Toward an Understanding of the Antecedents to Health Information Privacy Concern: A Mixed Methods Study

Abstract

As personal health information is digitized and entrusted to healthcare professionals and the technology vendors that manage health information systems (e.g., electronic health records), questions continue to arise regarding how this information is used and protected. By understanding what factors shape people’s health information privacy concerns (HIPCs), organizations can better manage reactions and concerns regarding the use of new technologies and guidance can be produced to help people better protect their health information. We conduct a mixed methods study to examine antecedents to HIPC and find that individuals’ characteristics, perceptions, and experiences all play important roles in shaping HIPC. We also show that users who report high HIPC are less likely to allow their health information to be included in an electronic health record system. The study is conducted using Irish respondents and thus provides a European perspective from a country in which health information systems are not yet widespread.

Whatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.¹ –Hippocratic Oath

1 Introduction

Privacy has played a pivotal role in the health context for centuries as evidenced by the promise to protect patients’ privacy expressed in the Hippocratic Oath, the protections for health data afforded by legislation such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States (U.S.), and the widely held public opinion that health information is sensitive and should be protected (Eurobarometer 2011). However, recent technological advances in this context such as the growth in health organizations’ utilization of health information and communication technologies (ICTs) coupled with individuals’ growing adoption of mobile health (m-health) solutions for tracking their personal health enable vast increases in the volume and breadth of health data which can be continuously collected, stored, analyzed, and shared with a host of third parties (Anderson and Agarwal 2011; Sadeghi et al. 2012; Yassaee and Mettler 2019). While integrating such technologies into healthcare provides many potential benefits, it also poses new risks to information privacy. The widespread adoption of new technologies such as data mining and Internet-of-things (IoT) (Li et al. 2015; Mukherjee 2020) has led some to suggest ‘privacy is dead’ (Belanger and Xu 2015), however health data is still considered sensitive by many and there is a desire to protect it. How we reconcile these two counterpoints is becoming increasingly important.

It is undeniable that the nature of privacy is changing in all areas including health. Health professionals’ use of ICTs such as electronic health records (EHRs) enables the creation of comprehensive patient records, which can increase efficiency, reduce paper-based errors, and improve diagnoses and treatment (Anderson and Agarwal 2011; Evans et al. 2006; Mishra et al. 2012; Weber-Jahnke and Obry 2012). Similarly, individuals’ utilization of m-health technologies such as m-health applications or wearables empowers them to monitor and manage their personal health and fitness (Eng and Lee 2013; Gay and Leijdekkers 2015; James et al. 2019; Park and Jayaraman 2003). While the benefits of these technologies may be great, the impact on patient privacy is often detrimental. For instance, there are a host of secondary purposes for personal health information (PHI) which may occur without the awareness or permission of the individual including use for marketing or potential discrimination resulting from access to data by employers and insurance providers (Yang and Silverman 2014; Zhang et al. 2018).

Health information represents a unique context for privacy research due to the mismatch between the increasing volume of data generated and shared by health professionals and individuals alike and the sensitive nature of health information established in academic research, public opinion polls, and data protection regulation (Anderson and Agarwal 2011; Belanger and Xu 2015). The labyrinthine privacy concern construct has attracted large volumes of research within information systems (IS) and other academic disciplines (Bélanger and Crossler 2011; Smith et al. 2011). However, privacy concern in the health context remains relatively under examined in the IS literature with the exception of a small number of studies [e.g., (Anderson and Agarwal 2011; Bansal et al. 2016; Kordzadeh and Warren 2017; Kordzadeh et al. 2016; Xu et al. 2011; Zhang et al. 2018)]. This growing body of literature supports the continued importance individuals place on their health information privacy and emphasizes the behaviors they engage in to protect it, such as refusal to adopt various health solutions (Angst and Agarwal 2009; Hwang et al. 2012; Li et al. 2014; Li and Slee 2014) and withholding information from health entities (Anderson and Agarwal 2011; Campos-Castillo and Anthony 2014). In order to reduce the undesirable behaviors associated with high health information privacy concerns (HIPC), the factors driving and reducing privacy concern in this context must be first understood, and then addressed. Recent advances in this area have illuminated the role of various individual, experiential, and perception-based factors on the formation of individuals’ privacy concerns associated with health websites and virtual health communities (VHCs) [e.g., (Bansal et al. 2016; Kordzadeh and Warren 2017; Kordzadeh et al. 2016; Xu et al. 2011; Zhang et al. 2018)]. This paper builds upon this existing work to develop a broader understanding of the formation of individuals’ HIPC, defined as an individual’s perception of his or her concern for how personal information is handled by health entities. In addition to contextualizing the information privacy concern (IPC) construct for health information, we also identify and test factors that give rise to HIPCs through a mixed methods study and confirm the influence of HIPC on a health privacy-related behavior.

The contextual nature of privacy has been repeatedly highlighted in the literature with calls issued for research that sheds some light on the situational nuances surrounding the privacy construct [e.g., (Belanger and Xu 2015; Nissenbaum 2009)]. A key argument from the preeminent studies on privacy concerns is that they are dynamic and may shift with changes in technology over time. Based on this argument, several variations of a privacy concern construct have been developed in response to the increasing use of the Internet for business transactions (Hong and Thong 2013; Malhotra et al. 2004; Smith et al. 1996). These seminal studies developed scales measuring individuals’ privacy concerns regarding how online or offline companies handled their information. A few studies have modified these privacy concern constructs to specify the industry or context of the organizations handling individuals’ information, for example, health care (Angst and Agarwal 2009; Li and Slee 2014). This suggests that privacy concerns may vary based on context, or at the very least that studying context-specific perceptions of privacy concern is necessary to answer certain questions. In prior studies conducted in the health context, the focus was often on factors leading to the adoption of or attitudes toward a health technology (e.g., EHRs) (Angst and Agarwal 2009; Dinev et al. 2016; Fox 2020; Fox and Connolly 2018; Li and Slee 2014). That is, most research focuses on the outcomes of privacy concern rather than on antecedents to it (Smith et al. 2011). In this study, we examine factors that shape individuals’ HIPCs in addition to confirming the influence of HIPCs on a health privacy-related outcome. Specifically, we examine the relationship between HIPCs and individuals’ intentions to allow their information to be used in EHRs. We collect our data from Irish respondents, which is a European country in which the use of EHRs is expanding but not yet widespread. Hence, we contribute to the extant literature by providing a broad examination of how individuals’ health privacy concerns are shaped. We also illustrate the IPC contextualized to health is a critical predictor of individual’s cooperation with EHR implementation. This study’s findings provide insights health policymakers and medical providers can use to ease the public’s transition to health information systems.

Privacy researchers have advocated developmental theories of privacy that suggest one’s consideration of privacy changes based on life experiences and environmental conditions, including prior privacy experiences and technological changes (Laufer and Wolfe 1977). The seminal work by Laufer and Wolfe (Laufer and Wolfe 1977) has informed many elements of the study of privacy by IS researchers (Dinev and Hart 2006a; Dinev et al. 2013; Hong and Thong 2013; James et al. 2016), including providing the basis for the development of the information privacy concern (IPC) construct of Hong and Thong (Hong and Thong 2013) contextualized in this study. The IPC uses the conceptualization that privacy involves the management of both an individual’s information and interaction with others suggested by Laufer and Wolfe (Laufer and Wolfe 1977). Another influential work in privacy is the communication privacy management (CPM) theory (Petronio 2002) that similarly considers a rule-based system for privacy management. In CPM, privacy rule development is guided by several criteria: cultural, gendered, motivational, contextual, and risk-benefit ratio. Hence, there is precedent that individuals’ characteristics and experiences will shape their consideration of privacy in a particular context. Drawing from prior literature and using a mixed methods approach, our study examines the role of individuals’ characteristics, experiences, and perceptions in shaping their HIPCs.

Prior studies in the privacy literature tend to pursue a single-method quantitative approach (i.e., survey) to examine relationships between privacy concerns, predictors, and outcomes [e.g., (Anderson and Agarwal 2011; Dinev et al. 2013; James et al. 2017b; James et al. 2015; Kordzadeh and Warren 2017; Kordzadeh et al. 2016)]. There has also been a smaller number of qualitative studies [e.g., (Becker 2018; Crossler and Posey 2017; Karwatzki et al. 2017; Miltgen and Peyrat-Guillard 2014; Miltgen and Smith 2015)]. While this tradition has led to the development of a rich body of literature underpinned by robust findings, the paradoxical nature of privacy in the health context and the current study’s focus call for a mixed methods approach. This study employs a three-stage sequential mixed methods approach to examine the factors driving individuals’ HIPC (Venkatesh et al. 2013). The first stage is an exploratory pre-study, which uses interviews to investigate the relevance of potential antecedents identified in the literature. The second stage involves a quantitative survey of individuals to test the influence of the factors identified in the literature and stage one. The final stage is explanatory and consists of 25 interviews and seeks to explain each relationship in the survey in greater detail. The findings from stage two and three are integrated to develop a greater understanding of the drivers of HIPC. By doing so, the paper provides empirical and theoretical contributions to the privacy literature by advancing understanding of HIPC in a comprehensive manner.

2 Theoretical Development

2.1 Defining Health Information Privacy Concern (HIPC)

A widely used definition of information privacy is “the ability (i.e., capacity) of the individual to control personally (vis-à-vis other individuals, groups, organizations, etc.) information about one’s self” [(Stone et al. 1983) , p. 460]. This “privacy as control” approach (Smith et al. 2011; Stone et al. 1983) is consistent with other conceptualizations of the information privacy concept in the privacy literature [e.g., (Altman 1975; Margulis 1977; Westin 1967)]. Building from this definition, Smith et al. (Smith et al. 1996) introduced a multi-dimensional measure of “individuals’ concerns about organizational information privacy practices,” often referred to as the concern for information privacy (CFIP) scale, which queries individuals’ concerns regarding collection, errors, unauthorized secondary use, and improper access of their information by companies. Later work showed that modeling the CFIP as a second-order factor is an appropriate representation (Stewart and Segars 2002).

