Abstract
Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users’ privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.
Similar content being viewed by others
Notes
Data sources:
Administration on Aging, U.S.A. (http://www.aoa.gov/aoaroot/aging_statistics/index.aspx).
Department of Statistics, Ministry of the Interior, Taiwan. (http://www.moi.gov.tw/stat/).
National Institute of Population and Social Security Research, Japan (http://www.ipss.go.jp).
References
McKelvey, V. “Spending more on in-home care.” Dec. 30, 2011; http://www.aarp.org/relationships/caregiving/info-01-2010/spending-more-on-in-home-care.html.
Häyrinen, K., Saranto, K., and Nykänen, P., Definition, structure, content, use and impacts of electronic health records: A review of the research literature. Int. J. Med. Inform. 77(5):291–304, 2008.
Poissant, L., Pereira, J., Tamblyn, R., Kawasumi, Y., The impact of electronic health records on time efficiency of physicians and nurses: A systematic review. J. Am. Med. Assoc. 12(5):505–516, 2005.
Williams, F., and Boren, S. A., The role of electronic medical record in care delivery in developing countries. Int. J. Inf. Manag. 28(6):503–507, 2008.
Vishwanath, A., Singh, S. R., and Winkelstein, P., The impact of electronic medical record systems on outpatient workflows: A longitudinal evaluation of its workflow effects. Int. J. Med. Inform. 79(11):778–791, 2010.
Sokratis, K., Health care management and information systems security: Awareness, training or education? Int. J. Med. Inform. 60(2):129–135, 2000.
Adjerid, I., and Padman, R., Impact of health disclosure laws on health information exchanges. AMIA Annu. Symp. Proc. 2011:48–56, 2011.
Al Ameen, M., Liu, J., and Kwak, K., Security and privacy issues in wireless sensor networks for healthcare applications. J. Med. Syst. 36(1):93–101, 2012.
Haas, S., Wohlgemuth, S., Echizen, I., et al., Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2):e26–e31, 2011.
Khansa, L., Cook, D. F., James, T., et al., Impact of HIPAA provisions on the stock market value of healthcare institutions, and information security and other information technology firms. Comput. Secur. 31(6):750–770, 2012.
Lee, C. D., Ho, K. I. J., and Lee, W. B., A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15(4):550–556, 2011.
Murphy, S. N., Gainer, V., Mendis, M., et al., Strategies for maintaining patient privacy in i2b2. J. Am. Med. Assoc. 18(SUPPL. 1):103–108, 2011.
Son, J., Kim, S., Park, G., et al., Security requirements for the medical information used by U-Healthcare medical equipment. Int. J. Secur. Appl. 7(1):169–180, 2013.
Sunil Kumar, C., Samy Durai, A., and Vinotha, S. R., Privacy and security solutions for interoperable health information exchange. Int. J. Med. Eng. Inform. 5(2):137–144, 2013.
Dmitrienko, A., Hadzic, Z., Löhr, H. et al., “Securing the access to electronic health records on mobile phones,” 2011, pp. 365–379.
Garcia-Morchon, O., Falck, T., and Wehrle, K., Sensor network security for pervasive e-health. Sec Commun. Networks 4(11):1257–1273, 2011.
Huang, C., Lee, H., and Lee, D. H., A privacy-strengthened scheme for E-healthcare monitoring system. J. Med. Syst. 36(5):2959–2971, 2012.
Lin, H. Y., “On the security of a dynamic ID-based authentication scheme for telecare medical information systems,” J. Med. Syst., vol. 37, no. 2, 2013.
Shin, M., “Secure remote health monitoring with unreliable mobile devices,” Journal of Biomedicine and Biotechnology, vol. 2012, 2012.
Ting, D., Securing access to healthcare. Biom. Technol. Today 2011(2):10–11, 2011.
Belsis, P., Skourlas, C., and Gritzalis, S., Secure electronic healthcare records management in wireless environments. J. Inform. Technol. Res. 4(4):1–17, 2011.
Calvillo, J., Román, I., Rivas, S., et al., Privilege management infrastructure for virtual organizations in healthcare grids. IEEE Trans. Inf. Technol. Biomed. 15(2):316–323, 2011.
