{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T18:03:29Z","timestamp":1776103409502,"version":"3.50.1"},"reference-count":120,"publisher":"Emerald","issue":"5","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,3]]},"abstract":"<jats:sec>\n                    <jats:title>Purpose<\/jats:title>\n                    <jats:p>Information systems (IS) research in general and health IS studies, in particular, are prone to a positivity bias \u2013 largely focusing on upside gains rather than the potential misuse practices. This paper aims to explore failures in health IS use and shortcomings in data privacy and cybersecurity and to provide an explanatory model for health record misuse.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Design\/methodology\/approach<\/jats:title>\n                    <jats:p>This research is based on four data sets that we collected through a longitudinal project studying digital health (implementation, use and evaluation), interviews with experts (cybersecurity and digital health) and healthcare stakeholders (health professionals and managers). We applied qualitative analysis to explain health records misuse from a sociotechnical perspective.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Findings<\/jats:title>\n                    <jats:p>We propose a contextualized model of \u201chealth records misuse\u201d with two overarching dimensions: data misfit and improper data processing. We explain sub-categories of data misfit: availability misfit, meaning misfit and place misfit, as well as sub-categories of improper data processing: improper interaction and improper use-related actions. Our findings demonstrate how health records misuse can emerge in sociotechnical health systems and impact health service delivery and patient safety.<\/jats:p>\n                  <\/jats:sec>\n                  <jats:sec>\n                    <jats:title>Originality\/value<\/jats:title>\n                    <jats:p>Through contextualizing system misuse in healthcare, this research advances the understanding of ineffective use and failures in health data protection practices. Our proposed theoretical model provides explanations for unique patterns of IS misuse in healthcare, where data protection failures are consequential for healthcare organizations and patient safety.<\/jats:p>\n                  <\/jats:sec>","DOI":"10.1108\/itp-12-2022-0931","type":"journal-article","created":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T13:19:51Z","timestamp":1719839991000},"page":"2326-2356","source":"Crossref","is-referenced-by-count":4,"title":["Unpacking the complexities of health record misuse: insights from Australian health services"],"prefix":"10.1108","volume":"38","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8499-9282","authenticated-orcid":true,"given":"Javad","family":"Pool","sequence":"first","affiliation":[{"name":"ARC Industrial Transformation Training Centre for Information Resilience (CIRES), The University of Queensland , ,","place":["Brisbane, Australia"]},{"name":"School of Electrical Engineering and Computer Science, The University of Queensland , ,","place":["Brisbane, Australia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5305-8677","authenticated-orcid":true,"given":"Saeed","family":"Akhlaghpour","sequence":"additional","affiliation":[{"name":"Business School, The University of Queensland , ,","place":["Brisbane, Australia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Burton-Jones","sequence":"additional","affiliation":[{"name":"Business School, The University of Queensland , ,","place":["Brisbane, Australia"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2024,7,2]]},"reference":[{"issue":"1","key":"2025103008413994700_ref001","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.infoandorg.2016.02.001","article-title":"Collective mindfulness in post-implementation IS adaptation processes","volume":"26","author":"Aanestad","year":"2016","journal-title":"Information and Organization"},{"issue":"2","key":"2025103008413994700_ref002","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1287\/isre.2020.0973","article-title":"The phishing funnel model: a design artifact to predict user susceptibility to phishing websites","volume":"32","author":"Abbasi","year":"2021","journal-title":"Information Systems Research"},{"issue":"4","key":"2025103008413994700_ref003","doi-asserted-by":"publisher","first-page":"796","DOI":"10.1287\/isre.1100.0327","article-title":"Research commentary\u2014the digital transformation of healthcare: current status and the road ahead","volume":"21","author":"Agarwal","year":"2010","journal-title":"Information Systems Research"},{"issue":"4","key":"2025103008413994700_ref004","doi-asserted-by":"publisher","first-page":"1265","DOI":"10.5465\/amr.2007.26586822","article-title":"Constructing mystery: empirical matters in theory development","volume":"32","author":"Alvesson","year":"2007","journal-title":"Academy of Management Review"},{"issue":"6","key":"2025103008413994700_ref005","doi-asserted-by":"publisher","first-page":"1290","DOI":"10.1111\/joms.12582","article-title":"The problematizing review: a counterpoint to Elsbach and Van