Another influential privacy concern study drew on a caution in the Smith et al. (Smith et al. 1996) paper suggesting that while the CFIP was reflective of current thinking, the dimensions of privacy concern were not necessarily static (Malhotra et al. 2004). In this second study, the researchers suggested that explosive trends in Internet use necessitated a second look at privacy concern focused on this environment, which led to the development of an alternative privacy concern construct referred to as Internet users’ information privacy concerns or IUIPC. The IUIPC is also multi-dimensional, with three dimensions being collection, control, and awareness. While Malhotra et al. (Malhotra et al. 2004) demonstrated that the IUIPC worked well compared to the CFIP in the Internet context, the CFIP has been favored in the IS literature (Bélanger and Crossler 2011). The CFIP has been used in the health context to examine adoption of EHRs (Angst and Agarwal 2009; Li and Slee 2014). Malhotra et al. [(Malhotra et al. 2004) , p. 337] provided a formal definition of privacy concern as referring to “an individual’s subjective views of fairness within the context of information privacy.” In developing the IUIPC, they focused on Internet users’ perceptions of how their information is handled by online companies. Staying in the context of Internet users, Hong and Thong (Hong and Thong 2013) began their work on a new version of a privacy concern construct by focusing on the idea that privacy is composed of the ability of individuals to control both their information and their interaction with others (Laufer and Wolfe 1977). Laufer and Wolfe (Laufer and Wolfe 1977) state that an examination of privacy has to start from the foundation that people form relationships with others, and that conducting these relationships involves the management of both information and interaction. Hong and Thong (Hong and Thong 2013) used this premise to aggregate the six dimensions obtained by combining the CFIP and the IUIPC into a third-order construct, where collection, secondary usage, and control form a second-order interaction management factor and errors and improper access form a second-order information management factor. These two second-order factors, along with awareness, were combined to form a third-order Internet privacy concerns (IPC) construct. In this study, we contextualize the IPC to the health context and model it as a formative third-order factor, which is shown in Fig. 1. Hong and Thong (Hong and Thong 2013) define IPC as reflecting “an individual’s perception of his or her concern for how personal information is handled by websites” (Hong & Thong, 2013, p. 276). It is this latest iteration of the privacy concern construct that we employ as the dependent variable in the current study² in the health context. Therefore, borrowing from the definition of Hong and Thong (Hong and Thong 2013), we define health information privacy concern (HIPC) as an individual’s perception of his or her concern for how personal information is handled by health entities.

Fig. 1

Formative Third-Order Factor for Health Information Privacy Concern

2.2 Antecedents to Health Information Privacy Concern

Information privacy concerns are a function of an individual’s personal characteristics, prior experience, and external circumstances (Malhotra et al. 2004). We will examine factors from these categories that are relevant to the health context in detail below. Similarly, Smith et al. (Smith et al. 2011) presented the “antecedents ➔ privacy concerns ➔ outcomes” (APCO) macro model that proposed several personal and experience characteristics as antecedents to privacy concerns. In this study, we will test an APCO model in the health context to show the criticality of HIPC. Although our study will emphasize the antecedents, our outcome of interest will be intent to use EHRs. Smith et al. (Smith et al. 2011) note that privacy concern as the dependent variable is a less common occurrence than privacy concern as an independent variable. Our study contributes to this gap by focusing our efforts on a broad examination of antecedents to HIPC.

It is important to note that we are studying a specific privacy concern, HIPC, rather than its more general and non-contextualized counterpart. This means that we are examining privacy concern with respect to a specific type of information – individuals’ PHI. The reasoning for examining context-specific privacy concerns is that prior research has found that different types of information elicit different privacy reactions from people, and PHI is particularly sensitive (Rohm and Milne 2004). Thus, improving our understanding of what factors lead to HIPC is important to the development of strategies to help organizations ease worries related to the use of PHI, such as EHRs, and assist individuals in better protecting their PHI.

2.2.1 Personal Characteristics: Gender, Age, and Health Status

Personal demographic characteristics, such as age and gender are commonly associated with privacy concerns (Ermakova et al. 2015; Li 2011; Rahim et al. 2013). In the health context, Laric et al. (Laric et al. 2009) found that older respondents in the U.S. and Canada expressed higher privacy concerns. Their study examined several distinct pieces of medical information (e.g., physicals, cancer, depression) and interpreted their finding of higher privacy concern among older adults (> 45 years of age) as being a result of more health issues as age increases. Kordzadeh et al. (Kordzadeh et al. 2016) found that age had a positive influence on concern among non-members of VHCs but was insignificant among existing members. In contrast to the Laric et al. (Laric et al. 2009) study, Kordzadeh et al. (Kordzadeh et al. 2016) found that younger individuals reported heightened privacy concerns when they were not members of a VHC and this finding was attributed to increased privacy literacy of the younger population and less concern about social stigma in older adults. Younger individuals (< 55 years of age) were also found to be more concerned about the privacy of the physician’s notes from their visits (Vodicka et al. 2013). In another study in the medical context, individuals aged 60 or over or between 18 and 19 had the highest privacy concerns, but individuals in the middle age bands had lower privacy concerns (King et al. 2012). Age has been positively correlated with privacy concern (in general or in contexts such as e-commerce) in prior studies (Chen et al. 2001; Janda and Fair 2004; Joinson et al. 2010; Smit et al. 2014). Privacy concern in these studies increased with the age of the respondents. Following the majority of studies, we posit that age will be positively related to HIPC.

• H1a: As an individual’s age increases, he or she will express increased HIPC.

Gender has also been associated with privacy concern in prior research. Vodicka et al. (Vodicka et al. 2013) found that women were more likely to be concerned about the privacy of physician’s notes from their medical visits. Women were also more concerned about the privacy of medical conditions or procedures that may be perceived as embarrassing (e.g., sexually transmitted diseases, eating disorders) in a study by Laric et al. (Laric et al. 2009). Outside of the health context, gender is frequently associated with privacy concern, with women typically demonstrating higher privacy concerns than men (Bartel Sheehan 1999; Chen et al. 2001; Fogel and Nehmad 2009; Hoy and Milne 2010; Janda and Fair 2004; Mohamed and Ahmad 2012; Youn 2009). For example, a study of Malaysian social network site (SNS) users found that females were more concerned for their information privacy than men (Mohamed and Ahmad 2012). Similarly, Fogel and Nehmad (Fogel and Nehmad 2009) found that women were more concerned with their privacy in a study of SNSs and Youn (Youn 2009) found that young women had higher online privacy concerns. Thus, we follow the preponderance of studies and propose that females will express higher levels of HIPC than males.

• H1b: Females express higher levels of HIPC than males.

It is reasonable to posit that individuals who are active users of health services will be more likely to express concern over the privacy of their PHI because they will have generated the most PHI, and the most active users are those who have medical conditions that require frequent treatment (Klein 2007). Therefore, a personal characteristic that is unique to the health context, which could influence HIPC is an individual’s health status. Health status reflects the seriousness of the individual’s health condition (Bansal et al. 2010). In a study exploring concerns of individuals who refused to have their psychiatric records transferred to an electronic format, apprehensions about the possible stigma of mental illness was higher in those that refused than those that did not (Flynn et al. 2003). Bansal et al. (Bansal et al. 2010) found that poor health status increased perceptions of health information sensitivity,³ which in turn increased health information privacy concern. These findings lend support to the effect of health status on privacy concern. Some results suggest there may be nuance in how health status impacts privacy concern. For example, in one study, individuals that answered that the privacy of their health information was not of great concern were healthy, but people with chronic illnesses and disabilities were found to be less concerned about their privacy of their health information than individuals without such conditions (Lafky and Horan 2011). Kordzadeh et al. (Kordzadeh et al. 2016) tested the effect of health status on privacy concern and did not find a significant relationship, rather finding it to affect expected personal and community outcomes from sharing PHI in VHCs. However, when affective commitment to the VHC was removed from their model, health status had a significant positive effect on PHI privacy concern (Kordzadeh et al. 2016). The impact of health status on privacy concern has not been as widely examined as the non-contextual personal characteristics (e.g., gender). However, there is some evidence that suggests individuals with poor health status will express increased HIPC.

• H1c: As an individual reports more serious health conditions (i.e., increased poor health status), he or she will express increased HIPC.

2.2.2 Perceptions: Trust, Risk, and Information Sensitivity

Trust and risk are commonly associated with privacy concern in the literature (Dinev et al. 2016; Dinev et al. 2006; Dinev and Hart 2006a; Pavlou et al. 2007; Xu et al. 2011). This paper focuses on privacy concern regarding a particular type of information – PHI. In the healthcare systems of many developed countries, an individual is entrusting the information generated from a medical visit to the healthcare providers and the technological systems they use to curate that information, which are built and maintained by technology vendors. Furthermore, the proliferation of wearables, m-health apps, and online health communities means that individuals may also be entrusting their health information to technology vendors that are not necessarily associated with a healthcare provider. For example, if a person uses the activity app with an Apple watch, he or she is entrusting Apple with some of their health information. Therefore, today’s healthcare environment necessitates that people gauge their level of trust in and risk of exposure with regard to both the health professionals who provide their care and the technology vendors that provide the technological solutions to help manage their health.

Xu et al. (Xu et al. 2011), citing Havlena and DeSarbo (Havlena and DeSarbo 1991) and Ganesan (Ganesan 1994), define risk as “the uncertainty resulting from the potential for a negative outcome and the possibility of another party’s opportunistic behavior that can result in losses for oneself.” Perceived privacy risk was found to have a positive impact on privacy concerns in a study examining users of different types of websites, including e-commerce, SNS, finance, and healthcare (Xu et al. 2011). The relationship between perceived risk and privacy concerns was found to be positive and significant in all the website contexts examined, including healthcare. Perceived vulnerability, which is considered a component of risk, has been found to increase privacy concern (Dinev and Hart 2004). Dinev and Hart (Dinev and Hart 2006a) found that individuals’ perceptions of Internet privacy risk led to increased Internet privacy concerns. Xu et al. (Xu et al. 2008) also found a positive relationship between risk and privacy concerns. Although some studies and models (including APCO) position risk as an outcome of privacy concern [e.g., (Li 2011; Malhotra et al. 2004)], Smith et al. (Smith et al. 2011) acknowledge that prior studies have “generally supported the positive impacts of privacy risk on privacy concerns” [116p. 1001]. Dinev et al. (Dinev et al. 2006) also found that perceived risk is positively associated with privacy concerns. Thus, following prior studies, we propose that if individuals believe that disclosing their health data to a specific party, be it a health professional or a health technology vendor, will result in negative outcomes, they will express higher HIPC.

