=Paper=
{{Paper
|id=Vol-1623/paperapp3
|storemode=property
|title=An Empirical Study of Concern for Privacy on Providing Health Information in the EMR Context
|pdfUrl=https://ceur-ws.org/Vol-1623/paperapp3.pdf
|volume=Vol-1623
|authors=Kuei Fen Chen, Hsin-Ginn Hwang, Ming-Ling Sher,Elisa Hui-Ting Lin
|dblpUrl=https://dblp.org/rec/conf/door/ChenHSL16
}}
==An Empirical Study of Concern for Privacy on Providing Health Information in the EMR Context==
https://ceur-ws.org/Vol-1623/paperapp3.pdf
An Empirical Study of Concern for Privacy on Providing
Health Information in the EMR Context
Kuei Fen Chen1, Hsin-Ginn Hwang2, Ming-Ling Sher3 and Elisa Hui-Ting Lin2
1
Advantech Intelligent Services Co., Ltd.
a0910283839@hotmail.com
2
National Chiao-Tung University, Taiwan
{hghmis, elisa.iim01g}@nctu.edu.tw
3
National Chung Cheng University, Taiwan
r8843003@ms55.hinet.net
Abstract. There are two main purposes in this study. The first one tends to in-
vestigate the relationship between individuals’ concern for their health infor-
mation (CFHIP) and their intention to provide their health information in the
Electronic Medical Records (EMR) exchange center (EEC). The other purpose
is to identify the antecedents of CFHIP, including hospital reputation, hospital
privacy policy and hospitals’ reward in the EMR exchange context. A total of
138 validated data was analyzed to test the proposed model in this study. Three
out of four hypotheses are supported by the research results; only the hypothesis
of hospital reward is not supported.
Keywords. Concern for Health Information Privacy; Electronic Medical Rec-
ords: EMR Exchange; Social Exchange Theory
1 Introduction
One of the major advantages to adopt Electronic Medical Records (EMR) systems
is to allow physicians to use Health Information Exchange (HIE) via EMR exchange
center. HIE is especially useful for patients with chronic conditions who want to visit
a different specialist and require access to previous lab tests or digital medical image.
The promotion of EMR exchange is one of the important goals of health policy
across the world. However, the applications of EMR and EMR exchange are still not
popular in healthcare industry. Many studies have been conducted in order to under-
stand and explain this phenomenon. Merciri [37] argued that as personal health in-
formation is digitized, transmitted and mined for effective care provision, new threats
to patients’ privacy are becoming evident. Angst & Agarwal [2] also indicated that in
spite of the anticipated value potential of EMR exchange, there is widespread concern
that patient privacy issues may impede its diffusion. In this sense, with more hospi-
tals adopted EMR exchange, more patients are becoming concerned about the privacy
and security of their personal health information. People may be reluctant to provide
their personal health information during clinic visits due to their CFHIP.
Copyright © by the paper's authors. Copying permitted for private and academic purposes.
In: A. Kononov et al. (eds.): DOOR 2016, Vladivostok, Russia, published at http://ceur-ws.org
�678 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
A lot of studies have already been conducted to examine the correlation between
concerns for information privacy (CFIP) in e-commerce environment. Li [30] sum-
marized these studies and provided an integrative framework. For further under-
standing of the concept of EMR exchange, the social exchange theory (SET) was also
adopted in this study to obtain more theoretical foundation.
2 Literature Review
Generally speaking, EMR is the digitalization of patients’ chart with time stamp
and e-signature as well as receiving the permission from the authority to replace pa-
per-based patient charts. EMR allows healthcare providers to access patients’ data
online to assist in clinical decision making. There is a general assumption that EMR
will have a positive impact on persistent problems such as medical errors and high
administrative costs [2]. In legal context, privacy is a word with a meaning that is
same as a right to be let alone [58]. Information privacy is the ability of the individu-
al to personally control information about one’s self [54] and has been identified as
one of the most important issues of contemporary management practice [36]. Alt-
hough the concept of information privacy sounds straightforward, information privacy
in real life varies with industry sectors, cultures, and regulatory laws [9], [38].
