Skip to main content

Advertisement

SpringerLink
Log in

The Role of Privacy Protection in Healthcare Information Systems Adoption

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users’ privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Data sources:

    Administration on Aging, U.S.A. (http://www.aoa.gov/aoaroot/aging_statistics/index.aspx).

  2. Department of Statistics, Ministry of the Interior, Taiwan. (http://www.moi.gov.tw/stat/).

  3. National Institute of Population and Social Security Research, Japan (http://www.ipss.go.jp).

References

  1. McKelvey, V. “Spending more on in-home care.” Dec. 30, 2011; http://www.aarp.org/relationships/caregiving/info-01-2010/spending-more-on-in-home-care.html.

  2. Häyrinen, K., Saranto, K., and Nykänen, P., Definition, structure, content, use and impacts of electronic health records: A review of the research literature. Int. J. Med. Inform. 77(5):291–304, 2008.

    Article  Google Scholar 

  3. Poissant, L., Pereira, J., Tamblyn, R., Kawasumi, Y., The impact of electronic health records on time efficiency of physicians and nurses: A systematic review. J. Am. Med. Assoc. 12(5):505–516, 2005.

    Google Scholar 

  4. Williams, F., and Boren, S. A., The role of electronic medical record in care delivery in developing countries. Int. J. Inf. Manag. 28(6):503–507, 2008.

    Article  Google Scholar 

  5. Vishwanath, A., Singh, S. R., and Winkelstein, P., The impact of electronic medical record systems on outpatient workflows: A longitudinal evaluation of its workflow effects. Int. J. Med. Inform. 79(11):778–791, 2010.

    Article  Google Scholar 

  6. Sokratis, K., Health care management and information systems security: Awareness, training or education? Int. J. Med. Inform. 60(2):129–135, 2000.

    Article  Google Scholar 

  7. Adjerid, I., and Padman, R., Impact of health disclosure laws on health information exchanges. AMIA Annu. Symp. Proc. 2011:48–56, 2011.

  8. Al Ameen, M., Liu, J., and Kwak, K., Security and privacy issues in wireless sensor networks for healthcare applications. J. Med. Syst. 36(1):93–101, 2012.

    Article  Google Scholar 

  9. Haas, S., Wohlgemuth, S., Echizen, I., et al., Aspects of privacy for electronic health records. Int. J. Med. Inform. 80(2):e26–e31, 2011.

    Article  Google Scholar 

  10. Khansa, L., Cook, D. F., James, T., et al., Impact of HIPAA provisions on the stock market value of healthcare institutions, and information security and other information technology firms. Comput. Secur. 31(6):750–770, 2012.

    Article  Google Scholar 

  11. Lee, C. D., Ho, K. I. J., and Lee, W. B., A novel key management solution for reinforcing compliance with HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 15(4):550–556, 2011.

    Article  Google Scholar 

  12. Murphy, S. N., Gainer, V., Mendis, M., et al., Strategies for maintaining patient privacy in i2b2. J. Am. Med. Assoc. 18(SUPPL. 1):103–108, 2011.

    Article  Google Scholar 

  13. Son, J., Kim, S., Park, G., et al., Security requirements for the medical information used by U-Healthcare medical equipment. Int. J. Secur. Appl. 7(1):169–180, 2013.

    Google Scholar 

  14. Sunil Kumar, C., Samy Durai, A., and Vinotha, S. R., Privacy and security solutions for interoperable health information exchange. Int. J. Med. Eng. Inform. 5(2):137–144, 2013.

    Article  Google Scholar 

  15. Dmitrienko, A., Hadzic, Z., Löhr, H. et al., “Securing the access to electronic health records on mobile phones,” 2011, pp. 365–379.

  16. Garcia-Morchon, O., Falck, T., and Wehrle, K., Sensor network security for pervasive e-health. Sec Commun. Networks 4(11):1257–1273, 2011.