• H2a: As risk perceptions associated with health professionals increase, an individual’s HIPC will increase.

• H2b: As risk perceptions associated with health technology vendors increase, an individual’s HIPC will increase.

Trust, which “deals with the belief that the trusted party will fulfill its commitments (Luhmann 1979; Rotter 1971) despite the trusted party’s dependence and vulnerability (Meyer and Goes 1988; Rousseau et al. 1998)” [(Gefen et al. 2003) , p. 54], is frequently associated with privacy concern. However, according to Smith et al. (Smith et al. 2011), trust has also been modeled as both an antecedent and outcome of privacy (Bansal et al. 2010; Bansal et al. 2016; Belanger et al. 2002; Dinev et al. 2016; Malhotra et al. 2004; Van Slyke et al. 2006). Trust has been found to reduce privacy concern in online exchange relationships (Pavlou et al. 2007) and to be an important driver of privacy concern in the financial services context (Tsarenko and Rooslani Tojib 2009). It has been suggested that trust can play a role in easing the privacy concerns of consumers (Caudill and Murphy 2000; Culnan and Bies 2003; Tsarenko and Rooslani Tojib 2009). Dinev et al. (Dinev et al. 2016) found that trust in EHRs had a negative effect on privacy concerns. They argued that if people trust healthcare professionals, they may also trust that professionals will want good EHR systems and will not want data to be used against patients. It has also been argued that trust in physicians and the impact of their professional status may reduce privacy concern in EHRs (Rahim et al. 2013). Therefore, we follow prior literature that finds trust has a negative impact on privacy concern and propose that trust in the entity (health provider or technology vendor) will reduce HIPC.

• H2c: As trust perceptions regarding health professionals increase, an individual’s HIPC will decrease.

• H2d: As trust perceptions regarding health technology vendors increase, an individual’s HIPC will decrease.

Dinev et al. [(Dinev et al. 2016) , p. 29] argue that “the highly sensitive nature of personal medical data adds even more to the uneasiness individuals feel about the violations and misuse.” One study found that people were more concerned about others obtaining just their name and address from their medical records (88% of respondents were very concerned) (Rohm and Milne 2004) and concluded that an individual’s medical history is more sensitive than other information direct marketers might collect. While they did not find the moderation to be significant, Anderson and Agarwal (Anderson and Agarwal 2011) argued that the perceived sensitivity of the information would affect the relationship between privacy concern and individuals’ willingness to provide access to PHI. It has been argued that revealing information that is deemed more sensitive makes individuals feel vulnerable because the possible risks of disclosure differ for different types of information (Metzger 2007). In fact, information sensitivity has been shown to increase the perception of privacy risk in the context of wearables (Li et al. 2016) and Dinev et al. (Dinev et al. 2013) found information sensitivity to be a predictor of perceived risk, which in turn was related to perceived privacy. Caine and Hanania (Caine and Hanania 2013) found that preferences for sharing data (i.e., what data and with whom) varied based on the perceived sensitivity of the EHR data. In the online purchasing context, the proposed relationship between information sensitivity and privacy concerns was not supported (Yang and Wang 2009). However, perceived information sensitivity of health information was found to have a positive impact on HIPC by Bansal and Davenport (Bansal and Davenport 2010). Therefore, following the logic of prior studies, we propose that increased perceptions of information sensitivity will lead to higher HIPC.

• H2e: As perceived information sensitivity increases, an individual’s HIPC will increase.

2.2.3 Experience: Prior Privacy Invasion and Media Coverage

Previous experience of privacy invasion can intensify individuals’ privacy concerns as individuals believe future invasions may occur and thus feel vulnerable. Smith et al. (Smith et al. 1996) suggested that previous experiences with regard to handling of personal information and exposure to media coverage, which they argued examined the individual’s knowledge of information collection and use, were plausible variables that could be used as antecedents to test the nomological validity of the CFIP. They found both to have a significant relationship with CFIP. Several studies examined the relationship between prior privacy invasion experience and privacy concern. Bansal et al. (Bansal et al. 2016) found that privacy invasion experience increased privacy concern, and while they had hypothesized that this relationship would be heightened in sensitive context, they found it to be consistently important across contexts including in health. Xu et al. (Xu et al. 2011) found that prior privacy invasion had a positive relationship with privacy concern among users of healthcare websites. Prior experience of privacy invasion was also found to increase privacy concerns in studies by Zviran (Zviran 2008), Ozdemir et al. (Ozdemir et al. 2017), and Okazaki et al. (Okazaki et al. 2009). Bansal et al. (Bansal et al. 2010) demonstrated that prior privacy invasion experiences increased privacy concern for health information specifically. Therefore, we expect that prior privacy invasion experience will lead to higher HIPC.

• H3a: As experience with health information privacy invasion increases, an individual’s HIPC will increase.

Privacy media coverage awareness can be described as individuals’ knowledge or exposure to news stories pertaining to privacy issues such as data collection, usage, breaches, and loss. Media coverage as an antecedent to privacy concerns was introduced in Smith et al. (Smith et al. 1996), in which media coverage was found to increase privacy concerns. While the importance of media coverage to people’s perceptions of privacy has been noted, it has not been consistently tested in privacy studies. Krasnova et al. (Krasnova et al., 2009, p. 46) noted in their study of privacy on online social networks (OSNs) that “urged on by extensive media coverage and often guided by distorted rumors, focus group participants feared the collection and misuse of their information by OSN providers.” Following the APCO macro model, Ozdemir et al. (Ozdemir et al. 2017) found that privacy awareness, which is a more general awareness from hearing about information mismanagement, was positively associated with privacy concern. Media coverage of compromises of health information is increasing due to the rise in security breaches. For example, a ransomware attack on a hospital in the U.S. made national and international news⁴ and a costly data breach of a large American medical insurer was widely covered by news outlets.⁵ Such well-publicized breaches of health data could increase individuals’ concern for their own health information. Thus, we follow the suggestion of prior research and expect that awareness of media coverage will increase HIPC.

• H3b: As exposure of health information privacy media coverage increases, an individual’s HIPC will increase.

2.3 Outcome of Health Information Privacy Concern: Intention to Use Electronic Health Records

To test the nomological validity of HIPC, we considered a factor that should be associated with the level of HIPC as an outcome variable. Specifically, we examine the outcome intention to use an EHR system. Individuals who have high HIPCs should be less likely to allow their health information to be included in an EHR. This means that identifying what drives high HIPCs could provide insight critical to easing the adoption of EHRs. EHR systems were not widespread in Ireland at the time of our data collection, but discussions of a national EHR system had already begun and thus adoption concerns are of interest (Leogue 2016; Lovett and Muoio 2018). Nomological validity “refers to the extent which prediction based on the construct being measured are confirmed within a wider theoretical context of network of constructs” [(Smith et al. 1996) , p. 185]. We consider a network of constructs that follows the APCO framework (Smith et al. 2011). Specifically, we examine a robust set of antecedents to HIPC, which is the focus of the study, as well as an outcome of HIPC.

Several studies have examined the effect of privacy concern on the opt-in behavioral intentions toward EHRs. For example, Angst and Agarwal (Angst and Agarwal 2009) found that privacy concerns are directly related to individuals’ intentions to opt-in to EHR systems. Specifically, as CFIP increased, individuals’ opt-in intentions decreased. Similar findings were obtained in a study by Dinev et al. (Dinev et al. 2016) that used the CFIP construct from Angst and Agarwal (Angst and Agarwal 2009) to show that increased privacy concern has a negative impact on attitudes toward EHRs. Angst and Agarwal (Angst and Agarwal 2009) used the CFIP of Smith et al. (Smith et al. 1996) to measure privacy concerns, whereas we adopt the IPC measure of Hong and Thong (Hong and Thong 2013) that builds on CFIP. CFIP was also found to be negatively associated with opt-in behavior toward EHR systems in Li and Slee (Li and Slee 2014). Privacy concern has also been found to indirectly influence, through perceived privacy risk, individuals’ intentions to use a personal health record system (Li et al. 2014). In their study, Li et al. (Li et al. 2014) used an abbreviated three item scale based on Malhotra et al. (Malhotra et al. 2004) to measure privacy concern. A similar three item scale was used by Bansal et al. (Bansal et al. 2010) to find that privacy concern decreases online health information disclosure. Notably, none of these studies used the IPC construct (Hong and Thong 2013) to measure health privacy concerns. However, the studies do provide support for a negative effect of increased HIPCs on the intention to use an EHR system. We thus follow prior literature to propose that as individuals’ HIPCs increase, they will be less likely to allow their information to be included in an EHR system were one to be introduced in Ireland.

• H4: As an individual’s HIPC increases, his or her intention to use an EHR system will decrease.