Knippenberg's argument for integrative reviews","volume":"57","author":"Alvesson","year":"2020","journal-title":"Journal of Management Studies"},{"issue":"18","key":"2025103008413994700_ref006","doi-asserted-by":"publisher","first-page":"12319","DOI":"10.1007\/s00500-021-05926-8","article-title":"Cyber-attack detection in healthcare using cyber-physical system and machine learning techniques","volume":"25","author":"AlZubi","year":"2021","journal-title":"Soft Computing"},{"issue":"4","key":"2025103008413994700_ref007","doi-asserted-by":"publisher","first-page":"1082","DOI":"10.1080\/07421222.2017.1394063","article-title":"Information security control theory: achieving a sustainable reconciliation between sharing and protecting the privacy of information","volume":"34","author":"Anderson","year":"2017","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025103008413994700_ref008","doi-asserted-by":"publisher","DOI":"10.1016\/j.infoandorg.2023.100455","article-title":"Managing compliance with privacy regulations through translation guardrails: a health information exchange case study","volume":"33","author":"Anderson","year":"2023","journal-title":"Information and Organization"},{"issue":"2","key":"2025103008413994700_ref009","doi-asserted-by":"publisher","first-page":"339","DOI":"10.2307\/20650295","article-title":"Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion","volume":"33","author":"Angst","year":"2009","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025103008413994700_ref010","doi-asserted-by":"publisher","first-page":"893","DOI":"10.25300\/misq\/2017\/41.3.10","article-title":"When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches","volume":"41","author":"Angst","year":"2017","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025103008413994700_ref011","doi-asserted-by":"publisher","first-page":"3","DOI":"10.17705\/1jais.00122","article-title":"The legacy of the technology acceptance model and a proposal for a paradigm shift","volume":"8","author":"Bagozzi","year":"2007","journal-title":"Journal of the Association for Information Systems"},{"issue":"1","key":"2025103008413994700_ref012","doi-asserted-by":"publisher","first-page":"315","DOI":"10.25300\/misq\/2021\/15882","article-title":"The next generation of research on IS use: a theoretical framework of delegation to and from agentic IS artifacts","volume":"45","author":"Baird","year":"2021","journal-title":"MIS Quarterly"},{"key":"2025103008413994700_ref013","article-title":"UnitingCare Queensland security incident takes some systems offline","author":"Barbaschow","year":"2021","journal-title":"ZDNet"},{"issue":"4","key":"2025103008413994700_ref014","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1057\/s41303-017-0047-0","article-title":"User response to mandatory IT use: a coping theory perspective","volume":"27","author":"Bhattacherjee","year":"2018","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025103008413994700_ref015","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1186\/s12911-021-01548-0","article-title":"Persisting workarounds in electronic health record system use: types, risks and benefits","volume":"21","author":"Boonstra","year":"2021","journal-title":"BMC Medical Informatics and Decision Making"},{"key":"2025103008413994700_ref016","volume-title":"Ransomware Has Put Australia\u2019s Hospital Cybersecurity on Life Support","author":"Braue","year":"2021"},{"issue":"3","key":"2025103008413994700_ref017","doi-asserted-by":"publisher","first-page":"632","DOI":"10.1287\/isre.1120.0444","article-title":"From use to effective use: a representation theory perspective","volume":"24","author":"Burton-Jones","year":"2013","journal-title":"Information Systems Research"},{"issue":"3","key":"2025103008413994700_ref018","doi-asserted-by":"publisher","first-page":"468","DOI":"10.1287\/isre.2017.0702","article-title":"How can we develop contextualized theories of effective use? A demonstration in the context of community-care electronic health records","volume":"28","author":"Burton-Jones","year":"2017","journal-title":"Information Systems Research"},{"key":"2025103008413994700_ref019","doi-asserted-by":"crossref","first-page":"152","DOI":"10.4324\/9781315619361-13","volume-title":"The Routledge Companion to Management Information Systems","author":"Burton-Jones","year":"2017"},{"key":"2025103008413994700_ref020","volume-title":"MIS Quarterly Research Curations","author":"Burton-Jones","year":"2017"},{"key":"2025103008413994700_ref021","article-title":"UnitingCare cyber attack prompts suspension from My Health Record system, affects staff pay","author":"Callinan","year":"2021","journal-title":"ABC News"},{"issue":"4","key":"2025103008413994700_ref022","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1080\/07421222.2014.1001257","article-title":"The behavioral roots of information systems security: exploring key factors related to unethical IT use","volume":"31","author":"Chatterjee","year":"2015","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"2025103008413994700_ref023","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1002\/sres.692","article-title":"Webs of significance: the work of Geoffrey