    Article  Google Scholar 

  17. Huang, C., Lee, H., and Lee, D. H., A privacy-strengthened scheme for E-healthcare monitoring system. J. Med. Syst. 36(5):2959–2971, 2012.

    Article  Google Scholar 

  18. Lin, H. Y., “On the security of a dynamic ID-based authentication scheme for telecare medical information systems,” J. Med. Syst., vol. 37, no. 2, 2013.

  19. Shin, M., “Secure remote health monitoring with unreliable mobile devices,” Journal of Biomedicine and Biotechnology, vol. 2012, 2012.

  20. Ting, D., Securing access to healthcare. Biom. Technol. Today 2011(2):10–11, 2011.

    Article  Google Scholar 

  21. Belsis, P., Skourlas, C., and Gritzalis, S., Secure electronic healthcare records management in wireless environments. J. Inform. Technol. Res. 4(4):1–17, 2011.

    Article  Google Scholar 

  22. Calvillo, J., Román, I., Rivas, S., et al., Privilege management infrastructure for virtual organizations in healthcare grids. IEEE Trans. Inf. Technol. Biomed. 15(2):316–323, 2011.

    Article  Google Scholar 

  23. Gunter, C., Liebovitz, D., and Malin, B., Experience-based access management: A life-cycle framework for identity and access management systems. IEEE Secur. Priv. 9(5):48–55, 2011.

    Article  Google Scholar 

  24. Jin, J., Ahn, G. J., Hu, H., et al., Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30(2–3):116–127, 2011.

    Article  Google Scholar 

  25. Sun, L., Wang, H., Soar, J., et al., Purpose based access control for privacy protection in E-Healthcare services. J. Softw. 7(11):2443–2449, 2012.

    Google Scholar 

  26. Touati, F., and Tabish, R., “U-healthcare system: State-of-the-art review and challenges,” J. Med. Syst., vol. 37, no. 3, 2013.

  27. Ge, Y., Ahn, D. K., Unde, B., et al., Patient-controlled sharing of medical imaging data across unaffiliated healthcare organizations. J. Am. Med. Assoc. 20(1):157–163, 2013.

    Article  Google Scholar 

  28. Sem̃or, I. C., Alemán, J. L. F., and Toval, A., Personal health records: New means to safely handle health data? Computer 45(11):27–33, 2012.

    Article  Google Scholar 

  29. Yarmand, M. H., Sartipi, K., and Down, D. G., Behavior-based access control for distributed healthcare systems. J. Comput. Secur. 21(1):1–39, 2013.

    Google Scholar 

  30. Beranek Lafky, D., and Horan, T. A., Personal health records: Consumer attitudes toward privacy and security of their personal health information. Health Inform. J. 17(1):63–71, 2011.

    Article  Google Scholar 

  31. Shin, D., Understanding purchasing behaviors in virtual economy: Consumer behavior of virtual currency in Web2.0 communities. Interact. Comput. 20(4):433–446, 2008.

    Article  Google Scholar 

  32. Inamura, M., Saito, A., and Iwamura, K., A pre-control system to edit contents with an extended sanitizable signature. IEEJ Trans. Electron. Inf. Syst. 133(4):802–815, 2013.

    Google Scholar 

  33. Ming, Y., Shen, X., and Peng, Y., Provably security identity-based sanitizable signature scheme without random oracles. J. Softw. 6(10):1890–1897, 2011.

    Google Scholar 

  34. Yum, D. H., and Lee, P. J., Sanitizable signatures reconsidered. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E94-A(2):717–724, 2011.

    Article  Google Scholar 

  35. ISO/IEC-9798-3, “Information technology—Security techniques—Entity authentication mechanisms; Part 3; Entity authentication using a public key algorithm ” International Organization for Standardization, 1–9, 1993.

  36. Ming, Y., Shen, X., and Peng, Y., Identity-based sanitizable signature scheme in the standard model. Commun. Comput. Inf. Science 105(Part 1):9–16, 2010.