3 Methodology

The majority of extant literature within the IS discipline pursues a single method approach, leading to calls for mixed method studies as they offer the potential to answer confirmatory and exploratory research questions within one study, to develop stronger inferences, and to combine complementary or conflicting findings to better enhance understanding of the phenomenon being studied (Venkatesh et al. 2013). Privacy research also has a similar pattern with the majority of studies adopting quantitative methods of inquiry, a smaller number of qualitative studies [e.g., (Miltgen and Peyrat-Guillard 2014)], and a mere handful of mixed methods studies to date [e.g., (Crossler and Posey 2017)]. As noted earlier, this study adopts a mixed method approach to understand the formation of individuals’ HIPCs. As mixed methods studies are often critiqued for inadequate explanations of the research (Venkatesh et al. 2013), this study follows GRAMMS (Good Reporting of a Mixed Methods Study) and discusses the (1) study aims and justification for using mixed methods, (2) research design, and (3) data collection procedures (O’Cathain et al. 2008). The overall research design is outlined in Fig. 2. First, given the complexity of the health context and the situational nature of privacy coupled with the nascence of health privacy research, we argue that a mixed method approach is required to understand the formation of information privacy concerns in this context. The study aim aligns with the application of mixed methods to develop a multi-perspective understanding of how individuals’ HIPCs are shaped. Second, it is important to determine a research strategy to achieve the study’s aim and identify the sequencing of data collection methods, and the weighting of each method (Venkatesh et al. 2013). This study employs a three-stage sequential design, with each stage performed in sequence. Sequential approaches are particularly useful when data from each stage is required to inform the next stage of data collection as is the case in this study (Venkatesh et al. 2013). Weightings are depicted using uppercase for dominant components and lowercase for minor components (Teddlie and Tashakkori 2009). The stages of this study are described as: qual→QUAN→QUAL, with the first stage viewed as a preliminary study, and the latter two stages weighted equally. Third, the data collection procedures followed in each stage and the aim of each is determined (Creswell and Plano Clark 2007). The study combines exploratory and explanatory approaches discussed by Creswell and Plano Clark (Creswell and Plano Clark 2007), with the research design described as a sequential exploratory-explanatory. The first stage is exploratory leveraging in-depth interviews to test the research framework developed from the literature. The second and third stages are explanatory, with a quantitative survey used to test the relationships in the proposed framework, followed by interviews to develop in-depth explanations of these relationships.

Fig. 2

Research Design

3.1 Sampling Strategy

A purposive sampling strategy was pursued in all stages of data collection with samples derived from a set of criteria to identify and recruit participants (Kemper et al. 2003). The aim of the sampling criteria was to ensure that individuals who were likely to express varying levels of HIPC were included. We considered four criteria in determining our target sample. The criteria for the respondents were as follows: (1) age, (2) education, (3) health status, (4) technology experience. Thus, to capture varying levels of HIPC, our sample was purposefully constructed to include variation in age, education, health status, and technology experience. The sampling methods are discussed for each phase of the study in their respective sections.

3.2 Stage 1: Exploratory Interviews

Six exploratory interviews were conducted with Irish participants to test the relevance of the constructs discussed above and to identify any additional factors pertinent to HIPC. As the emphasis was on understanding participants’ perceptions on HIPC and their thoughts on what affected their HIPC, participants were afforded control in how they decided to discuss topics, with meandering answers encouraged (Bryman and Bell 2007). Interviews were conducted in a private room at a university and lasted between 45 and 60 min. Interviews were audiotaped and transcribed using pseudonyms to preserve anonymity. An interview guide based upon the constructs derived from the literature was used to gather the participants’ perceptions of the primary constructs; it is provided in Online Appendix A. Open-ended questions were employed to identify any additional factors that participants felt may impact HIPC. The transcriptions of the interviews were analyzed using framework analysis (Ritchie and Spencer 1994).

3.2.1 Analysis of Exploratory Interviews

The exploratory interviews allowed us to confirm the relevance of the antecedents to HIPC drawn from the literature and discussed above. Due to university ethics restrictions, we were unable to ask directly about health status or healthcare need in face-to-face interviews where anonymity could not be preserved. However, while we did not directly enquire about health status as part of the interviews, the open format allowed participants to discuss it if they chose. Because of the wealth of literature evidence for the personal demographic characteristics (age, gender) and to keep the interviews to a manageable length, we did not ask specific questions regarding these antecedents. The data shown in Table 1 illustrates that the participants did view the remaining constructs to be relevant.

Table 1 Qualitative Data

Notably, the interviews revealed two additional factors that were important to the participants with regard to the privacy of their health information: perceived ownership and legislation awareness. As shown in the bottom of Table 1, three of the participants interviewed discussed their perceptions of ownership (e.g., that health information belonged to them). They described how personal they perceive health information to be and expressed ownership over it. Information ownership is a key tenet of CPM where Petronio [(Petronio 2002) , p. 9] states that “CPM argues that because people consider private information something they own, and over which they desire control, they both reveal and conceal the information.” In a study of organizational ownership the argument is made that employees and organizations can both perceive ownership of information and knowledge and that one entitiy’s ownership does not negate the other’s (Jarvenpaa and Staples 2001), a sentiment that is echoed in the idea of co-ownership brought forward in CPM (Petronio 2002). Ownership and control are intertwined concepts (Jarvenpaa and Staples 2001; Petronio 2002; Xu et al. 2012), in that if an individual perceives ownership of information they expect to be able to control it. Research has shown that individuals develop a sense of ownership of their Facebook information and these ownership perceptions are important to how they valuate it (Spiekermann et al. 2012). Therefore, we propose that individuals with high perceived ownership of their health information will express increased HIPC.

• H2f: As perceived ownership of health information increases, an individual’s HIPC will increase.

Two interviewees also expressed the belief that existing data protection regulation would or should help protect their health data from misuse. Governmental regulation of privacy has been discussed in the literature, particularly the differences in approaches (sectoral versus omnibus). The Republic of Ireland as a part of the European Union follows their omnibus legislative directives (Bellman et al. 2004; Cate 1999). Studies examining governmental privacy regulation typically discuss the regulatory approaches or purposefully explore privacy considerations in countries that take different approaches (Bellman et al. 2004; Culnan and Bies 2003; Milberg et al. 1995; Milberg et al. 2000; Miltgen and Peyrat-Guillard 2014). For example, Milberg et al. (Milberg et al. 1995) found that privacy concerns were lowest in countries at either extreme end of the regulatory spectrum (i.e., no regulation or high regulation). Privacy concerns have been demonstrated to impact the preferred regulatory approach (Milberg et al. 2000) and regulatory expectations have been found to have a positive effect on perceived risk (Dinev et al. 2013). The availability of governmental regulation was negatively related to privacy concerns in a location-based services context (Xu et al. 2012). Miltgen and Smith (Miltgen and Smith 2015), using a sample from the U.K., found that knowledge of regulation had a significant positive influence on perceptions of protections afforded by privacy regulation, which in turn had a negative impact on privacy risk concerns. They argued that “individuals may ultimately feel a reduced need to engage in their own protection behavior–which can thwart some commercial initiatives–if they become convinced that their countries’ regulatory systems protect them” [(Miltgen and Smith 2015) , p. 753]. In the exploratory interviews, interviewees discussed a hope that there was legislation to protect their privacy. Thus, we focus on awareness of existing legislation, defined as an individual’s “knowledge of the regulatory elements related to information privacy” [(Correia and Compeau 2017) , p. 4024] and propose that awareness of legislation will have a negative effect on HIPC.

• H2g: As awareness of privacy legislation increases, an individual’s HIPC will decrease.

As a result of our exploratory qualitative analysis, two constructs were added to our model – information ownership (H2f) and legislation awareness (H2g). The model of antecedents to HIPC derived from the literature and our exploratory qualitative interviews is shown in Fig. 3. With our theoretical model developed and the exploratory qualitative analysis largely confirming our approach, we proceed to the second phase of our analysis and examine the quantitative findings.

Fig. 3

APCO Model of Health Information Privacy Concern

3.3 Stage 2: Quantitative Analysis

The proposed model was tested using a survey with respondents from the Republic of Ireland. Healthcare in Ireland is largely public. Ireland lags behind other countries in terms of health ICT implementation (Lovett and Muoio 2018). Ethical approval was received prior to data collection.

3.3.1 Pilot Testing

The survey was developed by adapting validated measures where possible. The scales, along with the means and standard deviations from our testing, are provided in Online Appendix B. In order to reduce the potential negative effects of common method bias (CMB), procedural remedies recommended by MacKenzie et al. (MacKenzie et al. 2011) were applied during questionnaire design including psychologically separating endogenous and exogenous variables, offering descriptions of new terms and technologies, ensuring all items were unambiguous, notifying respondents that no answer was right or wrong, varying scale anchors, and guaranteeing anonymity and personal details volunteered would only be used to schedule interviews.

To further validate the instrument, the questionnaire was pilot tested on several groups of individuals (Johnson and Turner 2003). First, the questionnaire was pilot tested on several academics from the IS and health disciplines in the U.S. and Ireland. These experts provided advice on rewording of items and clarification of descriptions. The questionnaire was then pilot tested among a convenience sample of 10 Irish respondents. These individuals provided feedback on unclear questions. The 7-point scales caused confusion among older respondents, so, all scales were reduced to 5-point scales. The updated questionnaire was again reviewed by academics and amended until deemed satisfactory.

An email invitation was sent to several groups in Ireland including university students (undergraduate and postgraduate), staff, alumni, members of community health and IT-based initiatives, and individuals working in various industries. Across these various groups, approximately 945 invitations were sent. A total of 302 participants commenced the survey, representing a response rate of 31.96%. Data cleaning procedures began with the removal of incomplete responses (n = 44), resulting in completion rate of 85.4% for the survey. In line with best practice (Hair et al. 2010), the aim was to retain all cases unless evidence suggests the case is aberrant. To remove aberrant responses, we first sought to eliminate potentially meaningless data by examining the completion time of each response. The relative speed index approach was followed based on Leiner (Leiner 2019) and using a threshold of 1.75. Therefore, any responses with a survey completion time 1.75 faster than the median completion time were removed, resulting in the deletion of 13 responses. Second, the remaining responses were manually reviewed to identify unengaged responses, which may also represent aberrant cases. Based on Gaskin (Gaskin 2012), two responses were identified as unengaged because they had low standard deviations (below 1.0) in their responses across all variables. After data cleaning, a total of 243 complete responses were used in the analysis. Demographic characteristics of the sample are provided in Table 2.