Vickers","volume":"22","author":"Checkland","year":"2005","journal-title":"Systems Research and Behavioral Science: The Official Journal of the International Federation for Systems Research"},{"issue":"1","key":"2025103008413994700_ref024","doi-asserted-by":"publisher","first-page":"205","DOI":"10.25300\/misq\/2016\/40.1.09","article-title":"Individuals' internet security perceptions and behaviors: polycontextual contrasts between the United States and China","volume":"40","author":"Chen","year":"2016","journal-title":"MIS Quarterly"},{"issue":"13","key":"2025103008413994700_ref025","doi-asserted-by":"publisher","first-page":"10248","DOI":"10.1109\/jiot.2020.3041042","article-title":"A security awareness and protection system for 5G smart healthcare based on zero-trust architecture","volume":"8","author":"Chen","year":"2021","journal-title":"IEEE Internet of Things Journal"},{"issue":"3","key":"2025103008413994700_ref026","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1016\/j.infoandorg.2004.02.001","article-title":"Pushing the contextual envelope: developing and diffusing IS theory for health information systems research","volume":"14","author":"Chiasson","year":"2004","journal-title":"Information and Organization"},{"issue":"3","key":"2025103008413994700_ref027","doi-asserted-by":"publisher","first-page":"904","DOI":"10.1080\/07421222.2015.1138375","article-title":"Influence of firm's recovery endeavors upon privacy breach on online customer behavior","volume":"33","author":"Choi","year":"2016","journal-title":"Journal of Management Information Systems"},{"issue":"5","key":"2025103008413994700_ref028","doi-asserted-by":"publisher","first-page":"971","DOI":"10.1111\/1475-6773.13203","article-title":"Data breach remediation efforts and their implications for hospital quality","volume":"54","author":"Choi","year":"2019","journal-title":"Health Services Research"},{"issue":"3","key":"2025103008413994700_ref029","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1016\/j.hlpt.2020.04.008","article-title":"An event study of data breaches and hospital IT spending","volume":"9","author":"Choi","year":"2020","journal-title":"Health Policy and Technology"},{"issue":"1","key":"2025103008413994700_ref030","doi-asserted-by":"publisher","first-page":"22","DOI":"10.17705\/1cais.03922","article-title":"A blended model of electronic medical record system adoption in Canadian medical practices","volume":"39","author":"Cocosila","year":"2016","journal-title":"Communications of the Association for Information Systems"},{"issue":"1","key":"2025103008413994700_ref031","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.infoandorg.2005.07.001","article-title":"Negotiating ICT development and use: the case of a telemedicine system in the healthcare region of Crete","volume":"16","author":"Constantinides","year":"2006","journal-title":"Information and Organization"},{"issue":"4","key":"2025103008413994700_ref032","doi-asserted-by":"publisher","first-page":"673","DOI":"10.2307\/20650322","article-title":"How ethics can enhance organizational privacy: lessons from the choicepoint and TJX data breaches","volume":"33","author":"Culnan","year":"2009","journal-title":"MIS Quarterly"},{"key":"2025103008413994700_ref033","article-title":"Staff unable to access patient files after Eastern Health cyber attack","author":"Cunningham","year":"2021","journal-title":"The Age"},{"issue":"1","key":"2025103008413994700_ref034","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach","volume":"20","author":"D'Arcy","year":"2009","journal-title":"Information Systems Research"},{"issue":"2","key":"2025103008413994700_ref035","doi-asserted-by":"publisher","first-page":"285","DOI":"10.2753\/mis0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: a coping perspective","volume":"31","author":"D'Arcy","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025103008413994700_ref036","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1057\/palgrave.ejis.3000518","article-title":"Contextual influences on technology use mediation: a comparative analysis of electronic medical record systems","volume":"14","author":"Davidson","year":"2005","journal-title":"European Journal of Information Systems"},{"key":"2025103008413994700_ref037","article-title":"Healthcare can\u2019t ignore ransomware\u2019s impact on care quality, patient morbidity","author":"Davis","year":"2021","journal-title":"SC Media"},{"issue":"4","key":"2025103008413994700_ref038","doi-asserted-by":"publisher","first-page":"1200","DOI":"10.1287\/isre.2020.0939","article-title":"Too good to be true: firm social performance and the risk of data breach","volume":"31","author":"D'Arcy","year":"2020","journal-title":"Information Systems Research"},{"key":"2025103008413994700_ref039","first-page":"3009","article-title":"Unpacking the complexity of consistency: insights from a grounded theory study of the effective use of electronic medical records","author":"Eden","year":"2018"},{"issue":"1","key":"2025103008413994700_ref040","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/s12553-023-00809-4","article-title":"A zero trust architecture for health information systems","volume":"14","author":"Edo","year":"2024","journal-title":"Health