Advanced search
Publication Cover
Behaviour & Information Technology Latest Articles
Submit an article Journal homepage
187
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Understanding security behaviour among healthcare professionals by comparing results from technology threat avoidance theory and protection motivation theory

Sanjana Sundara Raj Sreenatha School of Medicine, Texas Tech University Health Sciences Center, El Paso, TX, USACorrespondence[email protected]
View further author information
,
Barbara Hewittb Health Information Management, Texas State University, San Marcos, TX, USAORCID Iconhttps://orcid.org/0000-0003-4056-2852View further author information
ORCID Icon &
Sahana Sreenathc Computer Science, Texas State University, San Marcos, TX, USAView further author information
Received 22 Feb 2023, Accepted 30 Jan 2024, Published online: 12 Feb 2024

References

  • Andersen, R. M. 1995. “Revisiting the Behavioral Model and Access to Medical Care: Does it Matter?” Journal of Health and Social Behavior 36 (1): 1–10. https://doi.org/10.2307/2137284.
  • Anderson, C. L., and R. Agarwal. 2010. “Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions.” MIS Quarterly 34 (3): 613–643. https://doi.org/10.2307/25750694.
  • Anderson, C. L., and R. Agarwal. 2011. “The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information.” Information Systems Research 22 (3): 469–490. https://doi.org/10.1287/isre.1100.0335.
  • Anderson, J. C., and D. W. Gerbing. 1988. “Structural Equation Modeling in Practice: A Review and Recommended two-Step Approach.” Psychological Bulletin 103 (3): 411–423. https://doi.org/10.1037/0033-2909.103.3.411.
  • Aytes, K., and T. Connolly. 2004. “Computer Security and Risky Computing Practices: A Rational Choice Perspective.” Journal of Organizational and End User Computing 16 (3): 22–40. https://doi.org/10.4018/joeuc.2004070102
  • Bandura, A. 1992. “Self-efficacy Mechanism in Psychobiologic Functioning.”
  • Bhuyan, S. S., U. Y. Kabir, J. M. Escareno, K. Ector, S. Palakodeti, D. Wyant, S. Kumar, M. Levy, S. Kedia, and D. Dasgupta. 2020. “Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations.” Journal of Medical Systems 44 (5): 1–9. https://doi.org/10.1007/s10916-019-1507-y.
  • Boss, S. R., D. F. Galletta, P. B. Lowry, G. D. Moody, and P. Polak. 2015. “What do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors.” MIS Quarterly 39 (4): 837–864. https://doi.org/10.25300/MISQ/2015/39.4.5.
  • Boysen, S., B. Hewitt, A. McLeod, and D. Gibbs. 2019. “Refining the Threat Calculus of Technology Threat Avoidance Theory.” Commuincations of the Association of Information Systems 45 (1): 5.
  • Carpenter, D., D. Young, P. Barrett, and A. McLeod. 2019. “Refining Technology Threat Avoidance Theory.” Communications of the Association for Information Systems 44. https://doi.org/10.17705/1CAIS.04422.
  • Chen, D. Q., and H. Liang. 2019. “Wishful Thinking and IT Threat Avoidance: An Extension to the Technology Threat Avoidance Theory.” IEEE Transactions on Engineering Management 66 (4): 552–567. https://doi.org/10.1109/TEM.2018.2835461.
  • Chen, R., J. Wang, T. Herath, and H. R. Rao. 2011. “An Investigation of Email Processing from a Risky Decision Making Perspective.” Decision Support Systems 52 (1): 73–81. https://doi.org/10.1016/j.dss.2011.05.005.
  • Compeau, D. R., and C. A. Higgins. 1995. “Computer Self-Efficacy: Development of a Measure and Initial Test.” MIS Quarterly 19 (2): 189–211. https://doi.org/10.2307/249688.
  • Dang-Pham, D., and S. Pittayachawan. 2015. “Comparing Intention to Avoid Malware Across Contexts in a BYOD-enabled Australian University: A Protection Motivation Theory Approach.” Computers & Security 48: 281–297. https://doi.org/10.1016/j.cose.2014.11.002.
  • Floyd, D. L., S. Prentice-Dunn, and R. W. Rogers. 2000. “A Meta-analysis of Research on Protection Motivation Theory.” Journal of Applied Social Psychology 30 (2): 407–429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x.
  • ForgeRock. 2020. ForgeRock Consumer Identity Breach Report. Accessed June 06, 2021 https://www.forgerock.com/resources/view/107130151/analyst-report/forgerock-consumer-identity-breach-report.pdf.
  • Fornell, C., and D. F. Larcker. 1981. “Structural Equation Models with Unobservable Variables and Measurement Error: Algebra and Statistics.” Journal of marketing research 18 (3): 382–388. https://doi.org/10.1177/002224378101800313.
  • Garson, G. D. 2016. Partial Least Squares. Regression and Structural Equation Models. Asheboro: Statistical Publishing Associates.
