THE MODERATING EFFECT OF WORKING EXPERIENCE ON HEALTH INFORMATION SYSTEM SECURITY POLICIES COMPLIANCE BEHAVIOUR

This study was conducted to investigate the moderating effect of health professional’s working experience on the relationship between factors of Health Information System Security Policies Compliance Behaviour (HISSPC) model. A survey (i.e., n = 454) was conducted to test the differences between high experience and low experiencehealth professionals who were Health Information System (HIS) users. The HISSPC model was tested using partial least squares (PLS) approachwith results indicating the coefficient of determination (i.e., R 2 ) for high experience group (i.e., 63 percent)to be slightly higher than the low experience group(i.e., 60 percent). Statistical differences were noted for the relationship between management support and user’s compliance behaviour in both groups,with stronger relationship forlow experienceHIS users compared to high experience HIS users. In contrast, perceived susceptibility was found to significantly influence highly experienced users to comply with HIS security policies, however it had no significant effect for the low experience group.The overall moderating effect size for high experience userswas approximately 0.07 (i.e. small) andno moderating effect was observed for the low experience group (i.e., ƒ 2 = 0.01). It was believed that the findings will provide better guidelines to fellow researchers and policy makers in improving information security behaviour among health professionals in hospitals, particularly those with varying working experiences.

[1]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[2]  Erin E. Bonar,et al.  Using the health belief model to predict injecting drug users' intentions to employ harm reduction strategies. , 2011, Addictive behaviors.

[3]  Gavriel Salvendy,et al.  Factors affecting perception of information security and their impacts on IT adoption and security practices , 2011, Int. J. Hum. Comput. Stud..

[4]  Diane O. Dunet,et al.  Using the Extended Health Belief Model to understand siblings' perceptions of risk for hereditary hemochromatosis. , 2011, Patient education and counseling.

[5]  Soon Jae Kwon,et al.  Effect of trust level on mobile banking satisfaction: a multi-group analysis of information system success instruments , 2009, Behav. Inf. Technol..

[6]  Vimala Balakrishnan,et al.  IMPROVING THE RELEVANCY OF DOCUMENT SEARCH USING THE MULTI-TERM ADJACENCY KEYWORD-ORDER MODEL , 2012 .

[7]  Young U. Ryu,et al.  Unrealistic optimism on information security management , 2012, Comput. Secur..

[8]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[9]  James W. Brady An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers , 2010 .

[10]  Eirik Albrechtsen,et al.  The information security digital divide between information security managers and users , 2009, Comput. Secur..

[11]  Eirik Albrechtsen,et al.  Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study , 2010, Comput. Secur..

[12]  Marko Sarstedt,et al.  Partial least squares structural equation modeling (PLS-SEM): An emerging tool in business research , 2014 .

[13]  Christoph Kogler,et al.  Trust and power as determinants of tax compliance: Testing the assumptions of the slippery slope framework in Austria, Hungary, Romania and Russia , 2013 .

[14]  Ma Mar García de los Salmones Sánchez,et al.  Influence of Users’ Perceived Compatibility and Their Prior Experience on B2C e-Commerce Acceptance , 2013 .

[15]  Eirik Albrechtsen,et al.  Implementation and effectiveness of organizational information security measures , 2008, Inf. Manag. Comput. Secur..

[16]  John E. Mathieu,et al.  The Impact of Knowledge and Empowerment on Working Smart and Working Hard: The Moderating Role of Experience , 2006 .

[17]  L. T. Ross,et al.  The Bicycle Helmet Attitudes Scale: Using the Health Belief Model to Predict Helmet Use Among Undergraduates , 2010, Journal of American college health : J of ACH.

[18]  Matthew K. O. Lee,et al.  How social influence affects we-intention to use instant messaging: The moderating effect of usage experience , 2011, Inf. Syst. Frontiers.

[19]  Katherine M White,et al.  The role of self-efficacy in dental patients' brushing and flossing: testing an extended Health Belief Model. , 2010, Patient education and counseling.

[20]  Lara Khansa,et al.  How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management , 2009, Computers & security.

[21]  M. Lo,et al.  Does transformational leadership style foster commitment to change? The case of higher education in Malaysia , 2010 .

[22]  Mo Adam Mahmood,et al.  Employees' adherence to information security policies: An exploratory field study , 2014, Inf. Manag..

[23]  P. M. Podsakoff,et al.  Self-Reports in Organizational Research: Problems and Prospects , 1986 .

[24]  Maria Isabel Beas,et al.  Self-efficacy beliefs, computer training and psychological well-being among information and communication technology workers , 2006, Comput. Hum. Behav..

[25]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[26]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[27]  Echo Huang,et al.  Extending the theory of planned behaviour as a model to explain post-merger employee behaviour of IS use , 2004, Comput. Hum. Behav..

[28]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[29]  Solomon Negash,et al.  The moderating effect of on-line experience on the antecedents and consequences of on-line satisfaction , 2005 .

[30]  Norshidah Mohamed,et al.  Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia , 2012, Comput. Hum. Behav..

[31]  Tao Zhou,et al.  Exploring Chinese users' acceptance of instant messaging using the theory of planned behavior, the technology acceptance model, and the flow theory , 2009, Comput. Hum. Behav..