and Technology"},{"issue":"6","key":"2025103008413994700_ref041","doi-asserted-by":"publisher","first-page":"1537","DOI":"10.1007\/s10796-020-10053-0","article-title":"Toward an understanding of the antecedents to health information privacy concern: a mixed methods study","volume":"23","author":"Fox","year":"2021","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"2025103008413994700_ref042","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1177\/1094428112452151","article-title":"Seeking qualitative rigor in inductive research: notes on the Gioia methodology","volume":"16","author":"Gioia","year":"2013","journal-title":"Organizational Research Methods"},{"issue":"1","key":"2025103008413994700_ref043","doi-asserted-by":"publisher","first-page":"22","DOI":"10.17705\/1jais.00447","article-title":"Got phished? Internet security and human vulnerability","volume":"18","author":"Goel","year":"2017","journal-title":"Journal of the Association for Information Systems"},{"issue":"9","key":"2025103008413994700_ref044","doi-asserted-by":"publisher","first-page":"606","DOI":"10.17705\/1jais.00275","article-title":"An event study analysis of the economic impact of IT operational risk and its subcategories","volume":"12","author":"Goldstein","year":"2011","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"2025103008413994700_ref045","doi-asserted-by":"publisher","first-page":"611","DOI":"10.2307\/25148742","article-title":"The nature of theory in information systems","volume":"30","author":"Gregor","year":"2006","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025103008413994700_ref046","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/mis0742-1222280208","article-title":"Understanding nonmalicious security violations in the workplace: a composite behavior model","volume":"28","author":"Guo","year":"2011","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025103008413994700_ref047","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1080\/07421222.2017.1334480","article-title":"How doctors gain social and economic returns in online health-care communities: a professional capital perspective","volume":"34","author":"Guo","year":"2017","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025103008413994700_ref048","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1080\/07421222.2018.1451962","article-title":"The role of corporate reputation and crisis response strategies in data breach management","volume":"35","author":"Gwebu","year":"2018","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025103008413994700_ref049","doi-asserted-by":"publisher","first-page":"111","DOI":"10.5465\/annals.2016.0017","article-title":"A matter of life or death: how extreme context research matters for management and organization studies","volume":"12","author":"H\u00e4llgren","year":"2018","journal-title":"Academy of Management Annals"},{"issue":"2","key":"2025103008413994700_ref050","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025103008413994700_ref051","doi-asserted-by":"publisher","first-page":"497","DOI":"10.25300\/misq\/2017\/41.2.08","article-title":"Cybercrime deterrence and international legislation: evidence from distributed denial of service attacks","volume":"41","author":"Hui","year":"2017","journal-title":"Mis Quarterly"},{"issue":"8","key":"2025103008413994700_ref052","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1108\/itp-08-2020-0566","article-title":"Technological and informational frames: explaining age-related variation in the use of patient accessible electronic health records as technology and information","volume":"35","author":"Huvila","year":"2022","journal-title":"Information Technology and People"},{"issue":"4","key":"2025103008413994700_ref053","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.im.2013.02.006","article-title":"An empirical test of three mediation models for the relationship between personal innovativeness and user acceptance of technology","volume":"50","author":"Jackson","year":"2013","journal-title":"Information and Management"},{"issue":"1","key":"2025103008413994700_ref054","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1108\/itp-09-2018-0409","article-title":"The importance of policy to effective IM use and improved performance","volume":"33","author":"Jia","year":"2020","journal-title":"Information Technology and People"},{"issue":"3","key":"2025103008413994700_ref055","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1057\/ejis.2015.15","article-title":"Dispositional and situational factors: influences on information security policy violations","volume":"25","author":"Johnston","year":"2016","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025103008413994700_ref056","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1287\/isre.1070.0158","article-title":"Casting the net: a multimodal network perspective on user-system interactions","volume":"19","author":"Kane","year":"2008","journal-title":"Information Systems Research"},{"issue":"3","key":"2025103008413994700_ref057","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1287\/isre.1100.0314","article-title":"IS avoidance in health-care groups: a multilevel