A study on the antecedents of healthcare information protection intention

详细信息    查看全文

• 作者：Chang-Gyu Yang ; Hee-Jun Lee
• 关键词：Healthcare information system ; General deterrence theory ; Protection motivation theory ; Induction control intention ; Self ; defense intention ; Protection intention
• 刊名：Information Systems Frontiers
• 出版年：2016
• 出版时间：April 2016
• 年：2016
• 卷：18
• 期：2
• 页码：253-263
• 全文大小：587 KB
• 参考文献：Agarwal, R., Gao, G. G., DesRoches, C., & Jha, A. K. (2010). Research commentary—the digital transformation of healthcare: current status and the road ahead. Information Systems Research, 21, 796–809.CrossRef
  Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50, 179–211.CrossRef
  Al-Omari, A., El-Gayar, O., & Deokar, A. (2012). Security policy compliance: User acceptance perspective, system science (HICSS), 2012 45th Hawaii international conference on. IEEE.
  Anderson, C. L., & Agarwal, R. (2011). The digitization of healthcare: boundary risks, emotion, and consumer willingness to disclose personal health information. Information Systems Research, 22, 469–490.CrossRef
  Bønes, E., Hasvold, P., Henriksen, E., & Strandenæs, T. (2007). Risk analysis of information security in a mobile instant messaging and presence system for healthcare. International Journal of Medical Informatics, 76, 677–687.CrossRef
  Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34, 523–556.
  Caro, D. H. J. (2008). Deconstructing symbiotic dyadic e-health networks: transnational and transgenic perspectives. International Journal of Information Management, 28, 94–101.CrossRef
  Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security in the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1, 18–41.CrossRef
  Chang, I., Hwang, H. G., Hung, M. C., Kuo, K. M., & Yen, D. C. (2009). Factors affecting cross-hospital exchange of electronic medical records. Information & Management, 46, 109–115.CrossRef
  Colling R.L., & York T.W. 2010 Electronic security system integration. Hospital and Healthcare Security (Fifth Edition)
  Compeau, D. R., & Higgins, C. A. (1995). Computer self-efficacy: development of a measure and initial test. MIS Quarterly, 19, 189–211.CrossRef
  Crossler R.E. 2010. Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. System Sciences (HICSS), 2010 43rd Hawaii international conference on. IEEE.
  D’Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89, 59–71.CrossRef
  D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20, 79–98.CrossRef
  Dhillon, G., & Backhouse, J. (2000). Technical opinion: information system security management in the new millennium. Communications of the ACM, 43, 125–128.CrossRef
  Duan, L., Street, W. N., & Xu, E. (2011). Healthcare information systems: data mining methods in the creation of a clinical recommender system. Enterprise Information Systems, 5, 169–181.CrossRef
  Edwards, W. (1954). The theory of decision making. Psychological Bulletin, 51, 380–417.CrossRef
  GE. 2012. “Centricity Radiology Mobile Access.” http://​www3.​gehealthcare.​com/​en/​Products/​Categories/​Healthcare_​IT/​Medical_​Imaging_​Informatics_​-_​RIS-PACS-CVIS/​Centricity_​Radiology_​Mobile_​Access . Accessed Dec 2013.
  Gopal, R. D., & Sanders, G. L. (1997). Preventive and deterrent controls for software piracy. Journal of Management Information Systems, 13, 29–48.CrossRef
  GOVTECH. 2012. “Utah CIO Steve Fletcher Resigns, State Promises Security Reforms.” http://​www.​govtech.​com/​policy-management/​Utah-CIO-Steve-Fletcher-Resigns-State-Promises-Security-Reforms.​html Accessed Dec 2013.
  Gritzalis, D., & Lambrinoudakis, C. (2004). A security architecture for interconnecting health information systems. International Journal of Medical Informatics, 73, 305–310.CrossRef
  Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20, 257–278.CrossRef
  He, D. D., Yang, J., Compton, M., & Taylor, K. (2012). Authorization in cross-border eHealth systems. Information Systems Frontiers, 14, 43–55.CrossRef
  Herath, T., & Rao, H. (2009). Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47, 154–165.CrossRef
  HIMSS 2012. “HIMSS Annual Security Survey Results.” Accessed Dec 2013. http://​www.​himss.​org/​ASP/​topics_​FocusDynamic.​asp?​faid=​280
  Hupert, N., Lawthers, A. G., Brennan, T. A., & Peterson, L. M. (1996). Processing the tort deterrent signal: a qualitative study. Social Science & Medicine, 43, 1–11.CrossRef
  Hurson, A., Ploskonka, J., Jiao, Y., & Haridas, H. (2004). Security issues and solutions in distributed heterogeneous mobile database systems. Advances in Computers, 61, 107–198.CrossRef
  Ifinedo, P. (2011). Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31, 83–95.CrossRef
  ITRC. 2012. “2012 ITRC Breach Report.” http://​www.​idtheftcenter.​org/​artman2/​publish/​lib_​survey/​Breaches_​2012.​shtml . Accessed Dec 2013.
  Janczewski, L., & Xinli Shi, F. (2002). Development of information security baselines for healthcare information systems in New Zealand. Computers & Security, 21, 172–192.CrossRef
  Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: an empirical study. MIS Quarterly, 34, 549–566.
  Kankanhalli, A., Teo, H. H., Tan, B. C. Y., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23, 139–154.CrossRef
  Kwok, L. F., & Longley, D. (1999). Information security management and modeling. Information Management & Computer Security, 7, 30–39.CrossRef
  Law, K. C. K., Ip, H. H. S., & Chan, S. L. (1995). An investigation of a cost-effective solution for multimedia medical information management. Information & Management, 28, 361–376.CrossRef
  Lee, S. M., Lee, S. G., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, 41, 707–718.CrossRef
  Lluch, M. (2011). Healthcare professionals’ organisational barriers to health information technologies—a literature review. International Journal of Medical Informatics, 80, 849–862.CrossRef
  Lorence, D. P., & Spink, A. (2004). Healthcare information systems outsourcing. International Journal of Information Management, 24, 131–145.CrossRef
  Milne, S., Sheeran, P., & Orbell, S. (2006). Prediction and intervention in health-related behavior: a meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30, 106–143.CrossRef
  Mouttham, A., Kuziemsky, C., Langayan, D., Peyton, L., & Pereira, J. (2012). Interoperable support for collaborative, mobile, and accessible health care. Information Systems Frontiers, 14, 73–85.CrossRef
  Ng, B. Y., Kankanhalli, A., & Xu, Y. (2009). Studying users’ computer security behavior: a health belief perspective. Decision Support Systems, 46, 815–825.CrossRef
  Poba-Nzaou, P., Uwizeyemungu, S., Raymond, L., & Paré, G. (2014). Motivations underlying the adoption of ERP systems in healthcare organizations: insights from online stories. Information Systems Frontiers, 16, 591–605.CrossRef
  Rippetoe, P. A., & Rogers, R. W. (1987). Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. Journal of Personality and Social Psychology, 52, 596–604.CrossRef
  Rogers, R. W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. Social psychophysiology.
  Siddiqui, Z., Abdullah, A. H., Khan, M. K., & Alghamdi, A. S. (2014). Smart environment as a service: three factor cloud based user authentication for telecare medical information system. Journal of Medical Systems, 38, 1–14.CrossRef
  Siemens. 2012. “http://​syngo.​via .” http://​healthcare.​siemens.​com/​medical-imaging-it/​clinical-imaging-applications/​syngovia . Accessed Dec 2013.
  Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8, 31–41.CrossRef
  Straub Jr., D. W., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: a field study. MIS Quarterly, 14, 45–60.CrossRef
  Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: security planning models for management decision making. Management Information Systems Quarterly, 22, 441–470.CrossRef
  Teoh, S. Y., Pan, S. L., & Ramchand, A. M. (2012). Resource management activities in healthcare information systems: a process perspective. Information Systems Frontiers, 14, 585–600.CrossRef
  Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24, 472–484.CrossRef
  Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, 49, 190–198.CrossRef
  Williams, F., & Boren, S. A. (2008). The role of the electronic medical record (EMR) in care delivery development in developing countries: a systematic review. Informatics in Primary Care, 16, 139–145.
  Woon, I., Tan, G.W., & Low, R. 2005 A protection motivation theory approach to home wireless security, ICIS 2005 proceedings
  Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: a threat control model and empirical test. Computers in Human Behavior, 24, 2799–2816.CrossRef
  Wu, I. L., Li, J. Y., & Fu, C. Y. (2011). The adoption of mobile healthcare by hospital’s professionals: an integrative perspective. Decision Support Systems, 51, 587–596.CrossRef
  Yao, W., Chu, C.-H., & Li, Z. (2012). The adoption and implementation of RFID technologies in healthcare: a literature review. Journal of Medical Systems, 36, 3507–3525.CrossRef
  
