BMC Medical Informatics and Decision Making volume 18, Article number: 135 (2018)
Data was collected from a large Taiwanese medical center by means of survey methodology. A total of 312 responses comprised of various groups of healthcare professionals was collected and analyzed via structural equation modeling.
It has been duly acknowledged that the adoption of electronic medical records (EMR), a collection of software functions commonly utilized in the delivery of directives for patient care, in the maintenance of patients’ medical records, and the distribution of laboratory testing or radiologic examinations results , can improve healthcare quality and decrease overall cost . Via EMR, healthcare professionals can serve to inquire after patient information immediately without the limitations of time and space . However, with the advent of a more accessible and comprehensive EMR system, a massive amount of medical records may become easily obtainable to both unauthorized and authorized users who are both inside and outside the healthcare facilities . EMR are therefore potentially susceptible to security breaches which may lead to real patients’ privacy concerns . Most reported privacy violations in healthcare facilities stem in fact from staff misuse or abuse of their privileged access status to patient records [5, 6].
There is a widely accepted knowledge as to the importance of employees’ compliance with organizational rules, procedures, and policies, all of which can be used to regulate employees’ accurate attitudes or behaviors regarding how organizational resources should be utilized [5, 7, 8]. Despite such evidence, employees often demonstrate not to abide by such prescriptive rules or policies. In reality, non-compliance to such stated policies may cause organizations significant reputational damage, remediation costs, or even subsequent penalties . For many healthcare facilities, regulations have been purposefully mandated in order to secure patient information due to the increased digitization of patient records . Healthcare facilities must therefore invest in how to effectively motivate employees to comply with stated policy and to secure EMR.
Theoretical foundation and hypotheses
The theoretical foundation of our study is adapted from self-determination theory  and habit-related perspective . Self-determination theory, one of the often-adopted theoretical frameworks within motivation research , differentiates between various types of motivation according to the different reasons or goals leading to a given action . Among those motivations, self-determinant theory differentiates between two main types of motivation: (1) intrinsic motivation, and (2) extrinsic motivation . Intrinsic motivation refers to undertaking a behavior because it is inherently enjoyable or interesting to do, while extrinsic motivation refers to doing something because it can result in a separable outcome . Such intrinsic and extrinsic motivation when taken together affect an individual to undertake a particular behavior .
Habits are commonly considered to be “learned sequences of acts that become automatic responses to specific situations, which may be functional in obtaining certain goals or end states  (p.14).” Many behaviors that are of interest to individuals, especially when they are repeatedly and satisfactorily executed, may eventually become personal habits without extra cognitive processes having to take place . Although some researchers hold that habits can be formed quickly, most studies argue that habit continuation requires a certain amount of repetition or practice to take place [22, 23]. As for the formation of habits, literature  suggests that a stable context which requires an individual’s minimal attention in responding to certain situations, is essential. Once a habit is shaped, an individual can then perform a behavior automatically .
The relationship between satisfaction and habit
The relationship between self-efficacy and habit
The relationship between perceived usefulness and habit
The relationship between facilitating conditions and habit
In Taiwan, hospitals are usually divided into three major categories based on given characteristics of size: medical centers, regional hospitals, and district hospitals. Totally, the number of medical centers, regional hospitals, and district hospitals in Taiwan are about 19, 80, and 308, respectively . Most of the three types of hospitals have utilized some form of EMR due to efforts to improve EMR adoption promoted by the Ministry of Health and Welfare in Taiwan. Medical centers, however, implement more comprehensive EMR systematization and have wider application of EMR than regional and district hospitals due to appreciable organizational resources. We therefore surveyed hospital staff from a medical center of 1300-beds serving nearly 5000 outpatients daily located in southern Taiwan. The subject hospital has about 3511 employees including 3020 healthcare professionals and 491 administrative staff. The subject hospital was chosen because of two major considerations: (1) The subject hospital is equipped with well-established EMRs systems aimed at providing patients with high quality healthcare services; and, (2) The subject hospital was regarded as being rather proactive in their use of EMR in terms of overall internal EMR utilization and the amount of EMR exchanged with external healthcare facilities . Both reasons made the chosen hospital suitable for use in the study of EMR privacy protecting issues.
