1 / 12

The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry

The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry. Alex Alexandrou ( alex_alexandrou@fitnyc.edu ) Li-Chiou Chen ( lchen@pace.edu ) Seidenberg School of Computer Science and Information Systems Pace University. Goals.

inari
Download Presentation

The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou (alex_alexandrou@fitnyc.edu) Li-Chiou Chen (lchen@pace.edu) Seidenberg School of Computer Science and Information Systems Pace University

  2. Goals • Understand the security risk perception of medical practitioners regarding the use of mobile devices to access electronic medical records • How security risk perception and other factors would affect their behavior intention in both using the devices and in adopting security controls required for the devices • Compare the difference in security risk perception between BYOD (Bring Your Own Device) and HPD (Hospital Provided Device)

  3. Perceived Susceptibility (PSU) Perceived Severity (PSE) Regulatory Concern (RC) Research Model H10+ H2+ H1+ Perceived Security Risk (PSR) Security Measure Efficacy (SME) Self-Efficacy (SEF) Safeguard Cost (SAF) H5- H4+ H3+ H6- H7+ Intention to Use Mobile Devices (INU) Intention to Comply with Security Control (INC) H8+ H9+ Perceived Easiness of User (PEU) Perceived Usefulness (PUS)

  4. Empirical Study • We visited three inpatient hospitals and their outpatient clinics to conduct the interviews and the web survey • An institutional review board (IRB) review exemption is approved for each institution • A total of 264 medical practitioners participated in our study, including nurses, physician assistants, physicians, health care administrators, medical and nursing students, as well as information technology technicians

  5. Data Collection • For each interview, we provided the subject with an iPad4 • We first showed the subjects the EMR application (Citrix) used in each hospital and then asked them to use it • Using the iPad4, each subject filled up the web survey • demographic information and quantifiable data for the constructs in the proposed research model • Every construct in the model is measured by three to four 5-point Likert scale questions • Two scenarios of using mobile devices, BYOD and HPD, are given to the subjects

  6. Data Analysis • ANOVA • Compare risk perception among different subject groups and two scenarios • Structured Equation Modeling using SmartPLS • Measurement Validity • Hypotheses Testing for the Research Model

  7. Comparison among groups Group 1: doctors & medical school students; Group 2: nurses, nursing students and medical technician; Group 3: IT administrators. Scale: 1-5

  8. Perceived Susceptibility (PSU) Perceived Severity (PSE) Regulatory Concern (RC) Hypotheses Testing - HPD -0.06 0.43*** 0.11* Perceived Security Risk (PSR) Security Measure Efficacy (SME) Self-Efficacy (SEF) Safeguard Cost (SAF) 0.0 0.09 -0.24*** -0.13** -0.03 Intention to Use Mobile Devices (INU) Intention to Comply with Security Control (INC) 0.12 0.05 Perceived Easiness of User (PEU) Perceived Usefulness (PUS) *** model parameter is statistically significant at 99%; ** model parameter is statistically significant at 95%; *model parameter is statistically significant at 95%;

  9. Perceived Susceptibility (PSU) Perceived Severity (PSE) Regulatory Concern (RC) Hypotheses Testing -BYOD 0.0 0.28*** 0.17*** Perceived Security Risk (PSR) Security Measure Efficacy (SME) Self-Efficacy (SEF) Safeguard Cost (SAF) -0.13** 0.01 0.05 0.05 0.32*** Intention to Use Mobile Devices (INU) Intention to Comply with Security Control (INC) 0.12* 0.15* Perceived Easiness of User (PEU) Perceived Usefulness (PUS) *** model parameter is statistically significant at 99%; ** model parameter is statistically significant at 95%; *model parameter is statistically significant at 95%;

  10. Implications – HPD only • Medical practitioners will be less willing to use the mobile devices at work • if they are more concern with regulations and • if they think security threat on mobile devices is more likely to occur • Security awareness education that emphasizes on the likelihood of security threats and the negative consequences of regulatory violation • will only deter practitioners from adopting the mobile devices at work • will not encourage them to adopt security controls

  11. Implications – BOYD only • Factors that encourage medical practitioners to use their own device at work • Ease of use; usefulness of the devices • Increasing the perceived security risk of medical practitioners • will increase their intention to follow up security controls • IT administrators should focus on awareness campaign that can increase practitioners’ perceived security risk • the potential security threats to mobile devices • the consequences of successful security attacks

  12. Implications – both cases • The more medical practitioners think the security control is costly or inconvenient, the less likely they will adopt security controls. • IT administrators should design security controls that are convenient and time-saving for medical practitioners to implement

More Related