Understanding security behaviour among healthcare professionals by comparing results from technology threat avoidance theory and protection motivation theory

We investigate security behaviour among healthcare professionals while comparing upon two prevalent theories in information security (IS) research: Protection Motivation Theory (PMT) and Technology Threat Avoidance Theory (TTAT). Although IS research often uses these models, very few studies compare the two models using a diverse sample of 245 healthcare professionals. The data were analysed using partial least squares regression - structural equation modelling (PLS-SEM). Results indicated that both models were similarly robust at predicting security behaviour. Perceived severity and response efficacy positively influenced avoidance motivation (AM) for PMT. All factors of the threat appraisal arm of TTAT and safeguard efficacy played an influencing role on AM in TTAT. Response cost and self-efficacy were not supported in either model, providing us with potentially new insights into this specific population's security intentions. With the addition of Perceived Threat, TTAT appears to be slightly more robust model with 64% of the variance explained by the given model while PMT explains only 60% of the variance. Given the ever-increasing risk of data breaches in healthcare, practical applications and implications of the study's findings to health information technology (HIT) policy and infrastructure are also discussed.