[32]  Kan-Min Lin,et al.  e-Learning continuance intention: Moderating effects of user e-learning experience , 2011, Comput. Educ..

[33]  Jordan Shropshire,et al.  The influence of the informal social learning environment on information privacy policy compliance efficacy and intention , 2011, Eur. J. Inf. Syst..

[34]  Wang Tao,et al.  An empirical study of customers' perceptions of security and trust in e-payment systems , 2010, Electron. Commer. Res. Appl..

[35]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[36]  David C. Yen,et al.  Theory of planning behavior (TPB) and customer satisfaction in the continued use of e-service: An integrated model , 2007, Comput. Hum. Behav..

[37]  Robert J. Kauffman,et al.  Profit-maximizing firm investments in customer information security , 2011, Decis. Support Syst..

[38]  M. Houtte,et al.  The role of teacher and faculty trust in forming teachers' job satisfaction: Do years of experience make a difference? , 2012 .

[39]  Omar F. El-Gayar,et al.  Information Security Policy Compliance: The Role of Information Security Awareness , 2012, AMCIS.

[40]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[41]  Hennie A. Kruger,et al.  A prototype for assessing information security awareness , 2006, Comput. Secur..

[42]  R. Likert “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.

[43]  Ganthan Narayana Samy,et al.  Security threats categories in healthcare information systems , 2010, Health Informatics J..

[44]  P. Carayon,et al.  Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. , 2007, Applied ergonomics.

[45]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[46]  Atreyi Kankanhalli,et al.  Investigation of IS professionals' intention to practise secure development of applications , 2007, Int. J. Hum. Comput. Stud..

[47]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[48]  J. Hair Multivariate data analysis : a global perspective , 2010 .

[49]  Matthew D. McHugh,et al.  Understanding clinical expertise: nurse education, experience, and the hospital context. , 2010, Research in nursing & health.

[50]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[51]  David Crundall,et al.  An application of the theory of planned behaviour to truck driving behaviour and compliance with regulations. , 2008, Accident; analysis and prevention.

[52]  Charles Cresson Wood,et al.  Human error: an overlooked but significant information security problem , 1993, Comput. Secur..

[53]  Younghwa Lee,et al.  Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective , 2011, Decis. Support Syst..

[54]  John L. Rice,et al.  Cybercrime: Understanding and addressing the concerns of stakeholders , 2011, Comput. Secur..

[55]  Ying Li,et al.  Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory , 2013, Comput. Secur..

[56]  Erdem Uçar,et al.  The positive outcomes of information security awareness training in companies - A case study , 2009, Inf. Secur. Tech. Rep..

[57]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[58]  Tom L. Roberts,et al.  Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders , 2014, Inf. Manag..

[59]  D. Ashcroft,et al.  Causes of Medication Administration Errors in Hospitals: a Systematic Review of Quantitative and Qualitative Evidence , 2013, Drug Safety.

[60]  R. V. Krejcie,et al.  Determining Sample Size for Research Activities , 1970 .

[61]  G. Aarons Transformational and transactional leadership: association with attitudes toward evidence-based practice. , 2006, Psychiatric services.

[62]  Patricia A. H. Williams In a 'trusting' environment, everyone is responsible for information security , 2008, Inf. Secur. Tech. Rep..

[63]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[64]  G. Kok,et al.  Cues to action in the process of changing lifestyle. , 1997, Patient education and counseling.

[65]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[66]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[67]  Rathindra Sarathy,et al.  Understanding compliance with internet use policy from the perspective of rational choice theory , 2010, Decis. Support Syst..

[68]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[69]  Jos Dumortier,et al.  Trust in the proposed EU regulation on trust services? , 2012, Comput. Law Secur. Rev..

[70]  Karen Renaud,et al.  Blaming Noncompliance Is Too Convenient: What Really Causes Information Breaches? , 2012, IEEE Security & Privacy.

[71]  Wynne W. Chin,et al.  An Introduction to a Permutation Based Procedure for Multi-Group PLS Analysis: Results of Tests of Differences on Simulated Data and a Cross Cultural Analysis of the Sourcing of Information System Services Between Germany and the USA , 2010 .

[72]  H. Raghav Rao,et al.  A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents , 2008, Decis. Support Syst..

[73]  P. Benner From novice to expert. , 1984, The American journal of nursing.

[74]  Rossouw von Solms,et al.  Towards an Information Security Competence Maturity Model , 2006 .

[75]  Thomas P. Van Dyke,et al.  Effects of training on Internet self-efficacy and computer user attitudes , 2002, Comput. Hum. Behav..

[76]  Merrill Warkentin,et al.  Information privacy compliance in the healthcare industry , 2008, Inf. Manag. Comput. Secur..

[77]  Terry Anthony Byrd,et al.  Information security policy: An organizational-level process model , 2009, Comput. Secur..

[78]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[79]  R. Jeffery,et al.  Measuring perceived barriers to healthful eating in obese, treatment-seeking adults. , 2012, Journal of nutrition education and behavior.

[80]  Intan Marzita Saidon Moral disengagement in manufacturing : a Malaysian study of antecedents and outcomes , 2012 .

[81]  Mo Adam Mahmood,et al.  Compliance with Information Security Policies: An Empirical Investigation , 2010, Computer.