Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou

Similar presentations


Presentation on theme: "The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou"— Presentation transcript:

1 The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou Li-Chiou Chen Seidenberg School of Computer Science and Information Systems Pace University 1

2 Goals Understand the security risk perception of medical practitioners regarding the use of mobile devices to access electronic medical records How security risk perception and other factors would affect their behavior intention in both using the devices and in adopting security controls required for the devices Compare the difference in security risk perception between BYOD (Bring Your Own Device) and HPD (Hospital Provided Device) 2

3 Research Model Intention to Use Mobile Devices (INU) Perceived Susceptibility (PSU) Perceived Severity (PSE) Self-Efficacy (SEF) Perceived Security Risk (PSR) Security Measure Efficacy (SME) Safeguard Cost (SAF) Intention to Comply with Security Control (INC) Perceived Easiness of User (PEU) Perceived Usefulness (PUS) Regulatory Concern (RC) H10+ H1+ H6- H7+ H3+ H4+ H5- H8+H9+ H2+ 3

4 Empirical Study We visited three inpatient hospitals and their outpatient clinics to conduct the interviews and the web survey An institutional review board (IRB) review exemption is approved for each institution A total of 264 medical practitioners participated in our study, including nurses, physician assistants, physicians, health care administrators, medical and nursing students, as well as information technology technicians 4

5 Data Collection For each interview, we provided the subject with an iPad4 ◦ We first showed the subjects the EMR application (Citrix) used in each hospital and then asked them to use it Using the iPad4, each subject filled up the web survey ◦ demographic information and quantifiable data for the constructs in the proposed research model Every construct in the model is measured by three to four 5-point Likert scale questions Two scenarios of using mobile devices, BYOD and HPD, are given to the subjects 5

6 Data Analysis ANOVA ◦ Compare risk perception among different subject groups and two scenarios Structured Equation Modeling using SmartPLS ◦ Measurement Validity ◦ Hypotheses Testing for the Research Model 6

7 Comparison among groups Group 1: doctors & medical school students; Group 2: nurses, nursing students and medical technician; Group 3: IT administrators. Scale: 1-5 7

8 Hypotheses Testing - HPD Intention to Use Mobile Devices (INU) Perceived Susceptibility (PSU) Perceived Severity (PSE) Self-Efficacy (SEF) Perceived Security Risk (PSR) Security Measure Efficacy (SME) Safeguard Cost (SAF) Intention to Comply with Security Control (INC) Perceived Easiness of User (PEU) Perceived Usefulness (PUS) Regulatory Concern (RC) 0.11*0.43*** -0.13** *** *** model parameter is statistically significant at 99%; ** model parameter is statistically significant at 95%; * model parameter is statistically significant at 95%; 8

9 Hypotheses Testing -BYOD *** model parameter is statistically significant at 99%; ** model parameter is statistically significant at 95%; * model parameter is statistically significant at 95%; Intention to Use Mobile Devices (INU) Perceived Susceptibility (PSU) Perceived Severity (PSE) Self-Efficacy (SEF) Perceived Security Risk (PSR) Security Measure Efficacy (SME) Safeguard Cost (SAF) Intention to Comply with Security Control (INC) Perceived Easiness of User (PEU) Perceived Usefulness (PUS) Regulatory Concern (RC) *** *** ** 0.12*0.15* 0.17*** 9

10 Implications – HPD only Medical practitioners will be less willing to use the mobile devices at work ◦ if they are more concern with regulations and ◦ if they think security threat on mobile devices is more likely to occur Security awareness education that emphasizes on the likelihood of security threats and the negative consequences of regulatory violation ◦ will only deter practitioners from adopting the mobile devices at work ◦ will not encourage them to adopt security controls 10

11 Implications – BOYD only Factors that encourage medical practitioners to use their own device at work ◦ Ease of use; usefulness of the devices Increasing the perceived security risk of medical practitioners ◦ will increase their intention to follow up security controls ◦ IT administrators should focus on awareness campaign that can increase practitioners’ perceived security risk ◦ the potential security threats to mobile devices ◦ the consequences of successful security attacks 11

12 Implications – both cases The more medical practitioners think the security control is costly or inconvenient, the less likely they will adopt security controls. IT administrators should design security controls that are convenient and time- saving for medical practitioners to implement 12


Download ppt "The Security Risk Perception Model for the Adoption of Mobile Devices in the Healthcare Industry Alex Alexandrou"

Similar presentations


Ads by Google