An individual’s CFIP refers to an individual’s subjective views of fairness within
the context of information privacy [7]. An individual’s CFIP will be influenced by
external conditions including industry sectors, cultures, and regulatory laws. Besides
this, an individual’s perceptions of such external conditions will also vary with per-
sonal characteristics and past experiences [14]. Therefore, people often have different
opinions about how a firm collects and uses of their personal information.
Since 1960s, researches related to information privacy are increasing. Smith et al.
[52] develop and validate an instrument that identifies and measures the primary di-
mensions of individuals’ concerns about organizational information privacy practices.
Smith et al. [52]’s research is the first measure of its kind and measured individuals’
concern regarding organizational practices. The result is a 15-item instrument that
reflects four factors of CFIP: (1) collection; (2) errors; (3) secondary use; (4) unau-
thorized access. Stewart & Segars [53] examine the factor structure of the CFIP in-
strument posited by Smith et al. [52]. The results consist with their conceptualization,
suggesting that CFIP as a higher-order factor structure rather than a correlated set of
first-order factors. In other words, CFIP can be defined as more than four distinct
factors. It consists of the four factors as well as the structure of interrelationships
among those factors. Malhotra et al. [34] propose a theoretical framework on the di-
mensionality of Internet users’ information privacy concern (IUIPC) drawing on so-
cial contract theory. They operationalize the multidimensional notation of IUIPC
using a second-order construct, and develop a scale for it. In their study, three critical
factors in the research area of IUIPC have been identified. These critical factors are:
(1) collection; (2) control; (3) awareness. Dinev & Hart [12] indicate that perceptions
of privacy are constructed through communication and transactions with social enti-
� An Empirical Study of Concern for Privacy 679
ties over a networked environment. Thus, they specify that social awareness and
Internet literacy be related to both Internet privacy and intention to transact.
Though lots of researches have been conducted in privacy area, however, they
mainly focus on marketing or e-commerce context. Hwang et al. [26] suggest that
individuals’ CFIP in different contexts may differ in terms of measurements. More
precisely, concern for health information privacy (CFHIP) is a special case of CFIP.
Based on this concept, an empirical study was conducted in EMR context, the result
argued that CFHIP could be measured by six critical factors: (1) collection; (2) errors;
(3) secondary use; (4) unauthorized access; (5) control; (6) awareness.
Based on Li [30]’s research framework, this study intends to identify the anteced-
ents of CFHIP in the organizational dimension. Three constructs were proposed in
the initial research framework. They are hospital reputation, policy and rewards.
Reputation is an estimation of the consistency over time of an attribute of an entity.
Wartick [59] argued that organizational reputation is an aggregation of a single stake-
holder’s perceptions of how well organizational responses are meeting the demands
and expectations of many organizational stakeholders [59]. In other words, organiza-
tional reputation is the result of the comparison between what the organization prom-
ises and what they eventually fulfill. Prior studies indicate that as users lack direct
experience, they need to rely on second-hand information such as reputation to form
their initial trust [5].
In healthcare context, there are some researches have been conducted on the hospi-
tal reputation both from the professionals’ and the patients’ viewpoint. It combines
three factors: confidence in the hospital’s professionals, hospital’s good reputation,
and positive perception of the treatment results. Confidence in the hospital’s profes-
sionals refers to patients their confidence in the hospital’s professionals, hospital’s
good reputation refers to whether or not the hospital was well thought of by the pa-
tients, and positive perception of the treatment results is the patients’ rating of the
outcomes of clinical or surgical interventions.
A declining hospital reputation may pose other challenges such as rising funds, re-
cruiting and retaining qualified physicians and nurses. Besides, hospital reputation
acts also as a shield against litigation, and may help the hospital to attract and retain
talented professionals [39]. In the absence of relevant information to guide patients’
choices of a health care provider or hospital, decisions are frequently made on hospi-
tal reputation [39].
Individuals are willing to provide personal information but only under certain cir-
cumstances. In healthcare context, healthcare providers need to implement and de-
ploy security and privacy controls, and also need to inform the patients about their
existence. This is accomplished by using a privacy policy notice. In other words,
privacy policy is important because it informs individuals about the organization’s
information practices. So far, the government’s regulation related to EMR exchange
in Taiwan includes Personal Information Protection Act, Medical Care Law, and
Regulations Governing Development and Management of Electronic Medical Rec-
ords. On the other hand, hospital’s privacy policy informs individuals about the hos-
pital’s information practice. Privacy policy helps individuals decide whether or not
they want to provide personal health information or to choose not to engage in the
�680 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
healthcare provider at al. Hence, we expect that privacy policy is significant to indi-
viduals in EMR context.