Table 2 Demographic information (n = 243)

3.4 Quantitative Analysis and Results

We analyzed our model in SmartPLS version 3.2.9 (Hair et al. 2017). Partial least squares (PLS) regression is commonly used in IS studies of behavioral phenomenon [e.g., (James et al. 2017a; Lowry et al. 2016)]. PLS allows complex models to be tested and is appropriate for theory development and exploratory causal modeling (Chin et al. 2003; Fornell and Larcker 1981; Hair et al. 2011; Lowry and Gaskin 2014; Peng and Lai 2012). We followed accepted practice to analyze our model using PLS (Chin et al. 2003; Gefen and Straub 2005; Lowry and Gaskin 2014). This included conducting the prerequisite tests to confirm discriminant and convergent validity, as well as to establish the reliability of our scales. We also checked for multicollinearity and common method bias issues. Details of all the pre-analysis testing are provided in Online Appendix B. The outcome of the testing suggests that our model meets the rigorous validation standards required for PLS-based analysis (Cenfetelli and Bassellier 2009; Diamantopoulos and Siguaw 2006; Lowry and Gaskin 2014; Peng and Lai 2012; Petter et al. 2007). The third-order HIPC construct is formative (Petter et al. 2007) and thus we used the repeated indicator approach to handle it in PLS (Lowry and Gaskin 2014); details of this approach are provided in Online Appendix B. The structural model results are summarized in Table 3 and Fig. 4.

Table 3 Results for Test Hypotheses and Control Variables

Fig. 4

Summary of Full Model Results

3.5 Stage 3: Qualitative Interviews

The last question in the survey of Stage 2 asked respondents if they were willing to participate in an interview. Interested individuals were asked to provide contact details. In line with purposive sampling, all individuals were reviewed and a number of individuals representing different age groups were invited to participate in an interview. A total of 25 interviews were conducted. To preserve anonymity, the characteristics of the sample are outlined (O'Cathain et al. 2014). Interviewees included males (n = 10) and females (n = 15), represented various age groups; 18–19, (n = 1), 20–24 (n = 1), 25–29 (n = 4), 30–34 (n = 3), 35–39 (n = 2), 40–44 (n = 2), 50–54 (n = 3), 55–59 (n = 2), 60–64 (n = 3), 65–69 (n = 3), 70+ (n = 1). Interviewees also had differing educational backgrounds; some had completed or partially completed high school (n = 9), some had partially completed or fully completed an undergraduate degree (n = 7), and the remainder had completed a postgraduate course (n = 9). Interviewees were students (n = 4), retirees (n = 5), and employees in industries such as finance (n = 3), technology (n = 3), health (n = 2), retail (n = 3), and education (n = 2).

Interviews followed an interview guide (see Online Appendix A), which included the primary constructs examined in the survey. Each topic was represented by introductory, follow-up, probing, and specifying questions covering various phenomena from beliefs, to behavior, and relationships (Kvale 1996). The data were analyzed based on the framework analysis process (Ritchie and Spencer 1994), a deductive analysis method which has previously been applied in the IS discipline [e.g., (Alavi et al. 2005)]. It is particularly useful when themes (i.e., constructs) have been identified prior to analysis as was the case in this study (Ritchie and Spencer 1994). Details of the framework analysis procedure are provided in Online Appendix A. As it was not possible to develop questions to represent demographic characteristics such as age, gender, and health status, the data analysis in Stage 3 sought to elucidate any differences based on these characteristics across each construct. We review the key findings from the qualitative data in the next section.

3.5.1 Qualitative Findings

Risk: Health Professionals and Technology Vendors

Interviewees’ perceptions of the risks associated with data disclosure to health professionals and technology vendors were explored. Interviewees’ perceptions of risk can be divided into three broad views. Interviewees expressing the first view believed there was a higher risk to their data in the hands of technology vendors. This was the most common view (n = 11). The reasoning expressed by these interviewees can be largely tied back to their perceptions of how each party would use the data, with several interviewees (n = 5) stating that health professionals would use the data solely for the patient’s benefit, whereas they believed that technology companies would use data for their own commercial goals. The primary risks expressed by these individuals included the sale of data to third parties, excessive sharing of data, and other misuses.

“I think they would misuse it more, I can’t really see how the hospital would be maleficent with their use. A technology company, they’d sell it, and you’d start getting pamphlets for mindfulness classes. I think people would know everything about you then.” -P22, Female, Admin.

A small number of interviewees (n = 4) adopted the second view believing the risk of loss was higher with health professionals, as they were less competent with regard to knowing how to protect data. These interviewees noted that health professionals did not have the same level of technical expertise and thus were unintentionally vulnerable to exploits. It is important to note that these interviewees felt the risk of non-malicious security events was high, but malicious misuse was not likely.

“Looking at my own GP surgery, it’s possible they could lose it or make errors because I’m not sure that anybody is clued into I.T. I don’t think there’s much chance of them deliberately misusing it, incompetence is a possibility.” -P21, Male, Finance.

The final view was that risk existed in both situations, but this risk differed in terms of the audience and type of risk. These interviewees (n = 7) noted that risk is omnipresent due to the permanency of digital data and the potential for any server to be hacked. However, they felt the risks in the healthcare setting were more localized and included instances of a receptionist viewing a file, whereas with technology vendors, the risks were potentially larger.

“The loss is a different audience. In the healthcare setting, the audience is smaller, your information might get back to you or a neighbor. In terms of technology companies, its more dangerous that our health information could be at risk because the amount of it. If thousands use an app and thousands are hacked there’s huge consequences.” –P5, Female, Admin.

There were some interesting patterns based on age. First, all participants expressing the third view were aged between 21 and 35. Another interesting insight relates to the potential of malicious uses, with the 5 interviewees who felt technology companies would use data for commercial gain were all aged 55 and above. These interviewees explicitly stated they felt health professionals would only use data to treat patients. This view may in fact be inaccurate, but it is interesting to note the strong mistrust in technology companies, among this cohort. In addition to the three broad views, some interviewees (n = 3) did not perceive high risks in either context, and assumed their data was safe from misuse or malicious access. These interviewees were all aged 60 and over and female.

When individuals perceived there was a high risk that disclosing their data would result in a negative outcome, they expressed high concerns regarding possible unauthorized secondary use. Many interviewees (n = 15) assumed health professionals would seek consent prior to secondary usage, while the common view was that technology vendors (n = 16) would use data without permission. Some interviewees also highlighted that they would not be happy with their data being used for other purposes (n = 6). When risk perceptions were high, individuals expressed high concerns regarding improper access to their health information. This included physical risks such as access by employees (e.g., receptionists), loss of data, and loss of digital devices. Some interviewees (n = 8) were concerned about unauthorized access to data stored by both health professionals and technology vendors from external entities such as hackers. In addition, several interviewees (n = 6) discussed their fears surrounding access by third parties such as insurance companies. Finally, perceptions of risk also led to discussions around interviewees’ concerns that they lack control over their data. A number of interviewees with high perceptions of risk (n = 11) felt they lacked control over how their health information may be used by technology vendors. However, some interviewees (n = 3) assumed their data was safe. This blind assumption does not equate to a lack of desire for privacy but merely a lack of comprehension of the risks.

Trust: Health Professionals and Technology Vendors

Interviewees’ general perception of trust and trust beliefs (competence, benevolence, integrity) (McKnight et al. 2002) related to health professionals and technology vendors were explored. In terms of overall trust, the large majority of interviewees expressed high trust in health professionals (n = 21). The reasons for trusting health professionals included strong long-term relationships, the importance of trust in doctor-patient relationships, positive experience to date, and no reason “not to trust.” A small number of interviewees (n = 4) expressed low trust in health professionals due to negative experiences with different health professionals or frustration with the health system.

“I have strong trust across the board (of health professionals), I’ve no reason not to, I’ve never had a bad experience and for my family the same, we’d be trusting of the profession. There’s a history there, there’s somebody who can say I see last year you had this, so that’s a trust you genuinely feel that somebody cares. It is a caring, engaging relationship.” – P23 Female, Admin.

In contrast, the majority of interviewees (n = 19) expressed low trust in technology vendors. Reasons for this included the commercial motivations of technology vendors and the view that they did not “need” health data.

“Commercial goals underlie technology companies. Their purpose is to make money. If they branch into health technologies, there is a strategy and a strong revenue model. It’s not a strategy I’m interested in helping them realise. I understand the motivations, but when it comes to health you have to remember the human this data relates to. It’s more than a means of using this information to make money.” – P20, Female, Retail.

In this study, competence relates to the interviewee’s perceptions of the ability of health professionals and technology vendors to deliver accurate health advice and treatment. Many interviewees (n = 17) expressed high trust in health professionals’ competence to deliver care based on their professional qualifications and extensive professional knowledge. Views of competence were also based on experience with health professionals, with positive experiences leading to high perceptions of competence, and negative experiences associated with low perceptions of competence. For instance, two interviewees experienced ongoing negative experiences with their healthcare providers, which diminished their perceptions of the competence of all health professionals and their overall trust. Competence of technology vendors was discussed by 11 interviewees and was generally negative. For example, one interviewee noted that due to the prevalence of “strange diagnoses” and the unmoderated nature of the Internet, she does not trust the validity of information online or in mHealth solutions.

“I had a pregnancy app with a forum and people would say that’s a serious symptom. I wouldn’t trust the validity of the information, it can cause terror. I still would go on the app and see how my baby is developing but I wouldn’t trust their answers.” – P8, Female, Technology.

Integrity refers to individuals’ perceptions of the ethics of health professionals and technology vendors. The majority of interviewees (n = 17) believed that technology vendors had little integrity and health professionals had high integrity (n = 23). These differing views were generally consistent, even those with low overall trust in health professionals believed they would uphold ethics. Interviewees cited the Hippocratic Oath and assumptions of confidentiality and ethics, to explain their assumptions of integrity. In contrast, many interviewees did not believe technology vendors would uphold high ethical standards due to the commercial aims of these companies, and the view that they only seek health data for monetary reasons, whereas health professionals require this information to administer treatment.