Our study used a cross-sectional design, and survey methodology was adopted to collect data. Since most violations of patient privacy in healthcare facilities stem from staff misuse or abuse of the privileged right to access patient records [5, 6], hospital employees (i.e., healthcare professionals and administrative staff) who are granted access EMR must still be regarded as potential threats capable of jeopardizing EMR privacy. Among 3511 employees involved as part of this study, about 2800 healthcare professionals and 100 administrative staff were actually authorized to access EMR. Considering the heavy workload of hospital staff, a census of all eligible employees is unfeasible, we therefore adopted convenience sampling to collect relevant data. We appointed a coordinator for the departments whose staff members maintain access to EMR systems in order to assist questionnaire administration. Recruitment of hospital employees was voluntarily and guaranteed anonymity to participate in the survey. Ethical approval from the subject hospital was sought and then acquired prior to the eventual administration of the survey.
Partial least squares (PLS), a distribution-free analytic method , was used for purposes of data analysis because the collected data did not follow a normal distribution (p < .001) to some extent subsequent to a Kolmogorov-Smirnov test. We utilized R software version 3.5.1 , with both plspm version 0.4.9 and semPLS version 1.0–10 package [54, 55], to assess the measurement model (i.e., dealing with the relationships between the observed variables and the latent variables) and the structural model (i.e., dealing with the relationships between the exogenous and endogenous variables) of PLS, respectively. In order to obtain the scores of the latent variables for subsequent use of measurement and in the structural model, their associated observed variables are weighted and summed by PLS . Further, the RMediation version 1.1.4  package was used to assess the mediation effect of habit.
Measurement model assessment
In PLS, the measurement model assesses the reliability and the validity of measures taken [48, 49]. Literature suggests reliability can be evaluated via composite reliability or Cronbach’s α . In our study, both the values of composite reliability and Cronbach’s α of all constructs (see Table 2) were larger than the suggested value of 0.7 , thus demonstrating sufficient reliability being present.
As for validity, convergent validity and discriminant validity are commonly assessed in terms of PLS . Table 3 shows that all items in our study loaded highly on the postulated factors and had factor loadings greater than 0.7 . Regarding the validity of construct level, the constructs used in this study had a value of average variance extracted higher than 0.5 , indicating sufficient convergent validity (see Table 2). Further, the squared root of average variance extracted for each construct was larger than the correlation coefficients of the specific construct with any other constructs in the proposed model, also demonstrating adequate discriminant validity .
Several correlations between constructs are higher than 0.7 (see Table 2), but they are still lower than 0.85, which may indicate the presence of a collinearity issue . To avoid the possible influence of collinearity, we further checked for the issue and the results demonstrated that the tolerance value of each construct investigated ranges from 0.15–0.64, showing that collinearity should not become an issue in this study .
Structural model assessment
In addition to testing the proposed hypotheses, we further examined the PLS structural model with three widely adopted criteria, namely the predictive relevance Q2, the q2 and the f2 effect size . The Q2 value of habit was 0.64, showing the structural model had predictive relevance for this construct . Further, the relative impact of predictive relevance (q2) of satisfaction, self-efficacy, perceived usefulness, and facilitating conditions was − 0.015, 0.042, 0.038, and 0.128, respectively. These q2 sizes were deemed small according the criteria suggested by the literature . Finally, the exogenous constructs of satisfaction, self-efficacy, perceived usefulness, and facilitating conditions for explaining the endogenous construct habit have f2 effect sizes of 0.005, 0.070, 0.238, and 0.066, respectively. According to their effect sizes, these facilitating conditions had a medium effect size (f2 = 0.238), as well as possessing small predictive relevance (q2 = 0.128) . Both self-efficacy and perceived usefulness were seen to have a small effect size and a small amount of predictive relevance. Satisfaction had the smallest effect size and also the smallest amount of predictive relevance in our study.
Assessment of the mediation effect of habit
Based on the reported findings, we would propose several points that might be worthy of consideration for further theory development. First, the literature  has considered continuance behavior (or, repeat behavior) to be guided by an individual’s cognitive process. Hence, much effort is devoted to explaining continuance intention directly from these perspectives, such as perceived usefulness, satisfaction, etc. However, as EMR becomes more prevalent among healthcare facilities, and thus healthcare professionals can access EMR anywhere and at any time without much involved cognitive process, habit may play a significantly larger role in protecting patient privacy. We therefore hope that our study will contribute towards future development of habit formation to ensure patient privacy protection in EMR usage.