Reward is called “perceived benefit” in some privacy studies. In many contexts, in
order to enhance individuals’ willingness to provide their personal information, some
companies offer attractive rewards. Individuals opt to participate in a social contract
when they perceive that rewards outweigh the risks associated with information dis-
closure; thus, decreasing motivation for privacy protection [47], [51]. In healthcare
context, accurate information will result in some rewards. It’s important because
reluctance to provide personal health information may impede the success of
healthcare services [4]. In EMR exchange context, this rewards including more rele-
vant messages, helping to make medical care significantly safer, more efficient, and
more quality [10]. Thus, we believe that reward is significant to individuals in EMR
exchange context.
3 Research Methodology
3.1 Hypotheses
Based on the results of literature review, it is assumed there is a negative relation-
ship between CFHIP and a person’s intention to provide his/her health information
during clinic visits. In other words, individuals’ have the higher CFHIP; they are the
less likely to provide their personal health information. Hypothesis 1 is stated as fol-
lows:
H1: There is a negative relationship between CFHIP and individuals’ intention to
provide their personal health information
Reputation is an important asset that takes time to build and requires significant in-
vestment. In this study, hospital reputation is referred to the extent to which an indi-
vidual’s subjective views of the comparison between what the hospital promises and
what they eventually fulfill. Some recent studies have suggested that hospital reputa-
tion is associated with better clinical care results and with higher-quality scientific
production. Hospital reputation acts also as a shield against lawsuit, and may help the
hospital to attract and retain talented professionals. In the absence of relevant infor-
mation to guide patients’ choices of a health care provider or hospital, decisions are
frequently made on reputation. Based on the present literature review, we expect
hospital reputation to be negatively related to individuals’ CFHIP in EMR exchange
context. Hence, we hypothesize:
H2: Hospital reputation is negatively correlated with individuals’ CFHIP
Form individuals’ perspective, they express their concerns about the way the hospi-
tals using their personal health information. Privacy hospitals’ privacy policy pro-
vides individuals with information about the hospitals’ information practices and
helps to signal the commitment of the hospitals in protecting individuals’ privacy. In
this study, hospitals’ privacy policy is referred to the extent to which an individual
believes that the privacy policy of EMR exchange is completeness. It is assumed that
� An Empirical Study of Concern for Privacy 681
hospitals’ privacy policy would have a negative effect on individuals’ CFHIP. Thus,
this study proposed the hypothesis that:
H3: Hospitals’ Privacy policy is negatively correlated with individuals’ CFHIP.
In this study, reward is referred to the extent to which an individual believes that
disclosing personal health information will have advantages for themselves. Prior
studies suggest that providing proper rewards would decrease individuals’ CFIP [1],
[40]. In line with prior studies, we hypothesize that reward is negatively correlated
with individuals’ CFHIP. Thus, this study proposed the hypothesis that:
H4: Reward is negatively correlated with individuals’ CFHIP.
3.2 Instrumentation
A comprehensive literature review was conducted to summarize variables, meas-
urement items, references, and scale to propose an initial research framework, rele-
vant variables and measure items. After that, redundant items with similar wordings
were deleted. The rest items were translated into Chinese and were slightly adapted
to fit the specific context of EMR exchange.
In this study CFHIP refers to the extent to which an individual’s subjective views
of fairness within the context of health information privacy. Hwang et al. [26] argued
that healthcare industry differs from other industries, plus the particularity of
healthcare industry, individuals’ may have different concerns. Therefore, the validat-
ed measurement items were adopted from Hwang et al. [26]’s study, which is con-
duced in the EMR exchange context. Based on a study conducted by Hwang et al.
[26], CFHIP is composed of six dimensions: collection, errors, secondary use, unau-
thorized access, control, and awareness in the EMR exchange context. All constructs
of CFHIP were measured using existing validated scales from prior literature wherev-
er possible.