Gunter, C., Liebovitz, D., and Malin, B., Experience-based access management: A life-cycle framework for identity and access management systems. IEEE Secur. Priv. 9(5):48–55, 2011.
Jin, J., Ahn, G. J., Hu, H., et al., Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30(2–3):116–127, 2011.
Sun, L., Wang, H., Soar, J., et al., Purpose based access control for privacy protection in E-Healthcare services. J. Softw. 7(11):2443–2449, 2012.
Touati, F., and Tabish, R., “U-healthcare system: State-of-the-art review and challenges,” J. Med. Syst., vol. 37, no. 3, 2013.
Ge, Y., Ahn, D. K., Unde, B., et al., Patient-controlled sharing of medical imaging data across unaffiliated healthcare organizations. J. Am. Med. Assoc. 20(1):157–163, 2013.
Sem̃or, I. C., Alemán, J. L. F., and Toval, A., Personal health records: New means to safely handle health data? Computer 45(11):27–33, 2012.
Yarmand, M. H., Sartipi, K., and Down, D. G., Behavior-based access control for distributed healthcare systems. J. Comput. Secur. 21(1):1–39, 2013.
Beranek Lafky, D., and Horan, T. A., Personal health records: Consumer attitudes toward privacy and security of their personal health information. Health Inform. J. 17(1):63–71, 2011.
Shin, D., Understanding purchasing behaviors in virtual economy: Consumer behavior of virtual currency in Web2.0 communities. Interact. Comput. 20(4):433–446, 2008.
Inamura, M., Saito, A., and Iwamura, K., A pre-control system to edit contents with an extended sanitizable signature. IEEJ Trans. Electron. Inf. Syst. 133(4):802–815, 2013.
Ming, Y., Shen, X., and Peng, Y., Provably security identity-based sanitizable signature scheme without random oracles. J. Softw. 6(10):1890–1897, 2011.
Yum, D. H., and Lee, P. J., Sanitizable signatures reconsidered. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E94-A(2):717–724, 2011.
ISO/IEC-9798-3, “Information technology—Security techniques—Entity authentication mechanisms; Part 3; Entity authentication using a public key algorithm ” International Organization for Standardization, 1–9, 1993.
Ming, Y., Shen, X., and Peng, Y., Identity-based sanitizable signature scheme in the standard model. Commun. Comput. Inf. Science 105(Part 1):9–16, 2010.
Ferraiolo, D. F., and Kuhn, D. R., “Role based access control,” 15th National Computer Security Conference, pp. 554–563, Oct 13–16, 1992, 1992.
Venkatesh, V., Morris, M. G., Davis, G. B., et al., User acceptance of information technology: Toward a unified view. MIS Q. 27(3):425–478, 2003.
Zhou, T., Lu, Y., and Wang, B., Integrating TTF and UTAUT to explain mobile banking user adoption. Comput. Hum. Behav. 26(4):760–767, 2010.
Davis, F. D., Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3):319–339, 1989.
Pai, J.-C., and Tu, F.-M., The acceptance and use of customer relationship management (CRM) systems: An empirical study of distribution service industry in Taiwan. Expert Syst. Appl. 38(1):579–584, 2011.
Premkumar, G., and Bhattacherjee, A., Explaining information technology usage: A test of competing models. OMEGA Int. J. Manag. Sci. 36:64–75, 2008.
Park, C. W., and Lessing, V. P., Students and housewives: Differences in susceptibility to reference group influence. J. Consum. Res. 4(2):102–110, 1977.
Karahanna, E., Straub, D. W., and Chervany, N. L., Information technology adoption across time: Across-sectional comparison of pre-adoption and post-adoption beliefs. MIS Q. 23(2):183–213, 1999.
Lewis, W., Agarwal, R., and Sambamurthy, V., Sources of influence on beliefs about information technology use: An empirical study of knowledge workers. MIS Q. 27(4):657–678, 2003.
Taylor, S., and Todd, P. A., Understanding information technology usage: A test of competing models. Inf. Syst. Res. 6(2):144–176, 1995.
Corey, M. A., and Agarwal, R., Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuation. MIS Q. 33(2):339–370, 2009.
Dewan, S., and Chen, L., Mobile payment adoption in the US: A cross-industry cross-platform solution. J. Inf. Priv. Secur. 1(2):4–28, 2005.