“To me, big companies, no principles, no nationality, there’s no faithfulness, they’re just there to make money, and that is the bottom line. I would be short on trust as to what they would do with that information. I wouldn’t give it to them.” – P15, Retiree, Ireland

A small number of interviewees (n = 4) trusted the integrity of technology companies. These interviewees were all aged 55 and over, were relatively inexperienced with technology and assumed that technology companies would only use their data fairly. For example, one interviewee assumed that the technology company “would follow some statement or ethos” to protect their health information (P13, Female, Health). Interviewees that had no experience with providing their health data to companies had no negative experiences, and thus may be less able to imagine potential risks.

Benevolence relates to individuals’ perceptions that health professionals and technology vendors will act in their best interests when handling their data. Again, the majority of individuals (n = 20) felt that health professionals were benevolent in their actions, but many believed technology vendors (n = 18) were not. The reasons for these views again relate to confidentiality assumptions, legal requirements, and trust that health professionals possess the personal characteristics required to value their health data.

“Default wise I have a good level of trust in a doctor, I trust their ability to treat me, they would have to do something blatantly wrong to make me question them. They’re qualified, and they’ve chosen that line of work. I trust their intentions with my information and care. I don’t think they would enter that line of work without care for people. They’ve taken that job and part of that is confidentiality, so I assume they are that kind of person.” - P6, Male, Finance.

With regard to technology vendors, the dominant reason for low trust related to the commercial aims of these companies. For instance, in the quote below, the interviewee notes that technology companies serve to meet the interests of their shareholders.

“I don’t trust them at all. Why they should be acting in my best interests, they should be acting in their shareholders’ best interests. I wouldn’t trust them with my health data and wouldn’t give them it.” –P21, Male, Finance.

The reasons behind interviewees’ high trust in health professionals varied somewhat across genders. Male interviewees’ reasoning was often based on the qualification or legal requirements of health professionals, whereas female interviewees’ perceptions were derived largely from their positive experience and relationships to date. In terms of age, interviewees under the age of 50 expressed low trust in technology vendors due to perceived commercial motives. Many older interviewees’ perceptions were based on a lack of experience with information technology, some of whom (n = 4) expressed assumptions of trust as a result, while for others this inexperience was associated with a complete lack of trust in technology vendors (n = 3).

Information Sensitivity

The majority of interviewees (n = 23) viewed health information as sensitive, often describing it as personal and unique to them as a person. However, two interviewees felt that little health data existed about them and were unconcerned about who could access their health data because they had “nothing to hide” (P1, Female, Retiree). Several interviewees (n = 6) described health information as more sensitive than other types of data or stated that they wanted to protect this information the most irrespective of their general disposition to value privacy in other contexts.

“Health information is very personal. I think that’s the information we want to protect most.” - P3, Male, Technology.

“Your health relates to you as a person, it’s very personal and you wouldn’t want anyone to know it. Other information I really wouldn’t be too bothered if people knew.” - P4, Female, Retail.

In addition, several interviewees (n = 5) described their health data as highly sensitive due to the fact it could have negative repercussions on their lives if misused. They believed that their health information could be misused by insurance companies and employers. Interviewees (n = 13) also discussed fears that individuals such as employers, friends, or family could misinterpret their health information making statements such as “It leaves you very vulnerable to decisions other people make about you, it’s highly sensitive” (P21, Male, Finance). Many interviewees viewed certain types of health information as more sensitive than others. Mental health, eating disorders, reproductive or fertility data, sexual health, addiction, and domestic abuse were mentioned by a number of interviewees (n = 9) as being viewed as particularly sensitive (n = 3). Many interviewees (n = 9) who described themselves as “healthy” discussed circumstances when they would be concerned for their health privacy such as if they had certain health conditions like chronic illness or mental health issues or when they start to have children or as they get older because the incidence of chronic illness tends to increase with age.

“I wouldn’t want my weight shared with many people, if any. When I was pregnant, because I have had problems with eating before I didn’t want to know my weight, I spoke to my doctors and said I didn’t want it in my chart. For me that’s particularly sensitive and I wouldn’t want it shared with anyone.” –P8, Female, Technology.

Perceived Ownership

Interviewees expressed three broad views of ownership. First, many interviewees (n = 12) believed they owned their health data. These interviewees made statements such as “it’s mine,” and “I own it.” Interviewees adopting the personal ownership view described health information as personal, sensitive, and unique to them as an individual. Second, some interviewees (n = 8) described a dual ownership, shared between them and their health provider. The weighting of this shared ownership varied slightly across interviewees. Several believed (n = 6) they had a greater right to ownership, and health professionals were custodians of data who could only use it for the patient’s benefit. Others (n = 2) believed health professionals were co-creators of the data and thus co-owners. Third, a small number of interviewees (n = 5) expressed the view that their health data belonged to the health professional or professionals who created the data but felt they should own the information.

View 1 (Personal Ownership): Me. Just me. Because it’s my health. –P21, Male, Finance.

View 2 (Shared Ownership): You have the most ownership but the health system has a degree of ownership, they’re contributing to it. You would deserve it more than the health system. –-P22, Female, Admin.

View 3 (Lack of Ownership): I would like to think I did but, if I’m being realistic at the moment I would it would be between GPs and hospitals, that own it. -P14, Female, Retired.

Interviewees who expressed the first view expressed a high desire for privacy and were highly concerned about unauthorized secondary use, improper access, and control. Many of these interviewees (n = 6) were older and possibly unaware of how health data could travel. Thus, they not only desired ownership of their health data, they assumed they had such ownership. In contrast, two interviewees aged under 30 acknowledged that they may not have full ownership, but they felt health data belonged to them and they should have the ability to exercise control over it. Among the interviewees expressing the second view, many (n = 5) also expressed a desire for privacy. These interviewees were typically younger and mostly male (n = 4) and felt health professionals co-created the data but largely served a custodial role with a responsibility to protect their health data. Individuals expressing the third view were highly concerned about their lack of control over their health data and current lack of ownership.

Media Coverage Awareness

The majority of interviewees (n = 23) had a broad awareness of privacy media coverage (e.g., stories of data breaches). In terms of awareness of privacy media coverage regarding health data, interviewees can be divided in to three groups. Several interviewees lacked awareness (n = 9), some had an awareness that health information may be misused and believed that insurance companies and other third parties engage in “dodgy practices” to access health data (n = 9), and a number (n = 7) recalled specific instances of data breach or misuse. Interviewees with little to no media coverage awareness were aged 55+. Discussions by the interviewees that had encountered health data misuse in the media centered around general data breaches. However, awareness of the potential loss of data was enough to trigger concern for one’s own information as highlighted below.

“They (technology companies) take in personal information and it is very secure, and they take this oath that they won’t pass on any information, but it has been passed because they’ve been broken in to and stuff has been robbed. It makes me more scared for my own information and I hate it.” -P18, Female, Retired.

Among interviewees in the other two groups, there were clear links between interviewees’ awareness of privacy media coverage and their HIPC. First, when interviewees recalled specific stories in which they had a high degree of familiarity with the “injured party,” they expressed strong concerns for their own privacy, and discussed their fears of falling victim to a similar event themselves and the privacy-protective behaviors they engage in to protect their privacy. Second, when interviewees recalled specific instances of a health data breach, they also engaged in reflection on their own vulnerability. In the quote below, the interviewee recalls an incident where X-rays were shared worldwide. She reflects on her own health data and expresses her desire for privacy.

I saw X-ray images of someone who got a coffee jar stuck somewhere unfortunate, those films were shared worldwide isn’t that scary? Quite horrific, imagine that was you. I certainly wouldn’t want my labour story shared with the world. I wouldn’t want my son’s information going anywhere. –P8, Female, Technology.

Lastly, interviewees with broad awareness of health data breaches but little knowledge of the extent of such breaches, expressed their frustration with such occurrences but did not reflect on their own vulnerability. For example, one interviewee recalled hearing of breaches and expressed her frustration that health information was vulnerable to such events.

Privacy Invasion Experience

The large majority of interviewees (n = 23) discussed experiences in which they felt their personal information was misused. A smaller number of interviewees (n = 7) also recalled occasions where their health data privacy was invaded. These experiences included receiving communications from unfamiliar health organizations and unnecessary access to health data. Interviewees’ general awareness of the frequency of privacy invasions and their expectations around such invasions were important. Interviewees’ level of surprise varied, some were extremely shocked, while others expected such things to happen. Interestingly, individuals who expressed surprise did not differ in age. However, for younger interviewees, this surprise was short lived and was only upon the initial realization that their data could be used in such a way and included examples around excessive targeted advertising. They then accepted that this could happen or came to expect it would happen again. For older interviewees, this surprise was followed by heightened concern for privacy.

Interviewees’ experiences of privacy invasion also ranged in perceived severity. For example, some interviewees (n = 4), while irritated or initially surprised by targeted advertising dismissed its severity. Other interviewees (n = 6) expressed strong negative views against targeted advertising and viewed it as a severe invasion. These individuals reflected on how targeted advertising practices influenced their privacy and reacted either passively or proactively. Passive reactions included expressing a desire to browse free from advertising and believing online companies should respect their privacy. Proactive reactions included engaging in behaviors to protect one’s privacy such as complaining to the organization. While reactions differed, when interviewees viewed the privacy invasion as severe, they considered their personal privacy, felt a lack of control, conveyed their desire for greater privacy, and engaged in actions which they believed gave them some control. For example, the interviewee below sought more information to increase his awareness and exercise control over his data.

“It’s the things that you don’t know that worry you. I got a letter a company saying they were doing research retinopathy and wanted to take some photographs of my eyes. So, the first question I ask is how did you get this information? They say we got it from your doctor. I was interested in what these people were going to do, and I said you’re examining me and you’re getting information, what’s going to happen, I didn’t want them researching me just for their benefit. I realized they are funded by people who sell products to diabetics, which makes me believe that there’s a certain commercial aspect to it that I wouldn’t be cooperative on.” -P2, Male, Retired.

When discussing privacy invasions, the sensitive nature of health data was evident. Several interviewees (n = 4) explicitly expressed the belief that health information should not be used for targeted advertising. These interviewees were all younger females (aged under 30) and felt health data was too personal for such uses.

“If you google something and then Facebook or Google is reminding you to take your contraceptive pill. I think it’s worse if they do it with your health data because that’s so personal they shouldn’t be using that to target advertising.” -P5, Female, Admin.