Hospital Reputation is defined as the result of the comparison between what the
hospital promises and what they eventually fulfill. Privacy policy is defined as the
extent to which an individual believes that the privacy policy of EMR exchange is
completeness. Both the measurement items for hospital reputation and privacy mainly
adopted from Nguyen & LeBlanc [42] and Li et al. [32] and wordings were modified
to address the EMR exchange context according to our research context. In addition
to the above references, the measurement items for privacy policy were also adopted
from Hwang et al. [26]’s study, which is conduced in the EMR exchange context.
Reward is defined as the extent to which an individual believes that disclosing per-
sonal health information will have advantages to them. The measurement items for
reward were adopted from Davidson & Heineke [10] and Mohamed et al. [40].
Wordings were modified to address the EMR exchange context. In this study, inten-
tion to provide personal health information refers to the extent to which an individu-
al’s intention to provide personal health information. The measurement items were
adopted from [32]. Wordings were modified to address the EMR exchange context.
�682 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
3.3 Expert Panels & Data Collection
After developing the instrument, the expert panels were hold to validate the appro-
priateness of initial questionnaire and the research framework for this study. The
expert panel consisted of four MIS professors from three different universities. All of
them are experts and scholars with sufficient experiences in information management.
The initial questionnaire was revised based on their feedbacks. Few wordings were
modified. Furthermore, all the doubts asked by the experts were answered and had
their approval. After reach the consensus of the expert panel meetings, a pilot study
was conducted. A total of 30 subjects from a convenience sampling was used this
pilot testing. The results indicated that none of the Cronbach’s α of each variable was
lower than the cut-off value 0.7. Thus, the questionnaire developed is appropriate for
this study. A Web-based survey was conducted. A total of 168 respondents partici-
pated in this survey during the period from July 21st to July 27th in 2015. Among
them, 30 questionnaires were excluded because of incomplete responses. Thus, 138
were deemed usable.
4 Data Analysis and Results
4.1 Demographic Data
Among the 138 respondents, 43.5% were male and 56.5% were female. The age
range of the respondents was mainly distributed from 25 to 44 years old (82.6%). The
majority of respondents have received at least college degree, and the descriptive
statistics of respondents demographic data were presented at Table 1.
Table 1 Descriptive Statistics of Respondents (N=138)
Measure Categories Frequency Percentage
Male 60 43.5
Gender
Female 78 56.5
< 20 4 2.9
20-24 13 9.4
25-29 32 23.2
30-34 25 18.1
Age 35-39 33 23.9
40-44 24 17.4
45-49 4 2.9
50-54 2 1.4
> 55 1 .7
Junior High School 2 1.4
Senior High school 20 14.4
Education
College degree 59 42.8
Graduate degree 59 42.8
� An Empirical Study of Concern for Privacy 683
4.2 Reliability and Validity
All the constructs of this study can be considered to be reliable based on the values
of Cronbach’s α. In addition to Cronbach’s α, composite reliability (CR) was another
common measure of reliability used to test reliability in this study. All of the scales
of CR in this study were above 0.7 and meets the criteria.
To assess content validity, all the measurement items of this study were from exist-
ing literature. Besides that, the expert panel and pilot test were hold and the feed-
backs were acquired including: wording clarity, the length of the instrument, and
adding explanation of specific terms. These procedures provided sufficient mecha-
nisms to ensure the content validity of the instruments. This study first tested the in-
strument by EFA and later by CFA for the purpose to test the construct validity. In
the EFA process, all the items were loaded on the construct as hypothesized, and no
factor loading were less than 0.5. The above results implied that there was sufficient
construct validity of the items. Besides, this study also conducted CFA to evaluated
construct validity in SEM. All the values of AVE were higher than 0.5, the results
indicating that all the constructs in this study were considered to have convergent
validity.
4.3 Data Analysis & Hypotheses Testing
The SmartPLS 3.0 was utilized to test all hypotheses and the results were pre-
sented in Figure 1. The results indicate that CFHIP (H1, β=-.545, t-value=8.450,
p<0.001) was a predictor of individuals’ intention to provide personal health in-
formation, explaining 29.7 percent of its variance. Beside this, two antecedents
had significant negative effects on individuals’ CFHIP, supporting H2 and H3.
Hospital reputation (H2, β=-.295, t-value=3.655, p<0.001) and privacy policy (H3,
β=-.181, t-value=2.067, p<0.005) had significant effects on individuals’ CFHIP.