investigation","volume":"22","author":"Kane","year":"2011","journal-title":"Information Systems Research"},{"issue":"1","key":"2025103008413994700_ref058","doi-asserted-by":"publisher","first-page":"113","DOI":"10.25300\/misq\/2019\/12743","article-title":"Capitalizing on health information technology to enable digital advantage in US hospitals","volume":"43","author":"Karahanna","year":"2019","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025103008413994700_ref059","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.bbe.2022.11.005","article-title":"Automated detection of cybersecurity attacks in healthcare systems with recursive feature elimination and multilayer perceptron optimization","volume":"43","author":"Kilincer","year":"2023","journal-title":"Biocybernetics and Biomedical Engineering"},{"issue":"4","key":"2025103008413994700_ref060","doi-asserted-by":"publisher","first-page":"1184","DOI":"10.1287\/isre.2019.0858","article-title":"How do EHRs and a meaningful use initiative affect breaches of patient information?","volume":"30","author":"Kim","year":"2019","journal-title":"Information Systems Research"},{"issue":"1","key":"2025103008413994700_ref061","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1111\/isj.12338","article-title":"Prosocial rule breaking on health information security at healthcare organisations in South Korea","volume":"32","author":"Kim","year":"2022","journal-title":"Information Systems Journal"},{"issue":"6","key":"2025103008413994700_ref062","doi-asserted-by":"publisher","first-page":"751","DOI":"10.1057\/palgrave.ejis.3000719","article-title":"An empirical examination of patient-physician portal acceptance","volume":"16","author":"Klein","year":"2007","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025103008413994700_ref063","doi-asserted-by":"crossref","first-page":"553","DOI":"10.25300\/MISQ\/2016\/40.3.02","article-title":"Electronic health records how can IS researchers contribute to transforming healthcare?","volume":"40","author":"Kohli","year":"2016","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025103008413994700_ref064","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/thc-161263","article-title":"Cybersecurity in healthcare: a systematic review of modern threats and trends","volume":"25","author":"Kruse","year":"2017","journal-title":"Technology and Health Care"},{"issue":"2","key":"2025103008413994700_ref065","doi-asserted-by":"publisher","first-page":"41","DOI":"10.2753\/mis0742-1222300202","article-title":"Health-care security strategies for data protection and regulatory compliance","volume":"30","author":"Kwon","year":"2013","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"2025103008413994700_ref066","doi-asserted-by":"crossref","first-page":"1043","DOI":"10.25300\/MISQ\/2018\/13580","article-title":"Meaningful healthcare security: does meaningful-use attestation improve information security performance?","volume":"42","author":"Kwon","year":"2018","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025103008413994700_ref067","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1287\/orsc.1060.0225","article-title":"A triple take on information system implementation","volume":"18","author":"Lapointe","year":"2007","journal-title":"Organization Science"},{"issue":"3","key":"2025103008413994700_ref068","doi-asserted-by":"publisher","first-page":"1023","DOI":"10.25300\/misq\/2020\/14583","article-title":"Achieving effective use when digitalizing work: the role of representational complexity","volume":"44","author":"Lauterbach","year":"2020","journal-title":"MIS Quarterly"},{"issue":"8","key":"2025103008413994700_ref069","doi-asserted-by":"publisher","first-page":"1541","DOI":"10.1002\/asi.23068","article-title":"The effects of information privacy concerns on digitizing personal health records","volume":"65","author":"Li","year":"2014","journal-title":"Journal of the Association for Information Science and Technology"},{"issue":"8","key":"2025103008413994700_ref070","doi-asserted-by":"publisher","first-page":"2","DOI":"10.17705\/1jais.00235","article-title":"Understanding the influence of team climate on IT use","volume":"11","author":"Liang","year":"2010","journal-title":"Journal of the Association for Information Systems"},{"issue":"6","key":"2025103008413994700_ref071","doi-asserted-by":"publisher","first-page":"1552","DOI":"10.17705\/1jais.00646","article-title":"Why individual employees commit malicious computer abuse: a routine activity theory perspective","volume":"21","author":"Luo","year":"2020","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"2025103008413994700_ref072","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1080\/08874417.2020.1802788","article-title":"Factors influencing consumer adoption of electronic health records","volume":"62","author":"Mathai","year":"2022","journal-title":"Journal of Computer Information Systems"},{"issue":"1","key":"2025103008413994700_ref073","doi-asserted-by":"publisher","first-page":"208","DOI":"10.17705\/1cais.05008","article-title":"Qualitative comparative analysis (QCA) in information systems research: status quo, guidelines, and future directions","volume":"50","author":"Mattke","year":"2022","journal-title":"Communications