Decision, Operations, and Information Technologies Department, Robert H. Smith School of Business, University of Maryland, Van Munching Hall, College Park, MD 20742-1815 U.S.A.
As healthcare becomes increasingly digitized, the promise of improved care enabled by technological advances inevitably must be traded off against any unintended negative consequences. There is little else that is as consequential to an individual as his or her health. In this context, the privacy of one's personal health information has escalated as a matter of significant concern for the public. We pose the question: under what circumstances will individuals be willing to disclose identified personal health information and permit it to be digitized? Using privacy boundary theory and recent developments in the literature related to risk-as-feelings as the core conceptual foundation, we propose and test a model explicating the role played by type of information requested (general health, mental health, genetic), the purpose for which it is to be used (patient care, research, marketing), and the requesting stakeholder (doctors/hospitals, the government, pharmaceutical companies) in an individual's willingness to disclose personal health information. Furthermore, we explore the impact of emotion linked to one's health condition on willingness to disclose. Results from a nationally representative sample of over 1,000 adults underscore the complexity of the health information disclosure decision and show that emotion plays a significant role, highlighting the need for re-examining the timing of consent. Theoretically, the study extends the dominant cognitive-consequentialist approach to privacy by incorporating the role of emotion. It further refines the privacy calculus to incorporate the moderating influence of contextual factors salient in the healthcare setting. The practical implications of this study include an improved understanding of consumer concerns and potential impacts regarding the electronic storage of health information that can be used to craft policy.
Although firms are expending substantial resources to develop technology and processes that can help safeguard the security of their computing assets, increased attention is being focused on the role people play in maintaining a safe computing environment. Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with over one billion people with access to the Internet, individual home computer users represent a significant point of weakness in achieving the security of the cyber infrastructure. We study the phenomenon of conscientious cybercitizens, defined as individuals who are motivated to take the necessary precautions under their direct control to secure their own computer and the Internet in a home setting. Using a multidisciplinary, phased approach, we develop a conceptual model of the conscientious cybercitizen. We present results from two studies--a survey and an experiment--conducted to understand the drivers of intentions to perform security-related behavior, and the interventions that can positively influence these drivers. In the first study, we use protection motivation theory as the underlying conceptual foundation and extend the theory by drawing upon the public goods literature and the concept of psychological ownership. Results from a survey of 594 home computer users from a wide range of demographic and socioeconomic backgrounds suggest that a home computer user's intention to perform security-related behavior is influenced by a combination of cognitive, social, and psychological components. In the second study, we draw upon the concepts of goal framing and self-view to examine how the proximal drivers of intentions to perform security-related behavior identified in the first study can be influenced by appropriate messaging. An experiment with 101 subjects is used to test the research hypotheses. Overall, the two studies shed important new light on creating more conscientious cybercitizens. Theoretical and practical implications of the findings are discussed.