  • Gefen, D., and D. Straub. 2005. “A Practical Guide to Factorial Validity Using PLS-Graph: Tutorial and Annotated Example.” Communications of the Association for Information Systems 16 (1): 91–109. https://doi.org/10.17705/1CAIS.01605.
  • Giwah, A. D., L. Wang, Y. Levy, and I. Hur. 2019. “Empirical Assessment of Mobile Device Users’ Information Security Behavior Towards Data Breach: Leveraging Protection Motivation Theory.” Journal of Intellectual Capital 21 (2): 215–233.
  • Gurung, A., X. Luo, and Q. Liao. 2009. “Consumer Motivations in Taking Action Against Spyware: An Empirical Investigation.” Information Management & Computer Security 17 (3): 276–289.
  • Hair, J. F., W. C. Black, B. J. Babin, and R. E. Anderson. 2014. Multivariate Data Analysis: Pearson new International Edition. Essex: Pearson Education Limited. 1(2).
  • Healthcare Data Breach Report for 2021. 2021. Accessed May 23, 2022 https://cybersecurity.criticalinsight.com/2021_healthcare_data_breach_report.
  • Herath, T., and H. R. Rao. 2009. “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations.” European Journal of Information Systems 18 (2): 106–125. https://doi.org/10.1057/ejis.2009.6.
  • Holmes, M., and J. Ophoff. 2019. “Online Security Behaviour: Factors Influencing Intention to Adopt Two-factor Authentication.
  • Ifinedo, P. 2012. “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory.” Computers & Security 31 (1): 83–95. https://doi.org/10.1016/j.cose.2011.10.007.
  • Jansen, J., and P. Van Schaik. 2017. “Comparing Three Models to Explain Precautionary Online Behavioural Intentions.” Information & Computer Security 25 (2): 165–180.
  • Johnston, A. C., and M. Warkentin. 2010. “Fear Appeals and Information Security Behaviors: An Empirical Study.” MIS Quarterly 34 (3): 549–566. https://doi.org/10.2307/25750691.
  • Johnston, A. C., M. Warkentin, and M. Siponen. 2015. “An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric.” MIS Quarterly 39 (1): 113–134. https://doi.org/10.25300/MISQ/2015/39.1.06.
  • Kock, N. 2015. “Common Method Bias in PLS-SEM: A Full Collinearity Assessment Approach.” International Journal of e-Collaboration 11 (4): 1–10. https://doi.org/10.4018/ijec.2015100101.
  • Korkmazoglu, O. B., and G. Kemalbay. 2012. “Econometrics Application of Partial Least Squares Regression: An Endogeneous Growth Model for Turkey.” Procedia-Social and Behavioral Sciences 62: 906–910. https://doi.org/10.1016/j.sbspro.2012.09.153.
  • Kruse, C. S., B. Frederick, T. Jacobson, and D. K. Monticone. 2017. “Cybersecurity in Healthcare: A Systematic Review of Modern Threats and Trends.” Technology and Health Care 25 (1): 1–10. https://doi.org/10.3233/THC-161263.
  • Lau, D. C., and J. K. Murnighan. 2005. “Interactions Within Groups and Subgroups: The Effects of Demographic Faultlines.” Academy of Management Journal 48 (4): 645–659. https://doi.org/10.5465/amj.2005.17843943.
  • Lee, Y., and K. R. Larsen. 2009. “Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software.” European Journal of Information Systems 18 (2): 177–187. https://doi.org/10.1057/ejis.2009.11.
  • Liang, H., and Y. Xue. 2009. “Avoidance of Information Technology Threats: A Theoretical Perspective.” MIS Quarterly 33 (1): 71–90. https://doi.org/10.2307/20650279.
  • Liang, H., and Y. Xue. 2010. “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective.” Journal of the Association for Information Systems 11 (7): 394–413. https://doi.org/10.17705/1jais.00232.
  • Liang, H., Y. Xue, A. Pinsonneault, and Y. Wu. 2019. “What Users Do Besides Problem-Focused Coping When Facing it Security Threats: An Emotion-Focused Coping Perspective.” MIS Quarterly 43 (2): 373–394. https://doi.org/10.25300/MISQ/2019/14360.
  • Liu, V., M. A. Musen, and T. Chou. 2015. “Data Breaches of Protected Health Information in the United States.” Jama 313 (14): 1471–1473. https://doi.org/10.1001/jama.2015.2252.
  • Liu, L., and Y. Zhang. 2014. “Enhancing Teachers’ Professional Development Through Reflective Teaching.” Theory and Practice in Language Studies 4 (11): 2396.
  • Martens, M., R. De Wolf, and L. De Marez. 2019. “Investigating and Comparing the Predictors of the Intention Towards Taking Security Measures Against Malware, Scams and Cybercrime in General.” Computers in Human Behavior 92: 139–150. https://doi.org/10.1016/j.chb.2018.11.002.