of the Association for Information Systems"},{"issue":"6","key":"2025103008413994700_ref074","doi-asserted-by":"publisher","first-page":"1053","DOI":"10.1136\/amiajnl-2013-002578","article-title":"An analysis of electronic health record-related patient safety concerns","volume":"21","author":"Meeks","year":"2014","journal-title":"Journal of the American Medical Informatics Association"},{"issue":"7","key":"2025103008413994700_ref075","doi-asserted-by":"publisher","first-page":"1077","DOI":"10.1287\/mnsc.1090.1014","article-title":"Privacy protection and technology diffusion: the case of electronic medical records","volume":"55","author":"Miller","year":"2009","journal-title":"Management Science"},{"issue":"6","key":"2025103008413994700_ref076","doi-asserted-by":"publisher","first-page":"564","DOI":"10.1057\/s41303-017-0058-x","article-title":"Which phish get caught? An exploratory study of individuals' susceptibility to phishing","volume":"26","author":"Moody","year":"2017","journal-title":"European Journal of Information Systems"},{"issue":"3","key":"2025103008413994700_ref077","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1016\/j.dss.2012.04.014","article-title":"Towards an integrated model of IT acceptance in healthcare","volume":"53","author":"Moores","year":"2012","journal-title":"Decision Support Systems"},{"issue":"5","key":"2025103008413994700_ref078","doi-asserted-by":"publisher","first-page":"995","DOI":"10.1111\/isj.12433","article-title":"A method for resolving organisation-enterprise system misfits: an action research study in a pluralistic organisation","volume":"33","author":"Morquin","year":"2023","journal-title":"Information Systems Journal"},{"issue":"7","key":"2025103008413994700_ref079","doi-asserted-by":"publisher","first-page":"956","DOI":"10.1038\/ejhg.2015.239","article-title":"Big data in medical research and EU data protection law: challenges to the consent or anonymise approach","volume":"24","author":"Mostert","year":"2016","journal-title":"European Journal of Human Genetics"},{"key":"2025103008413994700_ref080","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijinfomgt.2022.102566","article-title":"Beyond effective use: integrating wise reasoning in machine learning development","volume":"69","author":"Namvar","year":"2023","journal-title":"International Journal of Information Management"},{"issue":"1","key":"2025103008413994700_ref081","doi-asserted-by":"publisher","first-page":"165","DOI":"10.25300\/misq\/2014\/38.1.08","article-title":"Theorization and translation in information technology institutionalization: evidence from Danish home care","volume":"38","author":"Nielsen","year":"2014","journal-title":"MIS Quarterly"},{"issue":"5","key":"2025103008413994700_ref082","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1057\/ejis.2012.2","article-title":"Mediating the intersections of organizational routines during the introduction of a health IT system","volume":"21","author":"Novak","year":"2012","journal-title":"European Journal of Information Systems"},{"key":"2025103008413994700_ref083","article-title":"Australian privacy principles","author":"Office of the Australian Information Commissioner (OAIC)"},{"issue":"3","key":"2025103008413994700_ref084","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1287\/isre.1110.0372","article-title":"Unity in diversity: electronic patient record use in multidisciplinary practice","volume":"22","author":"Oborn","year":"2011","journal-title":"Information Systems Research"},{"issue":"2","key":"2025103008413994700_ref085","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1057\/ejis.2013.18","article-title":"A systematic methodology for privacy impact assessments: a design science approach","volume":"23","author":"Oetzel","year":"2014","journal-title":"European Journal of Information Systems"},{"key":"2025103008413994700_ref086","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1016\/j.chb.2017.07.025","article-title":"Health privacy as sociotechnical capital","volume":"76","author":"Park","year":"2017","journal-title":"Computers in Human Behavior"},{"issue":"2","key":"2025103008413994700_ref087","doi-asserted-by":"publisher","first-page":"317","DOI":"10.25300\/misq\/2015\/39.2.03","article-title":"Disaster experience and hospital information systems an examination of perceived information assurance, risk, resilience, and his usefulness","volume":"39","author":"Park","year":"2015","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025103008413994700_ref088","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1057\/s41303-016-0001-6","article-title":"Examining the intended and unintended consequences of organisational privacy safeguards","volume":"26","author":"Parks","year":"2017","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"2025103008413994700_ref089","doi-asserted-by":"publisher","first-page":"1052","DOI":"10.1080\/0960085x.2022.2103044","article-title":"Balancing information privacy and operational utility in healthcare: proposing a privacy impact assessment (PIA) framework","volume":"32","author":"Parks","year":"2023","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"2025103008413994700_ref090","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1080\/0960085x.2017.1387349","article-title":"Intention\u2013behaviour misalignment at B2C websites: when the horse brings itself to water, will it drink?","volume":"27","author":"Polites","year":"2018","journal-title":"European Journal of Information Systems"},{"key":"2025103008413994700_ref091","article-title":"My Health Record: allergy management for healthcare providers [Audio podcast episode]","author":"Rochford","year":"2021","journal-title":"The Australian Digital Health Agency"},{"key":"2025103008413994700_ref092","article-title":"NSW Health, SBS probe potential cyber attack damage","author":"Roddan","year":"2021","journal-title":"The Australian Financial Review"},{"issue":"4","key":"2025103008413994700_ref093","doi-asserted-by":"publisher","first-page":"1240","DOI":"10.1287\/isre.2020.0941","article-title":"The influence of professional subculture on information security policy violations: a field study in a healthcare context","volume":"31","author":"Sarkar","year":"2020","journal-title":"Information Systems Research"},{"issue":"3","key":"2025103008413994700_ref094","doi-asserted-by":"publisher","first-page":"695","DOI":"10.25300\/misq\/2019\/13747","article-title":"The sociotechnical axis of cohesion for the IS discipline: its historical legacy and its continued relevance","volume":"43","author":"Sarker","year":"2019","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025103008413994700_ref095","doi-asserted-by":"publisher","DOI":"10.5465\/amr.2019.0233","article-title":"Generating theory by abduction","volume":"46","author":"S\u00e6tre","year":"2021","journal-title":"Academy of Management Review"},{"issue":"01","key":"2025103008413994700_ref096","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1109\/msec.2019.2951825","article-title":"Technologists vs. policy makers","volume":"18","author":"Schneier","year":"2020","journal-title":"IEEE Security and Privacy"},{"key":"2025103008413994700_ref097","volume-title":"The Reflective Practitioner: How Professionals Think in Action","author":"Schon","year":"1984"},{"issue":"2","key":"2025103008413994700_ref098","doi-asserted-by":"publisher","first-page":"314","DOI":"10.1080\/07421222.2015.1063315","article-title":"Estimating the contextual risk of data breach: an empirical approach","volume":"32","author":"Sen","year":"2015","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"2025103008413994700_ref099","doi-asserted-by":"publisher","first-page":"731","DOI":"10.2307\/25750703","article-title":"Understanding Organization\u2014enterprise system fit: a path to theorizing the information technology artifact","volume":"34","author":"Strong","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025103008413994700_ref100","doi-asserted-by":"publisher","first-page":"53","DOI":"10.17705\/1jais.00353","article-title":"A theory of organization-EHR affordance actualization","volume":"15","author":"Strong","year":"2014","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"2025103008413994700_ref101","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1016\/j.jsis.2018.12.001","article-title":"Enterprise reputation threats on social media: a case of data breach framing","volume":"28","author":"Syed","year":"2019","journal-title":"The Journal of Strategic Information Systems"},{"issue":"1","key":"2025103008413994700_ref102","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1108\/itp-07-2015-0155","article-title":"Digitalization as institutional work: a case of designing a tool for changing diabetes care","volume":"30","author":"Thorseng","year":"2017","journal-title":"Information Technology and People"},{"issue":"1","key":"2025103008413994700_ref103","doi-asserted-by":"publisher","first-page":"645","DOI":"10.25300\/misq\/2022\/14880","article-title":"Applying and extending the theory of effective use in a business intelligence context","volume":"46","author":"Trieu","year":"2022","journal-title":"MIS Quarterly"},{"key":"2025103008413994700_ref104","doi-asserted-by":"publisher","DOI":"10.1111\/isj.12526","article-title":"How do unintended consequences emerge from EHR implementation? An affordance perspective","author":"Trocin","year":"2024","journal-title":"Information Systems Journal"},{"issue":"2","key":"2025103008413994700_ref105","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.jsis.2007.05.003","article-title":"Danger is in the eye of the beholders: social representations of Information Systems security in healthcare","volume":"16","author":"Vaast","year":"2007","journal-title":"The Journal of Strategic Information Systems"},{"issue":"2","key":"2025103008413994700_ref120","doi-asserted-by":"crossref","first-page":"523","DOI":"10.1007\/s11192-009-0146-3","article-title":"Software survey: VOSviewer, a computer program for bibliometric mapping","volume":"84","author":"Van Eck","year":"2010","journal-title":"Scientometrics"},{"issue":"2","key":"2025103008413994700_ref106","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1080\/0960085x.2023.2225786","article-title":"Understanding variation in subunit adoption of electronic health records: facilitating and constraining configurations of critical