Fourth, the inclusion of facilitating conditions and self-efficacy in our model has provided additional perspectives. Facilitating conditions and self-efficacy are usually considered before a behavior is conducted in terms of other behavioral theory . The inclusion of these two variables in our model has allowed a broader picture of hospital staff’s perceptions in the post-behavioral phase, and it has created a richer understanding of their continuance intentions.
Several limitations should be noted in our study. First, the data was collected from only one Taiwanese medical center without comprising samples from other hospitals. Hence, the generalizability of our finding may in fact be limited. Further, in order to avoid any interruption of patient-care activities, the survey used a self-reporting method to investigate behavioral intention among staff rather than through direct observation or through the recording of participants’ actual compliance behavioral patterns. Future research can therefore examine the issue in order to better realize the associations among these investigated constructs examined as part of this study.
By integrating both motivation and habitual perspectives, our study presented and then empirically verified a model used to examine continuous compliance with EMR privacy policies by hospital employees. Motivations including self-efficacy, perceived usefulness, and facilitating conditions are significant predictors of compliance habits; and, habits, in their turn, may significantly predict hospital staff’s continuance compliance intention. We also found that habit is a partial mediator between motivations and continuance compliance intention.
Electronic medical records
Partial least squares
Kuo KM, Ma CC, Alexander JW. How do patients respond to violation of their information privacy? Health Inf Manag J. 2014;43(2):23–33. https://doi.org/10.12826/18333575.2013.0011.Ma.
Anderson CL, Agarwal R. The digitization of healthcare: boundary risks, emotion, and consumer willingness to disclose personal health information. Inform Syst Res. 2011;22(3):469–90.
Zhou L, Soran CS, Jenter CA, Volk LA, Orav EJ, Bates DW, et al. The relationship between electronic health record use and quality of care over time. J Am Med Inform Assn. 2009;16(4):457–64.
Foth M. Factors influencing the intention to comply with data protection regulations in hospitals: based on gender differences in behaviour and deterrence. Eur J Inf Syst. 2016;25(2):91–109. https://doi.org/10.1057/ejis.2015.9.
U.S. Department of Health & Human Services. Standards for privacy of individually identifiable health information. In: Department of Health & Human Services, editor. Washington, DC: U.S. Department of Health & Human Services; 2017.
D’Arcy J, Devaraj S. Employee misuse of information technology resources: testing a contemporary deterrence model. Decision Sci. 2012;43(6):1091–124.
Ma CC, Kuo KM, Alexander JW. A survey-based study of factors that motivate nurses to protect the privacy of electronic medical records. BMC Med Inform Decis Mak. 2016;16:13. https://doi.org/10.1186/s12911-016-0254-y.
Kwon J, Johnson ME. Health-care security strategies for data protection and regulatory compliance. J Manage Inform Syst. 2013a;30(2):41–66.
Congress of United States of America, editor. Health insurance portability and accountability act. In: Congress of United States of America, editor. Washington, DC: Congress of United States of America. p. 1996.
Sher ML, Talley PC, Cheng TJ, Kuo KM. How can hospitals better protect the privacy of electronic medical records? Perspectives from staff members of health information management departments. Health Inf Manag J. 2017;46(2):87–95. https://doi.org/10.1177/1833358316671264.
Chang CC, Liang C, Yan CF, Tseng JS. The impact of college students’ intrinsic and extrinsic motivation on continuance intention to use english mobile learning systems. Asian-Pac Educ Research. 2013;22(2):181–92. https://doi.org/10.1007/s40299-012-0011-7.
Dwenger N, Kleven H, Rasul I, Rincke J. Extrinsic and intrinsic motivations for tax compliance: evidence from a field experiment in Germany. Am Econ J Econ Polic. 2016;8(3):203–32.
Henshaw H, McCormack A, Ferguson MA. Intrinsic and extrinsic motivation is associated with computer-based auditory training uptake, engagement, and adherence for people with hearing loss. Front Psychol. 2015;6:1067. https://doi.org/10.3389/fpsyg.2015.01067.
Limayem M, Hirt SG. Force of habit and information systems usage: theory and initial validation. J Assoc Inf Syst. 2003;4(1):65–97.
Ryan RM, Deci EL. Intrinsic and extrinsic motivations: classic definitions and new directions. Contemp Educ Psychol. 2000;25(1):54–67. https://doi.org/10.1006/ceps.1999.1020.