  • Menard, P., G. J. Bott, and R. E. Crossler. 2017. “User Motivations in Protecting Information Security: Protection Motivation Theory Versus Self-Determination Theory.” Journal of Management Information Systems 34 (4): 1203–1230. https://doi.org/10.1080/07421222.2017.1394083.
  • Milne, S., P. Sheeran, and S. Orbell. 2000. “Prediction and Intervention in Health-Related Behavior: A Meta-Analytic Review of Protection Motivation Theory.” Journal of Applied Social Psychology 30 (1): 106–143. https://doi.org/10.1111/j.1559-1816.2000.tb02308.x.
  • National Learning Consortium. 2013. “How to Optimize Patient Portals for Patient Engagement and Meet Meaningful use Requirements.”
  • Ng, B.-Y., A. Kankanhalli, and Y. C. Xu. 2009. “Studying Users’ Computer Security Behavior: A Health Belief Perspective.” Decision Support Systems 46 (4): 815–825. https://doi.org/10.1016/j.dss.2008.11.010.
  • Nigg, C. R., J. P. Allegrante, and M. Ory. 2002. “Theory-comparison and Multiple-behavior Research: Common Themes Advancing Health Behavior Research.” Health Education Research 17 (5): 670–679. https://doi.org/10.1093/her/17.5.670.
  • Pahnila, S., M. Siponen, and A. Mahmood. 2007. “Employees’ Behavior Towards IS Security Policy Compliance: IEEE.
  • Podsakoff, P. M., S. B. MacKenzie, J. Y. Lee, and N. P. Podsakoff. 2003. “Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies.” Journal of Applied Psychology 88 (5): 879–903. https://doi.org/10.1037/0021-9010.88.5.879.
  • Posey, C., T. L. Roberts, and P. B. Lowry. 2015. “The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets.” Journal of Management Information Systems 32 (4): 179–214. https://doi.org/10.1080/07421222.2015.1138374.
  • Reason, J. 2016. Managing the Risks of Organizational Accidents. Aldershot Hants: Routledge.
  • Ringle, C. M., S. Wende, and J.-M. Becker. 2015. SmartPLS 3. Boenningstedt: SmartPLS.
  • Rogers, R. W. 1975. “A Protection Motivation Theory of Fear Appeals and Attitude change1.” The Journal of Psychology 91 (1): 93–114. https://doi.org/10.1080/00223980.1975.9915803.
  • Seh, A. H., M. Zarour, A. K. Sarkar, A. Agrawal, R. Kumar, and R. A. Khan. 2020. “Healthcare Data Breaches: Insights and Implications.” Healthcare 8 (2): 133. https://doi.org/10.3390/healthcare8020133.
  • Shahbaznezhad, H., F. Kolini, and M. Rashidirad. 2020. “Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter?” Journal of Computer Information Systems 61 (2): 1–12.
  • Sommestad, T., H. Karlzén, and J. Hallberg. 2015. “A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour.” International Journal of Information Security and Privacy 9 (1): 26–46. https://doi.org/10.4018/IJISP.2015010102.
  • Tsai, H-yS, M. Jiang, S. Alhabash, R. LaRose, N. J. Rifon, and S. R. Cotten. 2016. “Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective.” Computers & Security 59: 138–150. https://doi.org/10.1016/j.cose.2016.02.009.
  • Tu, C. Z., J. Adkins, and G. Y. Zhao. 2019. “Complying with BYOD Security Policies: A Moderation Model Based on Protection Motivation Theory.” Journal of the Midwest Association for Information Systems (JMWAIS 1: 11–28.
  • United States. 1996. Health Insurance Portability and Accountability Act of 1996 (HIPAA). L.
  • Venkatesh, V., M. G. Morris, G. B. Davis, and F. D. Davis. 2003. “User Acceptance of Information Technology: Toward a Unified View.” MIS Quarterly 27 (3): 425–478. https://doi.org/10.2307/30036540.
  • Vilares, M. J., M. H. Almeida, and P. S. Coelho. 2010. “Comparison of Likelihood and PLS Estimators for Structural Equation Modeling: A Simulation with Customer Satisfaction Data.” In Handbook of Partial Least Squares, 289–305. Berlin, Heidelberg: Springer.
  • Workman, M., W. H. Bommer, and D. Straub. 2008. “Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test.” Computers in Human Behavior 24 (6): 2799–2816. https://doi.org/10.1016/j.chb.2008.04.005.
  • Yang, J., Y. Zhang, and C. J. Lanting. 2017. “Exploring the Impact of QR Codes in Authentication Protection: A Study Based on PMT and TPB.” Wireless Personal Communications 96 (4): 5315–5334. https://doi.org/10.1007/s11277-016-3743-5.
  • Young, D., D. Carpenter, and A. McLeod. 2016. “Malware Avoidance Motivations and Behaviors: A Technology Threat Avoidance Replication.” AIS Transactions on Replication Research 2 (1): 8.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.