Search results

Information systems (IS) research in general and health IS studies, in particular, are prone to a positivity bias – largely focusing on upside gains rather than the potential misuse practices. This paper aims to explore failures in health IS use and shortcomings in data privacy and cybersecurity and to provide an explanatory model for health record misuse.

This research is based on four data sets that we collected through a longitudinal project studying digital health (implementation, use and evaluation), interviews with experts (cybersecurity and digital health) and healthcare stakeholders (health professionals and managers). We applied qualitative analysis to explain health records misuse from a sociotechnical perspective.

We propose a contextualized model of “health records misuse” with two overarching dimensions: data misfit and improper data processing. We explain sub-categories of data misfit: availability misfit, meaning misfit and place misfit, as well as sub-categories of improper data processing: improper interaction and improper use-related actions. Our findings demonstrate how health records misuse can emerge in sociotechnical health systems and impact health service delivery and patient safety.

Through contextualizing system misuse in healthcare, this research advances the understanding of ineffective use and failures in health data protection practices. Our proposed theoretical model provides explanations for unique patterns of IS misuse in healthcare, where data protection failures are consequential for healthcare organizations and patient safety.

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

Sharing patient health information (PHI) among hospitals has been much slower than the adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can impede and a strong national security infrastructure (NSI) can support HIE.

The study uses secondary data from a multi-national and multi-hospital survey administered by the European Union. The multi-level structure of the cross-sectional panel data is used to test the influence of both hospital-level (e.g. PR) and national-level variables (e.g. NSI) on HIE. A total of nine types of HIE, three types of PRs, nine SMs and other relevant control variables are considered. This study uses a two-level random intercept generalized linear model to test the hypothesis proposed in the study.

The study finds that national-level PRs (NLPR) have the strongest positive influence on HIE in comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover, the study finds evidence that the presence of RLPR and HLPR, on average, decreases the positive impact of NLPR by 264%. The SMs also have a significant and positive impact on HIE. Adoption of an additional SM can increase the odds of engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also amplify the positive impact of SM on certain types of HIE.

This study extends prior research on the role of PRs in enabling HIE by considering the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to secure communications can also complement SMs adopted by the providers by encouraging HIE.

Following the surge of documents laying out organizations' ethical principles for their use of artificial intelligence (AI), there is a growing demand for translating ethical principles to practice through AI governance (AIG). AIG has emerged as a rapidly growing, yet fragmented, research area. This paper synthesizes the organizational AIG literature by outlining research themes and knowledge gaps as well as putting forward future agendas.

The authors undertake a systematic literature review on AIG, addressing the current state of its conceptualization and suggesting future directions for AIG scholarship and practice. The review protocol was developed following recommended guidelines for systematic reviews and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA).

The results of the authors’ review confirmed the assumption that AIG is an emerging research topic with few explicit definitions. Moreover, the authors’ review identified four themes in the AIG literature: technology, stakeholders and context, regulation and processes. The central knowledge gaps revealed were the limited understanding of AIG implementation, lack of attention to the AIG context, uncertain effectiveness of ethical principles and regulation, and insufficient operationalization of AIG processes. To address these gaps, the authors present four future AIG agendas: technical, stakeholder and contextual, regulatory, and process. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

To address the identified knowledge gaps, the authors present the following working definition of AIG: AI governance is a system of rules, practices and processes employed to ensure an organization's use of AI technologies aligns with its strategies, objectives, and values, complete with legal requirements, ethical principles and the requirements set by stakeholders. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

For society, the authors review elucidates the multitude of stakeholders involved in AI governance activities and complexities related to balancing the needs of different stakeholders.

By delineating the AIG concept and the associated research themes, knowledge gaps and future agendas, the authors review builds a foundation for organizational AIG research, calling for broad contextual investigations and a deep understanding of AIG mechanisms. For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

This chapter reviews possible regulatory updates needed to address the four general challenges arising from digitalization of financial services, regardless of the business models of the financial services providers. These challenges are customers' data rights, artificial intelligence (AI) ethics, cybersecurity and financial exclusion.

This paper aims to explore the deep Web as a solution for displacement and replacement challenges in libraries, addressing the challenges, benefits, strategies and case studies.