dependencies","volume":"33","author":"van Offenbeek","year":"2024","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025103008413994700_ref107","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1111\/isj.12478","article-title":"When workarounds aggravate misfits in the use of electronic health record systems","volume":"34","author":"van Offenbeek","year":"2024","journal-title":"Information Systems Journal"},{"issue":"4","key":"2025103008413994700_ref108","doi-asserted-by":"publisher","first-page":"263","DOI":"10.2753\/mis0742-1222290410","article-title":"Using accountability to reduce access policy violations in information systems","volume":"29","author":"Vance","year":"2013","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025103008413994700_ref109","doi-asserted-by":"publisher","first-page":"345","DOI":"10.25300\/misq\/2015\/39.2.04","article-title":"Increasing accountability through the user interface design artifacts: a new approach to addressing the problem of access-policy violations","volume":"39","author":"Vance","year":"2015","journal-title":"Mis Quarterly"},{"issue":"3","key":"2025103008413994700_ref110","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1287\/isre.1110.0383","article-title":"\u2018Doctors do too little technology\u2019: a longitudinal field study of an electronic healthcare system implementation","volume":"22","author":"Venkatesh","year":"2011","journal-title":"Information Systems Research"},{"issue":"4","key":"2025103008413994700_ref111","doi-asserted-by":"publisher","first-page":"1060","DOI":"10.1080\/07421222.2018.1523531","article-title":"The \u2018Darth\u2019 side of technology use: an inductively derived typology of cyberdeviance","volume":"35","author":"Venkatraman","year":"2018","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"2025103008413994700_ref112","doi-asserted-by":"publisher","first-page":"91","DOI":"10.25300\/misq\/2015\/39.1.05","article-title":"Insider threats in a financial institution","volume":"39","author":"Wang","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025103008413994700_ref113","doi-asserted-by":"publisher","first-page":"601","DOI":"10.25300\/misq\/2019\/14751","article-title":"A longitudinal study of unauthorized access attempts on information systems: the role of opportunity contexts","volume":"43","author":"Wang","year":"2019","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025103008413994700_ref114","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1111\/isj.12129","article-title":"Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives","volume":"28","author":"Willison","year":"2018","journal-title":"Information Systems Journal"},{"key":"2025103008413994700_ref115","volume-title":"The Protection of Personal Data in Health Information Systems-Principles and Processes for Public Health","author":"World Health Organization","year":"2021"},{"issue":"2","key":"2025103008413994700_ref116","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1287\/isre.2014.0522","article-title":"Research note\u2014influence techniques in phishing attacks: an examination of vulnerability and resistance","volume":"25","author":"Wright","year":"2014","journal-title":"Information Systems Research"},{"issue":"2","key":"2025103008413994700_ref117","doi-asserted-by":"publisher","DOI":"10.1016\/j.ipm.2020.102461","article-title":"The antecedents of effective use of hospital information systems in the Chinese context: a mixed-method approach","volume":"58","author":"Yang","year":"2021","journal-title":"Information Processing and Management"},{"issue":"3","key":"2025103008413994700_ref118","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/0960085x.2021.1980444","article-title":"Can peers help reduce violations of information security policies? The role of peer monitoring","volume":"32","author":"Yazdanmehr","year":"2021","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"2025103008413994700_ref119","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2020.103336","article-title":"Task support of electronic patient care report (ePCR) systems in emergency medical services: an elaboration likelihood model lens","volume":"57","author":"Yoo","year":"2020","journal-title":"Information and Management"}],"container-title":["Information Technology &amp; People"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ITP-12-2022-0931\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/itp\/article-pdf\/38\/5\/2326\/10405764\/itp-12-2022-0931en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/itp\/article-pdf\/38\/5\/2326\/10405764\/itp-12-2022-0931en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T12:41:49Z","timestamp":1761828109000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/itp\/article\/38\/5\/2326\/1253458\/Unpacking-the-complexities-of-health-record-misuse"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,2]]},"references-count":120,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2025,11,3]]}},"URL":"https:\/\/doi.org\/10.1108\/itp-12-2022-0931","relation":{},"ISSN":["0959-3845","1758-5813"],"issn-type":[{"value":"0959-3845","type":"print"},{"value":"1758-5813","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7,2]]}}}