Legislation Awareness

The majority of interviewees (n = 18) were aware that there was legislation in place governing the use of personal data, but few described themselves as knowledgeable (n = 3). In addition, many interviewees (n = 15) assumed that existing data protection regulation would protect their health data from misuse. However, again, the majority of these interviewees lacked knowledge on the effectiveness and indeed the limitations of data protection legislation and instead this general awareness that legislation did or should exist acted as a technique for discounting the risk of disclosing health data. In fact, many interviewees (n = 11) expressed the belief, or indeed the hope, that regulation would keep their health data private. A small number of interviewees (n = 6) were less optimistic about the potential of existing legislation to protect their data. Some of these interviewees were concerned about the likelihood of technology companies complying with legislation (n = 5), while one felt health professionals were less informed of regulation. This again highlights the difference in views regarding health professionals and technology vendors.

The hospital uses the information only for the patient’s benefit. They know what they’re allowed do and what their obligations are. For technology companies, they’re not offering healthcare advice so do they even need to comply with legislation? I think there’s a good chance they’ll misuse it more. They already sell stuff about us online. –P22, Female, Admin.

If interviewees felt protected by existing regulation, irrespective of the depth of their knowledge of this legislation, they expressed lower HIPC because they felt the legislation represented a protection for their data. These interviewees tended to be older than 55 (n = 8). Other interviewees felt that the legislation did not prevent unauthorized secondary use as evidenced in the above quote. Lastly, a small number of interviewees (n = 4) with vague awareness of existing legislation, called for stringent legal frameworks to protect personal data. These interviewees discussed the need for regulation to govern the use of health data and felt that legislation could be a solution to overcome concerns around improper access and unauthorized use of health data.

I hope that there would be quite stringent laws, and I would hope that they would be laws rather than ethics about how that could be used in terms of insurance premiums and marketing and third-party usage. -P24, Female, Education.

HIPC: In the original IPC, Hong and Thong (Hong and Thong 2013) aggregated the six dimensions obtained by combining the CFIP and the IUIPC into a third-order construct. In this section, we briefly outline each dimension of HIPC (i.e., our contextualized IPC) and discuss the connections with the antecedents. The collection dimension relates to individuals’ concerns regarding the collection and electronic storage of health data. For many interviewees (n = 14), collection did not represent a dominant concern, due to the relevance of this data to health professionals and the fact they felt they had not disclosed health data to technology vendors. Trust was mentioned by several interviewees (n = 7) of different ages and genders. These interviewees highlighted that their trust in health professionals reduced any concerns related to collection, but with technology companies, that trust was absent.

“It’s important that they (health professionals) actually have that information on hand to treat you. With your doctor you have a special rapport you know you put your trust in them, whereas a technology company I wouldn’t trust as much.” -P10, Male, Student.

Unauthorized secondary use relates to concerns that health data collected for one purpose may be used for subsequent purposes without the individual’s permission. A number of interviewees (n = 6) did not believe unauthorized secondary use was an issue with health professionals, as they “assumed” their data was only used to treat them. However, many interviewees (n = 15) were concerned about potential unauthorized secondary use and the repercussions of such uses. When discussing unauthorized secondary use, there was a clear link between privacy invasion experience, with interviewees who had experienced a past invasion noting that these instances made them worry if their doctor was “feeding information about my health to some health company, unbeknownst to me” (P2, Male, Retired) and led to questions over who their data was shared with. It is important to note that some sharing of data for additional purposes may represent a legitimate use, however if individuals are surprised by this data sharing, it can heighten their concerns around unauthorized secondary use. For example, one interviewee discussed her feelings of invasion when she received a letter regarding bowel screening, which is a national program in Ireland for citizens of a certain age. However, she was not aware of this program and felt worried regarding the sharing of her data. Several interviewees (n = 12) discussed the risks around excessive use, predominately by technology vendors.

“Small apps could be created by someone that probably wouldn’t have an obligation to secure that data and if he’s offered money to share information he probably would sell it. Like what’s his obligation? I often think my phone is safe because I have my passcode, but I think that perception of physical safety then makes me underestimate the potential uses of the data I already have disclosed. Even Fitness Pal, what’s to stop them selling it or using it?” -P8, Female, Technology.

Improper access refers to concerns regarding inappropriate access to health data. Many interviewees were worried about potential access either by individuals or malicious outsiders (n = 11). Perceptions of sensitivity related to concerns around improper access for a number of interviewees (n = 5). As illustrated below, the personal nature of health data can heighten concerns regarding access.

“Sometimes it does not bare thinking about because that information is more personal to me than any other information so when I think about it I get very concerned and worry who can access my information I feel it should be just stored in the doctor’s office.” -P4, Female, Retail.

The errors dimension relates to concerns that organizations do not have the measures in place to prevent or identify errors in data. For several interviewees (n = 10), errors did not represent a primary concern. However, many interviewees (n = 13) discussed the potential risk of errors in health data. A small number of interviewees (n = 3) discussed errors in relation to trust beliefs, and specifically competence of health professionals.

“They still make mistakes you know because someone writes it down and everyone else believes it. They should be checking each time, each individual and writing down what they see.” -P19, Female, Retired.

Control relates to concerns that individuals do not have the ability to control how their health data is used. This represented a primary concern for many interviewees (n = 20) across age groups and genders, who felt they currently lacked control or desired greater control over who could access their health data and how it was used. Concerns around control were exacerbated for some of the interviewees who had experienced privacy invasions previously (n = 4) as evidenced in the quote below.

“I’m not sure you know after getting this letter, as to who has the information, or what they need it for.” -P12, Female, Retired.

Among the small number of interviewees who were not concerned regarding control, two interviewees explained trust in their doctor as the reason for their feelings of control with one stating:

“I’ve some control over how my data is used. It’s based mainly on trusting my doctor.” -P21, Male, Finance.

The final dimension of awareness refers to concerns that individuals are not aware of how their data is used or protected. Awareness represented a primary concern for the large majority of interviewees (n = 22), who expressed both a lack of awareness and a desire to be more informed. A number of interviewees (n = 7), noted that in addition to greater awareness of how their data is used and protected, they would like to be informed regarding how existing legislation mandates the protection of their health data. This shows the link between legislation awareness and HIPC.

“I feel quite unaware of how my health information is used, it should definitely be regulated like clinics storing information should be audited to make sure the information is encrypted and backed up. I’d like that to happen and I’d like to be informed about it.” -P3, Male, Technology.

4 Discussion

Our mixed method approach provides useful insight into the formation of HIPC. Our results regarding personal characteristics yielded some confirmation of the prior findings in other contexts, as well as some surprises. As expected, older individuals expressed higher HIPCs. As individuals age, they tend to have more health issues and increase their use of healthcare services, which means they generate more health data. An explanation for this finding is that older individuals have more health data to protect and therefore have higher HIPCs. Contrary to our expectations, men expressed higher HIPCs than women. One possible explanation for this result comes from our qualitative findings; some of the women described relational trust in their healthcare providers. It is possible that men perceive healthcare service encounters similar to other business transactions. In other words, men may be skeptical that healthcare service providers will protect their data any better than any other service provider, whereas women may be more apt to believe that healthcare providers care about them personally and to feel that they have built relationships that will result in healthcare service providers looking out for them. We also found, as expected, that poor health status is associated with high HIPCs. This suggests that people who have medical problems likely generate more health data which drives concerns over its privacy.

The more risk individuals associated with providing PHI to health professionals, the higher their HIPCs. One area of concern that emerged from the qualitative results was that people may view healthcare professionals as trustworthy and competent with regard to medicine but were not always willing to assign them multiple areas of expertise. Although people felt the medical professionals could competently handle their medical issues, they were less certain that they possessed the technical expertise to adequately protect health data. Respondents did consider providing health information to technology vendors to be risky and these technology vendors would be the information system experts. However, there was no significant relationship between the risk associated with technology vendors and HIPC. One implication of this finding might be that the health service provider is perceived to assume the risk. People do not necessarily think the healthcare providers will maliciously endanger their data, but they are the ones collecting and using the data and thus the risk of accidental data breaches lies with those using the systems rather than those creating them.

While our qualitative findings indicate that individuals place a lot of trust in their healthcare providers and believe that they competent, benevolent, and have integrity, our quantitative results did not reveal a significant relationship between trust in the healthcare provider and HIPC. Notably, increased trust in technology vendors was associated with lower HIPCs. Moreover, the qualitative results indicate that individuals hold negative views of technology vendors and believe them to be profit-seeking and beholden to their shareholders. These results indicate that it is important to build trust between the technology vendors that create and manage healthcare systems and the patients whose data is stored in them. If patients believe that technology vendors can be entrusted with health data, HIPCs could be reduced and the implementation of EHR systems may be smoother. In the reverse of the logic for risk, while the healthcare service providers use, and thus could erroneously use, the information systems, it is the technology vendors that are ultimately responsible for their design and functionality. Therefore, even if individuals trust the healthcare professionals, they may not want their data input into systems that might be managed by technology vendors they do not trust. Working to build trust in the technology vendors may be key to countries, like Ireland, who are hoping to convince their public to accept EHR systems.

Perceptions of information sensitivity and information ownership were also important factors shaping HIPC. The more sensitive individuals perceived PHI to be, the higher their HIPCs. The qualitative findings revealed that data regarding some medical conditions is regarded as very sensitive (e.g., addiction, fertility, sexual health) and that people may fear repercussions if others (e.g., employers, friends) are privy to their PHI. The results suggest that companies working with sensitive health data need to make an effort to assuage individuals’ concerns regarding its use in order to implement information systems that will store and use the data. Similarly, the more ownership individuals perceived over their PHI, the higher their HIPCs. What was striking about the qualitative findings regarding perceptions of ownership was that some individuals felt that they were the owners of their PHI, while others felt that they shared ownership with the health professionals because they were co-creators of the data, and yet others felt that the health professionals owned the data. In the latter case, the lack of ownership was begrudgingly acknowledged but not what the individuals wanted. Many of the individuals in the qualitative study regarded health information as highly sensitive and extremely personal. They felt that the information should be theirs, even though they admitted that the healthcare providers needed the information to treat them and therefore at least co-owned that information as a result. There is a natural relationship between feeling ownership over data and being concerned with the privacy of it (Petronio 2002), yet this relationship has been understudied in the IS literature. The levels of co-ownership acknowledged in our qualitative findings suggest, in situations where information is shared or co-created (e.g., the patient’s data with the physician’s notes), that people can both understand this complex dynamic and have mixed emotions about it. Various perceptions of ownership need to be considered as health information systems are implemented so that safeguards and policies are put into place to make certain all entities involved understand the ownership and use of the data that will be stored in them.