However, the relationship of reward individuals’ CFHIP is not supported (H4, β=-
.158, t-value=1.299). These three variables explained 26.2 percent of variance of
CFHIP.
�684 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
Note: *p<0.05; **p<0.01; ***p<0.001
Fig. 1 Results of Research Model
5 Discussions and Conclusions
Over the past decades the advance of Health Information Technology (HIT) have
made Electronic Medical Record (EMR) systems to be one of the potential solutions
to improve medical quality and reduce medical costs. It is believed that the use of
EMR and EMR exchange are able to provide needed patients’ data that stored in other
hospitals quickly for physicians to make better clinical decisions. The main purpose
of this study is to investigate the relationship between individuals’ CFHIP and their
intention to provide personal health information during clinic visits. It is believed
there is a negative relationship between these two constructs. That is, the higher indi-
viduals concern for their health information privacy, the less likely to provide their
health information to hospitals. This study does not reject this hypothesis with col-
lected data.
The other research purpose is to identify the antecedents of individuals’ CFHIP.
The research framework proposed three constructs as the antecedent of CFHIP; they
are hospital reputation, policy, and reward. The hypotheses of the first two con-
structs, hospital reputation and policy, are significant, but the last one, reward, is not
significant based on the data collected.
This study also finds the evidence that supports the link for privacy policy to indi-
viduals’ CFHIP. This implies that individuals’ belief of a hospital’s privacy policy
does relate to their CFHIP. Namely, if an individual believes that the privacy policy
of EMR exchange is completeness, they would have less CFHIP. Despite prior re-
searches indicate that individuals perceive greater rewards have less concern with
their information privacy, some other studies also indicate that too much reward
would cause individuals’ privacy concern. Regarding to reward, individuals may
have different opinions; the results indicate that reward had no significant effects on
individuals’ CFHIP. Besides hospital reputation and privacy policy, healthcare pro-
� An Empirical Study of Concern for Privacy 685
viders should inform patients that providing their personal health information would
gain benefits such as more relevant messages, helping to make medical care signifi-
cantly safer, more efficient, and more quality. These may affect their intention to
provide their personal health information.
References
1. Andrade, E. B., Kaltcheva, V., & Weitz, B. (2002). Self-disclosure on the web: The impact
of privacy policy, reward, and company reputation. Advances in Consumer Research,
29(1), 350-353.
2. Angst, C. M., & Agarwal, R. (2009). Adoption of electronic health records in the presence
of privacy concerns: the elaboration likelihood model and individual persuasion. MIS
Quarterly, 33(2), 339-370.
3. Bagozzi, R. P., Yi, Y., & Nassen, K. D. (1998). Representation of measurement error in
marketing variables: Review of approaches and extension to three-facet designs. Journal of
Econometrics, 89(1), 393-421.
4. Bansal, G., & Gefen, D. (2010). The impact of personal dispositions on information sensi-
tivity, privacy concern and trust in disclosing health information online. Decision Support
Systems, 49(2), 138-150.
5. Beldad, A., De Jong, M., & Steehouder, M. (2010). How shall I trust the faceless and the
intangible? A literature review on the antecedents of online trust. Computers in Human
Behavior, 26(5), 857-869.
6. Buchanan, T., Paine, C., Joinson, A. N., & Reips, U. D. (2007). Development of measures
of online privacy concern and protection for use on the Internet. Journal of the American
Society for Information Science and Technology, 58(2), 157-165.
7. Campbell, A. J. (1997). Relationship marketing in consumer markets: A comparison of
managerial and consumer attitudes about information privacy. Journal of Interactive Mar-
keting, 11(3), 44-57.
8. Cook, K. S. (1977). Exchange and power in networks of interorganizational relations. So-
ciological Quarterly, 62-82.
9. Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: Balancing economic and justice
considerations. Journal of Social Issues, 59(2), 323-342.
10. Davidson, S. M., & Heineke, J. (2007). Toward an effective strategy for the diffusion and
use of clinical information systems. Journal of the American Medical Informatics Associa-
tion, 14(3), 361-367.
11. Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of
information technology. MIS Quarterly, 319-340.