    Article  Google Scholar 

  37. Ferraiolo, D. F., and Kuhn, D. R., “Role based access control,” 15th National Computer Security Conference, pp. 554–563, Oct 13–16, 1992, 1992.

  38. Venkatesh, V., Morris, M. G., Davis, G. B., et al., User acceptance of information technology: Toward a unified view. MIS Q. 27(3):425–478, 2003.

    Google Scholar 

  39. Zhou, T., Lu, Y., and Wang, B., Integrating TTF and UTAUT to explain mobile banking user adoption. Comput. Hum. Behav. 26(4):760–767, 2010.

    Article  MathSciNet  Google Scholar 

  40. Davis, F. D., Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13(3):319–339, 1989.

    Article  Google Scholar 

  41. Pai, J.-C., and Tu, F.-M., The acceptance and use of customer relationship management (CRM) systems: An empirical study of distribution service industry in Taiwan. Expert Syst. Appl. 38(1):579–584, 2011.

    Article  Google Scholar 

  42. Premkumar, G., and Bhattacherjee, A., Explaining information technology usage: A test of competing models. OMEGA Int. J. Manag. Sci. 36:64–75, 2008.

    Article  Google Scholar 

  43. Park, C. W., and Lessing, V. P., Students and housewives: Differences in susceptibility to reference group influence. J. Consum. Res. 4(2):102–110, 1977.

    Article  Google Scholar 

  44. Karahanna, E., Straub, D. W., and Chervany, N. L., Information technology adoption across time: Across-sectional comparison of pre-adoption and post-adoption beliefs. MIS Q. 23(2):183–213, 1999.

    Article  Google Scholar 

  45. Lewis, W., Agarwal, R., and Sambamurthy, V., Sources of influence on beliefs about information technology use: An empirical study of knowledge workers. MIS Q. 27(4):657–678, 2003.

    Google Scholar 

  46. Taylor, S., and Todd, P. A., Understanding information technology usage: A test of competing models. Inf. Syst. Res. 6(2):144–176, 1995.

    Article  Google Scholar 

  47. Corey, M. A., and Agarwal, R., Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuation. MIS Q. 33(2):339–370, 2009.

    Google Scholar 

  48. Dewan, S., and Chen, L., Mobile payment adoption in the US: A cross-industry cross-platform solution. J. Inf. Priv. Secur. 1(2):4–28, 2005.

    Google Scholar 

  49. Lwin, M., Wirtz, J., and Williams, J. D., Consumer online privacy concerns and responses: A power-responsibility equilibrium perspective. J. Acad. Mark. Sci. 35(4):572–585, 2007.

    Article  Google Scholar 

  50. Shin, D., Towards an understanding of the consumer acceptance of mobile wallet. Comput. Hum. Behav. 25(6):1343–1354, 2009.

    Article  Google Scholar 

  51. Wilson, M., Stine, K., and Bowen, P., “National Institute of Standards and Technology (NIST) Special Publication 800–16: Information technology security training requirements: A role- and performance-based model (Draft)”, Nov. 22, 2011; http://csrc.nist.gov/publications/drafts/800-16-rev1/Draft-SP800-16-Rev1.pdf.

  52. Lin, I. L., and Liu, M. D., “An investigation of high school teachers’ cyber security literacy in Taiwan,” in Taiwan Academic Network Conference (TANET 2007), Taipei, Taiwan, 2007.

  53. Schierz, P. G., Schilke, O., and Wirtz, B. W., Understanding consumer acceptance of mobile payment services: An empirical analysis. Electron. Commer. Res. Appl. 9(3):209–216, 2010.

    Article  Google Scholar 

  54. Nunnally, J. C., Psychometric theory, 2nd edition. McGrawHill, New York, 1978.

    Google Scholar 

  55. Fornell, C., and Larcker, D. F., Evaluating structural equation models with unobservable variables and measurement error. J. Mark. Res. 18(1):39–50, 1981.

