Keywords:
behavioral intention
cybersecurity
password security
structural equation modeling
UTAUT

  • Abstract

    The study presented focuses on evaluating password security compliance within a private hospital in Phuket, employing the Unified Theory of Acceptance and Use of Technology (UTAUT) framework. Descriptive statistics reveal that 416 healthcare professionals participated in the survey, with 55% female. Age analysis showed that nearly half (48.6%) of participants were under 30, and 85.3% held a bachelor's degree. Most respondents adhered to recommended password security practices, including using passwords with 8-10 characters and incorporating numbers, uppercase letters, and special characters. However, a significant vulnerability was observed as 83.41% of respondents used the same password across multiple accounts. Statistical analysis using Structural Equation Modeling (SEM) indicated that performance expectancy (PE), effort expectancy (EE), and social influence (SI) significantly influenced behavioral intention (BI) to comply with password security practices. PE had the highest impact (β = 0.56, p < 0.001), followed by EE (β = 0.26, p < 0.001), and SI (β = 0.21, p = 0.002). Facilitating conditions (FC) significantly affected actual usage (USE) with a moderate impact (β = 0.12, p = 0.036). Age and experience moderated the relationships between these constructs, suggesting that younger and less experienced employees were more influenced by ease of use and performance expectations, while older staff relied more on facilitating conditions. This study contributes to the understanding of how various factors influence password security compliance in healthcare, emphasizing the need for tailored interventions based on demographic differences to enhance security practices effectively.