12. Dinev, T., & Hart, P. (2004). Internet privacy concerns and their antecedents-measurement
validity and a regression model. Behaviour & Information Technology, 23(6), 413-422.
13. Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transac-
tions. Information Systems Research, 17(1), 61-80.
14. Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics:
Integrative social contracts theory. Academy of Management Review, 19(2), 252-284.
15. Doll, W. J., Xia, W., & Torkzadeh, G. (1994). A confirmatory factor analysis of the end-
user computing satisfaction instrument. MIS Quarterly, 453-461.
16. Eastlick, M. A., Lotz, S. L., & Warrington, P. (2006). Understanding online B-to-C rela-
tionships: An integrated model of privacy concerns, trust, and commitment. Journal of
Business Research, 59(8), 877-886.
�686 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
17. Faja, S., & Trimi, S. (2006). Influence of the web vendor's interventions on privacy-related
behaviors in e-commerce. Communications of the Association for Information Systems,
17(1), 27.
18. Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobserv-
able variables and measurement error. Journal of marketing research, 39-50.
19. Gefen, D., & Straub, D. (2005). A practical guide to factorial validity using PLS-Graph:
Tutorial and annotated example. Communications of the Association for Information sys-
tems, 16(1), 5.
20. Gefen, D., Straub, D., & Boudreau, M. C. (2000). Structural equation modeling and re-
gression: Guidelines for research practice. Communications of the association for infor-
mation systems, 4(1), 7.
21. Hair, J. F., Anderson, R. E., Tatham, R. L., & William, C. (1998). Black (1998), Multivar-
iate data analysis: Upper Saddle River, NJ: Prentice Hall.
22. Hannan, T. J. (1996). Electronic medical records. Health Informatics: An Overview, 133-
148.
23. Homans, G. C. (1958). Social behavior as exchange. American journal of sociology, 597-
606.
24. Hooper, D., Coughlan, J., Mullen, M. (2008). Structural Equation Modelling: Guidelines
for Determining Model Fit. Electronic Journal of Business Research Methods, 6(1), 53-60
25. Hu, L. T., & Bentler, P. M. (1999). Cutoff criteria for fit indexes in covariance structure
analysis: Conventional criteria versus new alternatives. Structural equation modeling: a
multidisciplinary journal, 6(1), 1-55.
26. Hwang, H. G. & Lin, H. T. (2012). Concern for Electronic Medical Records Privacy—The
Construct, the Instrument, and Causal Models. (NSC100-2410-H009-012-MY2).
27. Kline, T. J. (2005). Psychological testing: A practical approach to design and evaluation.
Sage Publications.
28. Lee, C. H., & Cranage, D. A. (2011). Personalisation–privacy paradox: The effects of per-
sonalisation and privacy assurance on customer responses to travel Web sites. Tourism
Management, 32(5), 987-994.
29. Lee, D., Larose, R., & Rifon, N. (2008). Keeping our network safe: a model of online pro-
tection behaviour. Behaviour & Information Technology, 27(5), 445-454.
30. Li, Y. (2011). Empirical studies on online information privacy concerns: literature review
and an integrative framework. Communications of the Association for Information Sys-
tems, 28(1), 453-496.
31. Li, Y. (2014). A multi-level model of individual information privacy beliefs. Electronic
Commerce Research and Applications, 13(1), 32-44.
32. Li, Y. (2014). The impact of disposition to privacy, website reputation and website famili-
arity on information privacy concerns. Decision Support Systems, 57, 343-354.
33. Lwin, M., Wirtz, J., & Williams, J. D. (2007). Consumer online privacy concerns and re-
sponses: a power–responsibility equilibrium perspective. Journal of the Academy of Mar-
keting Science, 35(4), 572-585.
34. Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users' information privacy con-
cerns (IUIPC): The construct, the scale, and a causal model. Information Systems Re-
search, 15(4), 336-355.
35. Marsh, H. W., & Hocevar, D. (1985). Application of confirmatory factor analysis to the
study of self-concept: First-and higher order factor models and their invariance across
groups. Psychological bulletin, 97(3), 562.
36. Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 5-12.
� An Empirical Study of Concern for Privacy 687
37. Mercuri, R. T. (2004). The HIPAA-potamus in health care data security. Communications
of the ACM, 47(7), 25-28.