The paper synthesizes existing literature on deep Web integration in libraries, providing a comprehensive analysis of insights from scholarly articles, case studies and expert opinions.

The deep Web grants libraries access to unique content, improving information access, fostering collaboration and enabling personalized content. However, security, privacy, ethics and data protection must be considered.

This paper contributes to the literature by providing a comprehensive examination of deep Web integration in libraries, offering valuable recommendations for navigating the changing landscape and leveraging the deep Web’s potential.

This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.

A cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.

The exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.

This study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.

The results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.

Antecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.

This study aims to present a comprehensive investigation into users’ behavioural intentions to use e-pharmacies through the lens of the privacy calculus model. The present study also investigates the effects of perceived benefit, perceived privacy risk, timeliness and perceived app quality on e-pharmacy usage through the mediating role of trustworthiness.

The study used a deductive approach and collected data from 338 respondents using the purposive sampling technique. partial least squares structural equation modelling was applied to analyse the data.

The findings of the study indicate that perceived benefit, perceived privacy risk, timeliness and perceived app quality do not directly impact users’ behavioural intentions towards e-pharmacy adoption. Instead, it demonstrated that perceived benefit, perceived privacy risk, timeliness and perceived app quality influenced behavioural intention indirectly through the mediating role of trustworthiness

This study offers valuable insights to entrepreneurs, marketers and policymakers, enabling them to develop regulations, guidelines and policies that cultivate trust, safeguard privacy, ensure prompt services and create an enabling environment for the adoption of e-pharmacies. The present study also contributes to the existing literature by extending the privacy calculus model with the integration of timeliness and perceived app quality to explain users’ adoption behaviour towards e-pharmacy.

This paper explores the similarities and differences in privacy attitudes, trust and risk beliefs between younger and older adults on social networking sites. The objective of the article is to ascertain whether any notable differences exist between younger (18–25 years old) and older (55+ years old) adults in how trust and risk are influenced by privacy concerns upon personal information disclosure on social media.

A Likert scale instrument validated in previous research was employed to gather the responses of 148 younger and 152 older adults. The scale was distributed through Amazon Mechanical Turk. Data were analyzed through partial least squares structural equation modeling.

No significant differences were found between younger and older adults in how social media privacy concerns related to trust and risk beliefs. Two privacy concern dimensions were found to have a significant influence on perceptions of risk for both populations: collection and control. Predictability and a sense of control are proposed as two conceptual approaches that can explain these findings.

This article is the first one to explore age differences in privacy concerns, trust and risk on social media employing conceptual developments and an instrument specifically tailored to the social media environment. Based on the findings, several strategies are suggested to keep privacy concerns on social media at a minimum, reduce risk perceptions and increase users' trust.

This study aims to analyze and synthesize literature on consumer privacy-related behavior and intelligent device-to-device interactions within the Internet of Things (IoT).

We conducted a systematic review using Elsevier’s Scopus database, focusing on studies published in English from 2000 to 2023. The review targeted articles within selected social sciences and business disciplines, specifically concerning consumer behavior in IoT contexts.

We categorized the privacy literature into three thematic clusters: legislation and policy, business implications and consumer behavior. Within the consumer behavior cluster, our analysis indicates a shift from general Internet and e-commerce privacy concerns prior to 2016, toward issues related to advertising and policy between 2017 and 2018, and increasingly toward pronounced concerns in technological systems, particularly IoT, from 2019 onwards. We identify eight distinct areas of privacy concern within IoT and propose a framework that links antecedents and privacy concerns to subsequent attitudes and behaviors. This framework highlights varying patterns of information disclosure and bridges theoretical constructs with empirical research in IoT privacy.

Originality lies in enhancing the Antecedents-Privacy Concerns-Outcomes (APCO) macro-model by integrating diverse theoretical perspectives on technological and individual-specific antecedents, alongside privacy concerns and beliefs. This comprehensive integration enriches the framework, enabling it to predict and categorize consumer behavior in IoT environments more effectively. The revised model provides a robust tool for understanding privacy-related behavior within the IoT, significantly enriching its theoretical relevance and practical applicability.