Gardner B, Lally P. Does intrinsic motivation strengthen physical activity habit? Modeling relationships between self-determination, past behaviour, and habit strength. J Behav Med. 2013;36(5):488–97. https://doi.org/10.1007/s10865-012-9442-0.
Deci EE, Ryan RM. Intrinsic motivation and self-determination in human behavior. Perspectives in social psychology. New York: Plenum Press; 1985.
Verplanken B, Aarts H. Habit, attitude, and planned behaviour: is habit an empty construct or an interesting case of goal-directed automaticity? Eur Rev Soc Psychol. 1999;10(1):101–34. https://doi.org/10.1080/14792779943000035.
Wu J, Lu X. Effects of extrinsic and intrinsic motivators on using utilitarian, hedonic, and dual-purposed information systems: a meta-analysis. J Assoc Inf Syst. 2013;14(3):Article 1.
Venkatesh V, Speier C. Computer technology training in the workplace: a longitudinal investigation of the effect of mood. Organ Behav Hum Dec. 1999;79(1):1–28. https://doi.org/10.1006/obhd.1999.2837.
Aarts H, Paulussen T, Schaalma H. Physical exercise habit: on the conceptualization and formation of habitual health behaviours. Health Educ Res. 1997;12(3):363–74. https://doi.org/10.1093/her/12.3.363.
Limayem M, Hirt SG, Cheung CMK. How habit limits the predictive power of intention the case of information systems continuance. Mis Quart. 2007;31(4):705–37.
Ouellette JA, Wood W. Habit and intention in everyday life: the multiple processes by which past behavior predicts future behavior. Psychol Bull. 1998;124(1):54–74.
Aarts H, Dijksterhuis A. Habits as knowledge structures: automaticity in goal-directed behavior. J Pers Soc Psychol. 2000;78(1):53–63.
Puhakainen P, Siponen M. Improving employees’ compliance through information systems security training: an action research study. Mis Quart. 2010;34(4):767–78.
Charng HW, Piliavin JA, Callero PL. Role identity and reasoned action in the prediction of repeated behavior. Soc Psychol Quart. 1988;51(4):303–17.
Turel O. Quitting the use of a habituated hedonic information system: a theoretical model and empirical examination of facebook users. Eur J Inform Syst. 2015;24(4):431–46. https://doi.org/10.1057/ejis.2014.19.
Wang C, Harris J, Patterson P. The roles of habit, self-efficacy, and satisfaction in driving continued use of self-service technologies. J Serv Res-US. 2013;16(3):400–14. https://doi.org/10.1177/1094670512473200.
Verplanken B, Aarts H, Van Knippenberg A. Habit, information acquisition, and the process of making travel mode choices. Eur J Soc Psychol. 1997;27(5):539–60.
Verplanken B. Beyond frequency: habit as mental construct. Brit J Soc Psychiat. 2006;45(3):639–56. https://doi.org/10.1348/014466605X49122.
Boss SR, Galletta DF, Benjamin Lowry P, Moody GD, Polak P. What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. Mis Quart. 2015;39(4):837–64.
Siponen M, Adam Mahmood M, Pahnila S. Employees’ adherence to information security policies: an exploratory field study. Inform Manage. 2014;51(2):217–24.
Vance A, Siponen M, Pahnila S. Motivating is security compliance: insights from habit and protection motivation theory. Inform Manage. 2012;49(3–4):190–8.
Warkentin M, Johnston AC, Shropshire J, Barnett WD. Continuance of protective security behavior: a longitudinal study. Decis Supp Syst. 2016;92:25–35. https://doi.org/10.1016/j.dss.2016.09.013.
Davis FD. Perceived usefulness, perceived ease of use, and user acceptance of information technology. Mis Quart. 1989;13(3):319–40.
Herath T, Rao HR. Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis Supp Syst. 2009;47(2):154–65.
Zhang J, Reithel BJ, Li H. Impact of perceived technical protection on security behaviors. Inform Manage Comput Secur. 2009;17(4):330–40.
Barnes SJ. Understanding use continuance in virtual worlds: empirical test of a research model. Inform Manage. 2011;48(8):313–9. https://doi.org/10.1016/j.im.2011.08.004.
Hsiao CH, Chang JJ, Tang KY. Exploring the influential factors in continuance usage of mobile social apps: satisfaction, habit, and customer value perspectives. Telemat Inform. 2016;33(2):342–55. https://doi.org/10.1016/j.tele.2015.08.014.