    Article  Google Scholar 

Download references

Acknowledgment

We would like to thank anonymous referees for their valuable suggestions. We thank Healthy Aging Research Center (HARC) of Chang Gung University for excellent technical assistance. This work was supported in part by the Chang Gung University Grant UARPD3B0061, in part by the Chang Gung Memorial Hospital Grant CMRPD390033, and in part by the National Science Council of Republic of China under the contract numbers NSC 100-2628-H-182-001-MY3.

Author information

Authors and Affiliations

  1. Department of Information Management, Chang Gung University, 259, Wen-Hwa 1st Road, Kwei-Shan, Tao-Yuan 333, Taiwan, Republic of China

    Chien-Lung Hsu

  2. Department of Electrical Engineering and Computer Science, University of Central Florida, Orlando, FL, 32816, USA

    Chien-Lung Hsu

  3. Department of Information Management, Taoyuan Innovation Institute of Technology, Taoyuan 320, Taiwan, Republic of China

    Ming-Ren Lee

  4. Department of Information Management, Chang Gung University, Tao-Yuan 333, Taiwan, Republic of China

    Chien-Hui Su

Authors
  1. Chien-Lung Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ming-Ren Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chien-Hui Su
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chien-Lung Hsu.

Appendices

Appendix A. Scales and items

Performance expectancy (PE) (adapted from Venkatesh et al. 2003)

  1. PE1

    I feel this system is useful for my health management.

  2. PE2

    This system improves my health management efficiency.

  3. PE3

    This system improves my health management convenience.

  4. PE4

    The system lets me make health management more quickly.

Effort expectancy (EE) (adapted from Venkatesh et al. 2003)

  1. EE1

    My interaction with this system is clear and understandable.

  2. EE2

    Learning to operate this system is easy for me.

  3. EE3

    I feel this system easy to use.

  4. EE4

    It would easy for me to become skillful at using this system.

Social influence (SI) (adapted from Venkatesh et al. 2003)

  1. SI1

    People who influence my behavior think that I should use the HIS like ours.

  2. SI2

    People who are important to me think I should use the HIS like ours.

  3. SI3

    Relatives would encourage and support me to use the HIS like ours.

Facilitating conditions (FC) (adapted from Venkatesh et al. 2003)

  1. FC1

    I have the resources necessary to use this system.

  2. FC2

    I have the knowledge necessary to use this system.

  3. FC3

    This system is compatible with other system I have used.

  4. FC4

    Using this system fits into my operating experience.

Perceived security (PSE) (adapted from Schierz et al. 2010)

  1. PSE1

    The risk of an unauthorized third party overseeing this system is low.

  2. PSE2

    The risk of abuse of my health information (e.g. case reports) is low when using this system.

  3. PSE3

    I would find this system secure in conducting my health management.

Information security literacy (ISL)

  1. ISL1

    I understand the information security problems arising from computer virus, malicious behavior, and hacker invasion.

  2. ISL2

    I can determine the presence of the virus within the web or mail.

  3. ISL3

    I can install antivirus software and modify its settings.

  4. ISL4

    I can solve computer virus, Trojan horses, spyware, or stolen account problem.

  5. ISL5

    I have the ability to manage junk mail and spam comments in my blog.

Intention of adoption (USE) (adapted from Venkatesh et al. 2003)

  1. USE1

    I believe it is worthwhile for me to use this system.

  2. USE2

    Based on my experience, I’m very likely to use this system.

  3. USE3

    I am willing to recommend other people to use this system.

Appendix B

Fig. 7
figure 7

The experimental process

Full size image

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hsu, CL., Lee, MR. & Su, CH. The Role of Privacy Protection in Healthcare Information Systems Adoption. J Med Syst 37, 9966 (2013). https://doi.org/10.1007/s10916-013-9966-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-013-9966-z

Keywords

Search

Navigation