Lwin, M., Wirtz, J., and Williams, J. D., Consumer online privacy concerns and responses: A power-responsibility equilibrium perspective. J. Acad. Mark. Sci. 35(4):572–585, 2007.
Shin, D., Towards an understanding of the consumer acceptance of mobile wallet. Comput. Hum. Behav. 25(6):1343–1354, 2009.
Wilson, M., Stine, K., and Bowen, P., “National Institute of Standards and Technology (NIST) Special Publication 800–16: Information technology security training requirements: A role- and performance-based model (Draft)”, Nov. 22, 2011; http://csrc.nist.gov/publications/drafts/800-16-rev1/Draft-SP800-16-Rev1.pdf.
Lin, I. L., and Liu, M. D., “An investigation of high school teachers’ cyber security literacy in Taiwan,” in Taiwan Academic Network Conference (TANET 2007), Taipei, Taiwan, 2007.
Schierz, P. G., Schilke, O., and Wirtz, B. W., Understanding consumer acceptance of mobile payment services: An empirical analysis. Electron. Commer. Res. Appl. 9(3):209–216, 2010.
Nunnally, J. C., Psychometric theory, 2nd edition. McGrawHill, New York, 1978.
Fornell, C., and Larcker, D. F., Evaluating structural equation models with unobservable variables and measurement error. J. Mark. Res. 18(1):39–50, 1981.
Acknowledgment
We would like to thank anonymous referees for their valuable suggestions. We thank Healthy Aging Research Center (HARC) of Chang Gung University for excellent technical assistance. This work was supported in part by the Chang Gung University Grant UARPD3B0061, in part by the Chang Gung Memorial Hospital Grant CMRPD390033, and in part by the National Science Council of Republic of China under the contract numbers NSC 100-2628-H-182-001-MY3.
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A. Scales and items
Performance expectancy (PE) (adapted from Venkatesh et al. 2003)
-
PE1
I feel this system is useful for my health management.
-
PE2
This system improves my health management efficiency.
-
PE3
This system improves my health management convenience.
-
PE4
The system lets me make health management more quickly.
Effort expectancy (EE) (adapted from Venkatesh et al. 2003)
-
EE1
My interaction with this system is clear and understandable.
-
EE2
Learning to operate this system is easy for me.
-
EE3
I feel this system easy to use.
-
EE4
It would easy for me to become skillful at using this system.
Social influence (SI) (adapted from Venkatesh et al. 2003)
-
SI1
People who influence my behavior think that I should use the HIS like ours.
-
SI2
People who are important to me think I should use the HIS like ours.
-
SI3
Relatives would encourage and support me to use the HIS like ours.
Facilitating conditions (FC) (adapted from Venkatesh et al. 2003)
-
FC1
I have the resources necessary to use this system.
-
FC2
I have the knowledge necessary to use this system.
-
FC3
This system is compatible with other system I have used.
-
FC4
Using this system fits into my operating experience.
Perceived security (PSE) (adapted from Schierz et al. 2010)
-
PSE1
The risk of an unauthorized third party overseeing this system is low.
-
PSE2
The risk of abuse of my health information (e.g. case reports) is low when using this system.
-
PSE3
I would find this system secure in conducting my health management.
Information security literacy (ISL)
-
ISL1
I understand the information security problems arising from computer virus, malicious behavior, and hacker invasion.
-
ISL2
I can determine the presence of the virus within the web or mail.
-
ISL3
I can install antivirus software and modify its settings.
-
ISL4
I can solve computer virus, Trojan horses, spyware, or stolen account problem.
-
ISL5
I have the ability to manage junk mail and spam comments in my blog.
Intention of adoption (USE) (adapted from Venkatesh et al. 2003)
-
USE1
I believe it is worthwhile for me to use this system.
-
USE2
Based on my experience, I’m very likely to use this system.
-
USE3
I am willing to recommend other people to use this system.
Appendix B
Rights and permissions
About this article
Cite this article
Hsu, CL., Lee, MR. & Su, CH. The Role of Privacy Protection in Healthcare Information Systems Adoption. J Med Syst 37, 9966 (2013). https://doi.org/10.1007/s10916-013-9966-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9966-z