Factors Influencing Attitudes Towards Patients' Personal Information Protection

With the rapid development of information and communication technologies (ICT), many organizations engage in extensive ICT applications, resulting in a vast amount of personal data to be collected, processed and used. Consequently, the collected personal data is not always well-protected, a key reason for many recent data breaches. The aim of this study is to explore factors influencing the patient's attitude towards personal information protection. Based on the privacy calculus theory and technology threat avoidance theory, a research model was developed and several factors influencing the patient's attitude towards personal information protection were examined. A total of 423 usable responses were collected from a survey with the final response rate of 94.4%. The results indicated that perceived ease of use, legal assurance, privacy concerns and health information sensitivity positively affect the patient's attitude towards personal information protection. Finally, this study concluded with several useful recommendations for academics and practitioners. Keyword: Personal information protection, personal information disclosure, healthcare information system service, privacy calculus theory, technology threat avoidance theory Personal Information Protection Twenty-Third Pacific Asia Conference on Information Systems, China 2019 Introduction In recent years, personal information protection (IP) and information disclosure (ID) have received considerable attention from academics and practitioners (Pan et al. 2006; Culnan et al. 2009; Zimmer et al. 2010; Stulzman et al. 2011; Sharma et al. 2014). Nowadays, many forms of personal information about all aspect of daily human life are produced, collected, and processed via various IT techniques, causing a large-scale data stored and accessible in the cloud. Not surprisingly, personal information is considered to be the treasure of the digital age as the monetary value of the data can be estimated (Malgieri and Custers, 2018). Furthermore, the data have the potential to generate revenues and profits on its own (ENISA 2018). Personal information database can be decisive for the firms in the battle for market share. From the positive point of view, the fair use of the collected personal information benefits both the organizations and the general public. For example, the collection of patient records (e.g., emedical records and telemedicine) for medical research which are important for improving medical services and healthcare (Watt 2006; Hartmann et al. 2019). However, information technology is a double-edged sword. As stated earlier, advances in computer information technology improve human welfare, but problems arise such as security and privacy threats from hackers (Liang and Xue 2009; Fernandes et al. 2012), so personal information protection has become more and more important. At the same time, empowered individuals also are aware of the potential risks, would have more thoughts regarding how their personal information is collected and used (Beldad et al. 2012). Many studies on personal information focused on determents on disclosure and sharing, particularly to investigate factors influencing the willingness or intention, or the adoption (e.g., Beldad et al. 2012). In recent years, this issue has growing its importance for public health authorities (Weizman et al. 2012). This paper mainly focused upon data protection in the context of healthcare. A healthcare organization’s practice on information protection (IP) affects their patients’ information disclosure (ID) intention in practice. Insufficient protection of personal data will affect the willingness of individuals to disclose personal information. However, as this sensitive personal information can be accessed via mobile devices, concerns about data ownership, privacy, and security to patient protection have motivated researchers to explore personal information protection and disclosure issues (Laric and Pitta2009; Medlin and Cazier 2010). The data sensitivity can lead to the general public refusal to disclose their information due to privacy and security concerns. In addition, patients are reported that the most mentioned objections to sharing data because they are afraid of suffering from discrimination by insurance companies (Weizman et al. 2012). In this paper, we intend to investigate the factors influencing the formation of “personal information protection” attitude and the moderating role of personal factor. Although legislation have been enacted to regulate the scope of collection, processing, and use of personal information (such as the name, Id card number, medical record and treatment, genetic information, etc.), the emergence of new technology accelerates information retrieval, and transmission and circulation, intensifying an individual’s concern of misuse of their personal data by a third party (Angst et al. 2010; Kapoor and Nazareth 2013). Previous studies have examined how the data protection policy of an organization influenced individuals’ trust and their behavior, particularly in the context of electronic commerce or the use of social media (e.g., Pan et al. 2006; Stutzman et al. 2011), but little is known about patient attitudes toward information protection and data disclosure to medical services providers. The closer relationships between patients and healthcare providers as compared to the relationships between consumers and online vendors have set the healthcare environment apart from other contexts. As a result, construct relationships identified in previous studies in other contexts may not be readily applicable. Therefore, it is critical to explore the factors influencing the individual’s attitude toward personal information protection and their associated risks. Thus, this study adopted the Technology Threat Avoidance Theory (TTAT) as well as Privacy Calculus Theory (PCT) to establish an attitude model named “Sensitive Medical Personal Information Exposure and Protection Attitude Model.” This model provides a framework at an individual level. We theorize that two forces jointed drive patients’ attitudes toward personal information protection-benefit and risk factors. On the one hand, patients may be more like to form a positive attitude toward personal information protection when Personal Information Protection Twenty-Third Pacific Asia Conference on Information Systems, China 2019 they perceived certain benefits would obtain such as rewards, perceived usefulness, and ease of use of systems and legal assurance from the healthcare providers to process their data. On the other hand, they may form a negative attitude towards personal information protection if they are concerned that negative results from the information system provided by healthcare service providers. Although Privacy Calculus Theory (PCT) has been applied in many adoption literature; it didn’t not discuss the two forces at the same time. Additionally, TTAT was included in our model in order to include cognitive processes under threatening condition. The presented model is more suitable based on motivation theory. The paper addresses the following research questions: 1. How do perceived privacy risk and perceive benefits affect information protection attitudes? 2. How do TTAT and PCT affect the above relationships? 3. Whether do other personal factors moderate the influences on the formation of attitude? Thus, our findings extend the recent literature providing a completed model to represent the determents of attitudes towards personal IP, reflecting users’ concerns for information protection in the context of healthcare. The findings contribute to obtain deep understandings of patients’ attitude and further their behavior, further to design effective communication strategy to change their attitude and behavior.