  • References

    1. AlQudah, A., Al-Emran, M., & Shaalan, K. (2021). Technology acceptance in healthcare: a systematic review. Applied Sciences, 11(22), 10537. https://doi.org/10.3390/app112210537
    2. Aroms, E. (2012). NIST special publication 800-63: Electronic authentication guideline. CreateSpace Independent Publishing Platform.
    3. Ayatollahi, H. & Shagerdi, G. (2017). Information security risk assessment in hospitals. The Open Medical Informatics Journal, 11(1), 37-43. https://doi.org/10.2174/1874431101711010037
    4. Barchielli, C., Marullo, C., Bonciani, M., Rebecchi, A., Borrelli, F., Rapaccini, M., & Tani, M. (2021). Nurses and the acceptance of innovations in technology-intensive contexts: The need for tailored management strategies. BMC Health Services Research, 21(639). https://doi.org/10.1186/s12913-021-06628-5
    5. Breneol, S., Curran, J. A., Marten, R., Ndegwa, M., Drummond, J. H., Kiran, T., Ahmed, Z., & Wilson, K. (2022). Strategies to adapt and implement health system guidelines and recommendations: A scoping review. Health Research Policy and Systems, 20(64). https://doi.org/10.1186/s12961-022-00865-8
    6. Centers for Medicare & Medicaid Services (CMS), HHS (2006). Medicare program; revisions to payment policies, five-year review of work relative value units, changes to the practice expense methodology under the physician fee schedule, and other changes to payment under part B; revisions to the payment policies of ambulance services under the fee schedule for ambulance services; and ambulance inflation factor update for CY 2007. Final rule with comment period. Federal register, 71(231), 69623–70251.
    7. Davis, F. D. (1993). User acceptance of information technology: Ssystem characteristics, user perceptions and behavioral impacts. International Journal of Man-Machine Studies, 38(3), 475–487. https://doi.org/10.1006/imms.1993.1022
    8. Demsash, A. W., Kalayou, M. H., & Walle, A. D. (2024). Health professionals’ acceptance of mobile-based clinical guideline application in a resource-limited setting: Using a modified UTAUT model. BMC Medical Education, 24(689). https://doi.org/10.1186/s12909-024-05680-z
    9. Dickerson, J. E. (2022). Privacy, confidentiality, and security of healthcare information. Anesthesia & Intensive Care Medicine, 23(11), 740-743. https://doi.org/10.1016/j.mpaic.2022.08.014
    10. Diel, S., Doctor, E., Reith, R., & Scheid, J. (2023). Examining supporting and constraining factors of physicians’ acceptance of telemedical online consultations: A survey study. BMC Health Services Research, 23(1128). https://doi.org/10.1186/s12913-023-10032-6
    11. Ezugwu, A., Ukwandu, E., Ugwu, C., Ezema, M., Olebara, C., Ndunagu, J., Ofusori, L., & Ome, U. (2023). Password-based authentication and the experiences of end users. Scientific African, 21, e01743. https://doi.org/10.1016/j.sciaf.2023.e01743
    12. Fagan, M., Albayram, Y., Khan, M., & Buck, R. (2017). An investigation into users’ considerations toward using password managers. Human-Centric Computing and Information Sciences, 7(12). https://doi.org/10.1186/s13673-017-0093-6
    13. Fernando, W. P. K., Dissanayake, D. A. N. P., Dushmantha, S. G. V. D., Liyanage, D. L. C. P., & Karunatilake, C. (2023). Challenges and opportunities in password management: a review of current solutions. Sri Lanka Journal of Social Sciences and Humanities, 3(2), 9-20. https://doi.org/10.4038/sljssh.v3i2.96
    14. Govindarajan, U. H., Singh, D. K., & Gohel, H. A. (2023). Forecasting cyber security threats landscape and associated technical trends in telehealth using Bidirectional Encoder Representations from Transformers (BERT). Computers and Security, 133, 103404. https://doi.org/10.1016/j.cose.2023.103404
    15. Holden, R. and Karsh, B. (2010). The technology acceptance model: its past and its future in health care. Journal of Biomedical Informatics, 43(1), 159-172. https://doi.org/10.1016/j.jbi.2009.07.002
    16. Huang, W., Ong, W.C., Wong, M.K.F., Ng, E.Y.K., Koh, T., Chandramouli, C., Ng, C.T., Hummei, Y., Huang, F., Lam, C.S.P, & Tromp, J. (2024). Applying the utaut2 framework to patients’ attitudes toward healthcare task shifting with artificial intelligence. BMC Health Services Research, 24(1). https://doi.org/10.1186/s12913-024-10861-z
    17. Humaidi, N. and Balakrishnan, V. (2017). Indirect effect of management support on users’ compliance behavior toward information security policies. Health Information Management Journal, 47(1), 17-27. https://doi.org/10.1177/1833358317700255
    18. Inglesant, P. G., & Sasse, M. A. (2010). The true cost of unusable password policies: Password use in the wild. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 383–392). Association for Computing Machinery. https://doi.org/10.1145/1753326.1753384
    19. Jamil, H., Zia, T., & Nayeem, T. (2021). User acceptance of password manager software: evidence from Australian microbusinesses. Journal of Information Security and Cybercrimes Research, 4(2), 148-158. https://doi.org/10.26735/kpob8473
    20. Javaid, M., Haleem, A., Singh, R. P., & Suman, R. (2023). Toward insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends. Cybersecurity Applications, 1, 100016. https://doi.org/10.1016/j.csa.2023.100016
    21. Jerry-Egemba, N. (2023). Safe and sound: strengthening cybersecurity in healthcare through robust staff educational programs. Healthcare Management Forum, 37(1), 21-25. https://doi.org/10.1177/08404704231194577
    22. Katsini, C., Fidas, C., Belk, M., Samaras, G., & Avouris, N. (2019). A human-cognitive perspective of users’ password choices in recognition-based graphical authentication. International Journal of Human-Computer Interaction, 35(19), 1800-1812. https://doi.org/10.1080/10447318.2019.1574057
    23. Kavrestad, J., Lennartsson, M., Birath, M., & Nohlberg, M. (2020). Constructing secure and memorable passwords. Information & Computer Security, 28(5), 701-717. https://doi.org/10.1108/ics-07-2019-0077
    24. Ketikidis, P. H., Dimitrovski, T., Lazuras, L., & Bath, P. A. (2012). Acceptance of health information technology in health professionals: an application of the revised technology acceptance model. Health Informatics Journal, 18(2), 124-134. https://doi.org/10.1177/1460458211435425
    25. Metallo, C., Agrifoglio, R., Lepore, L., & Landriani, L. (2022). Explaing users’ technology acceptance through national cultural values in the hospital context. BMC Health Services Research, 22(1). https://doi.org/10.1186/s12913-022-07488-3
    26. Nair, A., & Greeshma, M. R. (2023). Mastering information security compliance management: A comprehensive handbook on ISO/IEC 27001:2022 compliance. Packt Publishing.
    27. O’Brien, N., Graß, E., Martin, G., Durkin, M., Darzi, A., & Ghafur, S. (2020). Developing a globally applicable cybersecurity framework for healthcare: a delphi consensus study. BMJ Innovations, 7(1), 199-207. https://doi.org/10.1136/bmjinnov-2020-000572
    28. Shi, D. & Maydeu-Olivares, A. (2020). The effect of estimation methods on SEM fit indices. Educational and Psychological Measurement, 80(3), 421–445. https://doi.org/10.1177/0013164419885164
    29. Shi, D., Lee, T., & Maydeu-Olivares, A. (2019). Understanding the model size effect on SEM fit indices. Educational and Psychological Measurement, 79(2), 310–334. https://doi.org/10.1177/0013164418783530
    30. Sullivan, N., Tully, J., Dameff, C., Opara, C., Snead, M., & Selzer, J. (2023). A national survey of hospital cyber attack emergency operation preparedness. Disaster Medicine and Public Health Preparedness, 17, e363. https://doi.org/10.1017/dmp.2022.283
    31. Uwizeyemungu, S., Poba‐Nzaou, P., & Cantinotti, M. (2019). European hospitals’ transition toward fully electronic-based systems: do information technology security and privacy practices follow? Jmir Medical Informatics, 7(1), e11211. https://doi.org/10.2196/11211
    32. Venkatesh, V., Morris, M., Davis, G., & Davis, F. (2003). User acceptance of information technology: toward a unified view. Mis Quarterly, 27(3), 425–478. https://doi.org/10.2307/30036540
    33. Wazid, M., Das, A. K., Mohd, N., & Park, Y. H. (2022). Healthcare 5.0 security framework: applications, issues and future research directions. IEEE Access, 10, 129429-129442. https://doi.org/10.1109/access.2022.3228505
    34. Williams, M. D., Rana, N. P., & Dwivedi, Y. K. (2015). The unified theory of acceptance and use of technology (UTAUT): A literature review. Journal of Enterprise Information Management, 28(3), 443–488. https://doi.org/10.1108/JEIM-09-2014-0088
    35. Yamane, T. (1973). Statistics: An Introductory Analysis. 3rd Edition, Harper and Row, New York
    36. Zimmermann, V., Marky, K., & Renaud, K. (2022). Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information. Behavior and Information Technology, 42(6), 700-743. https://doi.org/10.1080/0144929x.2022.2042384
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright (c) 2025 The Authors

How to cite

Jarupunphol, P., Siwatchaya, S., & Buathong, W. (2025). Evaluating password security compliance in a Phuket private hospital: A UTAUT-based analysis. Multidisciplinary Reviews, 8(7), 2025195. https://doi.org/10.31893/multirev.2025195
Crossref
Scopus
Google Scholar
Europe PMC
  • Article viewed - 180
  • PDF downloaded - 96