61, 107–198.
Ifinedo, P. (2011). Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31, 83–95.
ITRC. 2012. “2012 ITRC Breach Report.” http://www.idtheftcenter.org/artman2/publish/lib_survey/Breaches_2012.shtml. Accessed Dec 2013.
Janczewski, L., & Xinli Shi, F. (2002). Development of information security baselines for healthcare information systems in New Zealand. Computers & Security, 21, 172–192.
Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34, 549–566.
Kankanhalli, A., Teo, H. H., Tan, B. C. Y., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23, 139–154.
Kwok, L. F., & Longley, D. (1999). Information security management and modeling. Information Management & Computer Security, 7, 30–39.
Law, K. C. K., Ip, H. H. S., & Chan, S. L. (1995). An investigation of a cost-effective solution for multimedia medical information management. Information & Management, 28, 361–376.
Lee, S. M., Lee, S. G., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, 41, 707–718.
Lluch, M. (2011). Healthcare professionals’ organisational barriers to health information technologies—a literature review. International Journal of Medical Informatics, 80, 849–862.
Lorence, D. P., & Spink, A. (2004). Healthcare information systems outsourcing. International Journal of Information Management, 24, 131–145.
Milne, S., Sheeran, P., & Orbell, S. (2006). Prediction and intervention in health-related behavior: a meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30, 106–143.
Mouttham, A., Kuziemsky, C., Langayan, D., Peyton, L., & Pereira, J. (2012). Interoperable support for collaborative, mobile, and accessible health care. Information Systems Frontiers, 14, 73–85.
Ng, B. Y., Kankanhalli, A., & Xu, Y. (2009). Studying users’ computer security behavior: a health belief perspective. Decision Support Systems, 46, 815–825.
Poba-Nzaou, P., Uwizeyemungu, S., Raymond, L., & Paré, G. (2014). Motivations underlying the adoption of ERP systems in healthcare organizations: insights from online stories. Information Systems Frontiers, 16, 591–605.
Rippetoe, P. A., & Rogers, R. W. (1987). Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. Journal of Personality and Social Psychology, 52, 596–604.
Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. Social psychophysiology.
Siddiqui, Z., Abdullah, A. H., Khan, M. K., & Alghamdi, A. S. (2014). Smart environment as a service: three factor cloud based user authentication for telecare medical information system. Journal of Medical Systems, 38, 1–14.
Siemens. 2012. “http://syngo.via.” http://healthcare.siemens.com/medical-imaging-it/clinical-imaging-applications/syngovia. Accessed Dec 2013.
Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8, 31–41.
Straub Jr., D. W., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: a field study. MIS Quarterly, 14, 45–60.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. Management Information Systems Quarterly, 22, 441–470.
Teoh, S. Y., Pan, S. L., & Ramchand, A. M. (2012). Resource management activities in healthcare information systems: a process perspective. Information Systems Frontiers, 14, 585–600.
Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24, 472–484.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, 49, 190–198.
Williams, F., & Boren, S. A. (2008). The role of the electronic medical record (EMR) in care delivery development in developing countries: a systematic review. Informatics in Primary Care, 16, 139–145.
Woon, I., Tan, G.W., & Low, R. 2005 A protection motivation theory approach to home wireless security, ICIS 2005 proceedings
Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: a threat control model and empirical test. Computers in Human Behavior, 24, 2799–2816.
Wu, I. L., Li, J. Y., & Fu, C. Y. (2011). The adoption of mobile healthcare by hospital’s professionals: an integrative perspective. Decision Support Systems, 51, 587–596.
Yao, W., Chu, C.-H., & Li, Z. (2012). The adoption and implementation of RFID technologies in healthcare: a literature review. Journal of Medical Systems, 36, 3507–3525.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yang, CG., Lee, HJ. A study on the antecedents of healthcare information protection intention. Inf Syst Front 18, 253–263 (2016). https://doi.org/10.1007/s10796-015-9594-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-015-9594-x