Triandis HC, editor. Values, attitudes, and interpersonal behavior Nebraska Symposium on Motivation; 1980; Lincoln, NE: University Nebraska Press.
Bhattacherjee A, Lin CP. A unified model of it continuance: three complementary perspectives and crossover effects. Eur J Inf Syst. 2015;24(4):364–73. https://doi.org/10.1057/ejis.2013.36.
Chiu CM, Hsu MH, Lai H, Chang CM. Re-examining the influence of trust on online repeat purchase intention: the moderating role of habit and its antecedents. Decis Supp Syst. 2012;53(4):835–45. https://doi.org/10.1016/j.dss.2012.05.021.
Lee MKO, Cheung CMK, Chen ZH. Acceptance of internet-based learning medium: the role of extrinsic and intrinsic motivation. Inform Manage. 2005;42(8):1095–104.
Joint Commission of Taiwan. List of qualified accreditation hospitals and teaching hospitals by the ministry of health and welfare from 2011 to 2015. 2016. https://www.jct.org.tw. Accessed 7 May 2016.
Ministry of Health and Welfare. Bulletin of emrs adoption. 2017. https://emr.mohw.gov.tw/emrlist.aspx. Accessed 7 May 2017.
Churchill GA Jr. A paradigm for developing better measures of marketing constructs. J Marketing Res. 1979;16(1):64–73.
Fornell C, Larcker DF. Evaluating structural equation models with unobservable variables and measurement error. J Marketing Res. 1981;18(1):39–50.
Hair JF, Hult GTM, Ringle CM, Sarstedt M. A primer on partial least squares structural equation modeling (pls-sem). Thousand Oaks: Sage; 2014.
Bhattacherjee A. Understanding information systems continuance: an expectation-confirmation model. Mis Quart. 2001;25(3):351–70.
Taylor S, Todd PA. Understanding information technology usage - a test of competing models. Inform Syst Res. 1995;6(2):144–76.
Limayem M, Cheung CMK. Understanding information systems continuance: the case of internet-based learning technologies. Inform Manage. 2008;45(4):227–32.
R Core Team. R: a language and environment for statistical computing. Vienna: R Foundation for Statistical Computing; 2018. https://www.R-project.org/
Monecke A, Leisch F. Sempls: structural equation modeling using partial least squares. J Stat Softw. 2012;48(3).
Sanchez G. Pls path modeling with r. Berkeley: Trowchez ed; 2013.
Tofighi D, Rmediation MKDP. An r package for mediation analysis confidence intervals. Behav Res Methods. 2011;43(3):692–700. https://doi.org/10.3758/s13428-011-0076-x.
Kline RB. Principles and practice of structural equation modeling. In: Methodology in the social sciences. 2nd ed. New York: The Guilford Press; 2005.
Ayanso A, Herath TC, O'Brien N. Understanding continuance intentions of physicians with electronic medical records (emr): an expectancy-confirmation perspective. Decis Supp Syst. 2015;77:112–22. https://doi.org/10.1016/j.dss.2015.06.003.
Judson TJ, Volpp KG, Detsky AS. Harnessing the right combination of extrinsic and intrinsic motivation to change physician behavior. JAMA. 2015;314(21):2233–4.
Oliver RL. A cognitive model of the antecedents and consequences of satisfaction decisions. J Marketing Res. 1980;17(4):460–9.
This work has been supported by the Ministry of Science and Technology (Grant no. MOST-104-2410-H-214-007), Taiwan, R.O.C.
Availability of data and materials
The anonymous datasets from the present study are available from the corresponding author on reasonable request. No identifying/confidential patient data were collected.
Ethics approval and consent to participate
The study was conducted with an approval by the Institutional Review Board (IRB) of Chi-Mei Medical Center, Taiwan. The IRB waived the mandate for obtaining a written informed consent from subjects. Participants were provided with an information sheet which detailed relevant information about the study, potential benefits and risks of participation in this study, the opportunity and means to ask questions, and also the options regarding voluntary agreement to participate in this study. Verbal consent was then requested prior to commencement of the survey. This study was provided as an anonymous survey of adults over the age of 20 for which no personal, identifiable information was collected.
Consent for publication
The manuscript does not contain any individual’s data in any form.
The authors declare that they have no competing interests.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article