38. Milberg, S. J., Burke, S. J., Smith, H. J., & Kallman, E. A. (1995). Values, personal infor-
mation privacy, and regulatory approaches. Communications of the ACM, 38(12), 65-74.
39. Mira, J. J., Lorenzo, S., & Navarro, I. (2013). Hospital reputation and perceptions of pa-
tient safety. Medical principles and practice: international journal of the Kuwait Universi-
ty, Health Science Centre, 23(1), 92-94.
40. Mohamed, N., & Ahmad, I. H. (2012). Information privacy concerns, antecedents and pri-
vacy measure use in social networking sites: Evidence from Malaysia. Computers in Hu-
man Behavior, 28(6), 2366-2375.
41. Nam, C., Song, C., Lee, E., & Park, C. I. (2006). Consumers’ privacy concerns and will-
ingness to provide marketing-related personal information online. Advances in Consumer
Research, 33, 212.
42. Nguyen, N., & Leblanc, G. (2001). Corporate image and corporate reputation in custom-
ers’ retention decisions in services. Journal of retailing and Consumer Services, 8(4), 227-
236.
43. Nunnally, J. C., & Bernstein, I. H. (1994). The assessment of reliability. Psychometric the-
ory, 3, 248-292.
44. Nunnally, J. C., Bernstein, I. H., & Berge, J. M. T. (1967). Psychometric theory, 226. New
York: McGraw-Hill.
45. Pavlou, P. A., & Fygenson, M. (2006). Understanding and predicting electronic commerce
adoption: An extension of the theory of planned behavior. MIS Quarterly, 115-143.
46. Pavlou, P. A., Liang, H., & Xue, Y. (2007). Understanding and mitigating uncertainty in
online environments: a principal-agent perspective. MIS Quarterly, 31(1), 105-136.
47. Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to
provide personal information. Journal of public policy & marketing, 19(1), 27-41.
48. Rahman, M., & Kreider, C. (2012). Information Security Principles for Electronic Medical
Record (EMR) Systems. AMCIS 2012 Proceedings, 9.
49. Segars, A. H., & Grover, V. (1993). Re-examining perceived ease of use and usefulness: A
confirmatory factor analysis. MIS Quarterly, 517-525.
50. Sehgal, A. R. (2010). The role of reputation in US News & World Report's rankings of the
top 50 American hospitals. Annals of internal medicine, 152(8), 521-525.
51. Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of privacy concern among online con-
sumers. Journal of public policy & marketing, 19(1), 62-73.
52. Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: measuring indi-
viduals' concerns about organizational practices. MIS Quarterly, 167-196.
53. Stewart, K. A., & Segars, A. H. (2002). An empirical examination of the concern for in-
formation privacy instrument. Information Systems Research, 13(1), 36-49.
54. Stone, E. F., Gueutal, H. G., Gardner, D. G., & McClure, S. (1983). A field experiment
comparing information-privacy values, beliefs, and attitudes across several types of organ-
izations. Journal of applied psychology, 68(3), 459.
55. Straub, D. W. (1989). Validating instruments in MIS research. MIS Quarterly, 147-169.
56. Straub, D., Boudreau, M. C., & Gefen, D. (2004). Validation guidelines for IS positivist
research. The Communications of the Association for Information Systems, 13(1), 63.
57. Trochim, W. M., & Donnelly, J. P. (2001). Research methods knowledge base.
58. Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard law review, 193-
220.
59. Wartick, S. L. (1992). The relationship between intense media exposure and change in
corporate reputation. Business & Society, 31(1), 33-49.
�688 K. F. Chen, H.-G. Hwang, M.-L. Sher, and H.-T. Lin
60. Wirtz, J., Lwin, M. O., & Williams, J. D. (2007). Causes and consequences of consumer
online privacy concern. International Journal of Service Industry Management, 18(4), 326-
348.
61. Wu, K.-W., Huang, S. Y., Yen, D. C., & Popova, I. (2012). The effect of online privacy
policy on consumer privacy concern and trust. Computers in Human Behavior, 28(3), 889-
897.
62. Yousafzai, S., Pallister, J., & Foxall, G. (2009). Multi-dimensional role of trust in Internet
banking adoption. The Service Industries Journal, 29(5), 591-605.