The relationship between legislation awareness and HIPC was not significant. Our qualitative results suggested that people thought that health data should be protected by law but were largely unaware of the protection provided under law at that time. The European Union has since instituted the general data protection regulation (GDPR),⁶ which has been very visible in the media. Future studies should consider the impact of the GDPR on HIPC. In general, the legal avenues to protect privacy and the differing effects of regulation in different countries is a ripe field of study. Although the quantitative findings were insignificant, our qualitative findings do suggest that privacy legislation is an important consideration for individuals. This indicates that increased awareness of the protection privacy legislation provides may be a way to assuage privacy concerns and ease the implementation of EHR systems.

Media coverage regarding the misuse of health information was the only experience factor that was found to have a significant relationship with HIPC. The more individuals were exposed to media about the misuse of health data, the higher their HIPCs. This suggests that widespread news coverage of health data breaches is educating the public regarding the risks posed to their health information. It also suggests that it is important to reduce highly publicized breaches of health data to encourage privacy-sensitive individuals to allow their data to be included in EHR systems. We are not suggesting that data breaches not be reported, rather we are emphasizing the importance of increasing security protections on health data so that benefits from digitizing it can be fully realized without sacrificing people’s privacy. Experiences of prior health privacy invasions did not have significant relationships with HIPC. Our qualitative findings indicate few were the victims of serious health privacy invasions. However, those whose information had been exposed in a breach expressed less fear of future intrusions because they felt they had taken actions to enhance their control and awareness of their privacy following these incidents. Although our findings are not conclusive, there are indications that health privacy invasions may result in protective actions that possibly prompt complacency. The impact of prior privacy invasions on privacy beliefs and behaviors is another understudied area in the IS literature. An improved understanding of how privacy invasions impact beliefs and behaviors should be a goal of future research.

We also confirmed that individuals with higher HIPCs are less likely to allow their health data to be included in an EHR system. This result underscores the importance of implementing mechanisms to reduce people’s privacy concerns in order to benefit from the digitization of health data. There are many possible benefits of EHRs, yet their use will be stymied if people do not want to use them. Our results point to some areas of focus to ease this transition; including, building trust in the technology vendors who will implement them, implementing and increasing awareness of legislation that protects health data, gaining an understanding of ownership, and clearly conveying what shared ownership means in the patient-healthcare provider relationship. We also show that remedies should target groups such as men, older individuals, and those in poor health who may be more resistant due to higher privacy concerns. Our controls also indicate that people who have increased healthcare need and more experience with mobile health technologies are more likely to intend to use an EHR system. This suggests that emphasizing benefits and training people to understand how EHR technology works may ease resistance to EHRs.

4.1 Contributions to Research and Theory

Much effort has gone into the examination of individual’s concern for information privacy, which has resulted in several versions of multi-dimensional constructs to measure privacy concern that have been popularized in the literature (Hong and Thong 2013; Malhotra et al. 2004; Smith et al. 1996). In proposing the APCO macro model, Smith et al. (Smith et al. 2011) noted that it was more common for studies to use privacy concerns as an independent rather than a dependent variable. They state that “although relationships between a number of antecedents and privacy concerns have been investigated, these studies have usually been conducted in a somewhat disjointed manner and with only minimal replication” [(Smith et al. 2011) , p. 998]. Indeed, as we developed our model, we found that while many antecedents to privacy concern had been examined in the literature, there was little commonality to the subsets of antecedents examined in the various studies. Although papers have been written that attempt to consolidate the antecedents that have been examined across various studies (Ermakova et al. 2015; Li 2011; Smith et al. 2011), few empirical works have focused on the antecedents to privacy concern. As discussed by Smith et al. (Smith et al. 2011) the outcomes of the APCO macro model are more prominent in the privacy literature. That is, the focus of the research is often on what outcome privacy concern might influence. For example, in the health context, the outcome of interest is often disclosure of health information or acceptance of ICTs (Anderson and Agarwal 2011; Angst and Agarwal 2009; Bansal et al. 2010; Bansal et al. 2016). These are noble pursuits that require attention, but we argue that understanding what factors influence individuals’ HIPCs is also important to understand. Our research helps fill the antecedent ➔ privacy concern gap in the literature in an important context by providing a broad examination of antecedents to HIPC within an APCO framework. Leveraging the wealth of privacy literature, we construct a model from the literature and analyze it using both quantitative and qualitative methods.

Our findings revealed that individuals’ perceptions of risk, trust, information sensitivity, and information ownership were important factors shaping HIPC. Of particular note are our findings regarding information ownership. Information ownership is a key element to CPM (Petronio 2002), which is often used as a theoretical foundation for privacy studies [e.g., (Anderson and Agarwal 2011; Xu et al. 2011)]. However, IS studies have largely not focused on the information ownership aspect of CPM. The underrepresentation of information ownership in the IS privacy literature is why we did not initially include it in our model that was derived from the literature. Only through our mixed method approach did it become clear that information ownership may play a role in shaping HIPC. In fact, our quantitative results indicate that as perceptions of information ownership increase, so does HIPC, and our qualitative findings suggest that people may have distinctly different views on who owns their PHI. Some of our interviewees felt they were the owner of their PHI, but others believed that the PHI was co-created and thus co-owned by them and their health providers, and yet others felt that whether they liked it or not, their PHI was owned by the health providers. Our study suggests that it is imperative in our digital society where analytics is increasingly valued for studies exploring information privacy to account for perceptions of information ownership.

4.2 Implications for Society and Practice

There are two obvious areas where an increased understanding of how individuals’ HIPCs are shaped may be helpful. First, as technology continues to be integrated into healthcare, it is in the best interest of healthcare providers and companies that do business with them to understand how they may ease the privacy concerns of the patients that they serve. Second, there is an impetus on individuals to better understand how their PHI may be used and what control they have over its use. Such knowledge could help them take steps to better protect their PHI. Our results show that perceptions play a large role in HIPC. In particular, our participants perceived risk associated with giving their PHI to health professionals. They felt that health professionals may not have the skill necessary to protect their data. Our results also showed a distrust of technology vendors with respondents suggesting companies did not have their best interests in mind when handling their data. Health professionals and technology vendors could take steps to decrease perceptions of risk and build trust simply by informing patients of the steps being taken to protect their data, for example. Information sensitivity and information ownership were also both important drivers of HIPC. Again, companies could take steps to develop policy, if none exists, and inform patients regarding how they will handle patients’ sensitive data and what ownership of it they retain. For their part, individuals can take steps to research and increase their knowledge of how their PHI will be handled and what control they have over it, by for example, reading privacy policies.

It is encouraging that media coverage of health data breaches seems to be having an impact on individuals’ HIPCs. That our qualitative findings uncovered that awareness of health data misuse and others’ misfortune made our participants more reflective and proactive regarding their own privacy is a positive sign and suggests that programs to increase awareness may be useful. Security and privacy have been prominently discussed in the media due to new regulations in Europe and an increased occurrence of security incidents and questionable ethics regarding data use. Our results suggest that people pay attention to such events and may adjust their behavior accordingly. This may mean that simply increasing the media coverage of good security and privacy practices could be effective in increasing such behaviors. Also, it may be worthwhile to heavily publicize data breaches and to encourage people to talk to each other about security and privacy issues and concerns, as well as about good privacy and security practices. Community forums could be held that provide information about vulnerabilities and best practices to avoid negative consequences, for example.

4.3 Limitations and Future Research

While our study provides a broad examination of antecedents to HIPC, it does not consider every possible option. We purposefully excluded antecedents that were not commonly mentioned in the privacy literature or had inconsistent findings in past studies (e.g., personality) in favor of parsimony. We encourage future research to expand on our model to continue to explore antecedents to privacy concerns. Furthermore, we suggest that studies focusing on privacy concerns as a dependent variable should be conducted in contexts other than health. As research continues to refine the antecedents to privacy concerns, more complex APCO models will be possible that leverage the knowledge and insight obtained by examining the antecedents ➔ privacy concern component of the model.

Our data was collected from Irish respondents. Ireland is a Western country with a public health system that at the time of data collection had not widely adopted EHRs (Leogue 2016; Lovett and Muoio 2018). Care should be taken not to generalize the study to all countries as cultural and health system characteristics may vary. A fruitful avenue for future research is to expand the study of HIPC to consider cultural characteristics and collect multi-national samples to examine the effects of differences in privacy concerns among different cultures, as well as the impact of different privacy regulations and healthcare systems. Privacy can have a have different meanings in different cultures given that it is a socially derived concept. With technology continuing to decrease the impediments to communication and privacy issues increasingly crossing borders, developing an understanding of what privacy means and its impact in other cultures is an important area for future research.

5 Conclusion

We conducted a mixed methods study of HIPC using a sample of individuals from the Republic of Ireland. Our results indicate that age, gender, and health status all play a role in HIPCs, but in the case of gender, not in the expected way. Individual perceptions of risk, trust, information sensitivity, and information ownership were all important in shaping HIPC. Awareness of health privacy events from the media was also a driver of HIPC. We find that increased HIPCs decrease individual’s intention to allow their information to be included in an EHR system. Our findings provide insight that can be used to ease privacy concerns as Irish healthcare providers continue to advance their technology and more people in Ireland start to use wearables and apps to manage their health. Knowledge gained from our study can also be used to develop ways to better inform the public about how to protect their PHI.