• 作者单位：Chang-Gyu Yang (1)
  Hee-Jun Lee (2)
  
  1. Gyeonggi Tourism Organization, 5Fl., 1150, Gyeongsu-daero, Jangan-gu, Suwon-si, Gyeonggi-do, 16207, South Korea
  2. Hana Academy Seoul, Eunpyeong-gu, South Korea
  
• 刊物类别：Business and Economics
• 刊物主题：Economics
  Business Information Systems
  Management of Computing and Information Systems
  Systems Theory and Control
  Operation Research and Decision Theory
  
• 出版者：Springer Netherlands
• ISSN：1572-9419

文摘

This study investigates the antecedents of HIPI (Healthcare Information Protection Intention) of HIS (Healthcare Information Systems) users by introducing a model which incorporates constructs from GDT (General Deterrence Theory) and PMT (Protection Motivation Theory). The results show that (1) a clear awareness of the consequences of security threats increases HIS users’ understanding on the severity of healthcare information leakage, and thus may decreases abuse of HIS by users; (2) user satisfaction with the security system may make them have self-efficacy that they can handle the medical information leakage issue by themselves; and (3) although HIS users are realizing the consequences of healthcare information leakage, they think that they are unlikely to encounter such situations. The results imply that in order to increase HIPI of HIS users, ongoing security education is needed and motivating users to protect healthcare information through their satisfaction with the security system is important.