Extending the UTAUT2 Model with a Privacy Calculus Model to Enhance the Adoption of a Health Information Application in Malaysia

Abstract

This study validates and extends the latest unified theory of acceptance and use of technology (UTAUT2) with the privacy calculus model. To evaluate the adoption of healthcare and e-government applications, researchers have recommended—in previous literature—the application of technology adoption models with privacy, trust, and security-related constructs. However, the current UTAUT2 model lacks privacy, trust, and security-related constructs. Therefore, the proposed UTAUT2 with the privacy calculus model is incorporated into four constructs: privacy concern, perceived risk, trust in the smart national identity card (SNIC), and perceived credibility. Results from a survey data of 720 respondents show that habit, effort expectancy, performance expectancy, social influence, hedonic motivation, and price value are direct determinants that influence behavioral intentions to use. Results also revealed that behavioral intentions, facilitating conditions, habits, perceived risks, and privacy concerns are direct predictors of ‘use behavior’. The authors also analyzed the interrelationships among the research constructs. The extended model may lead toward establishing better innovative e-health services to cover the desires of the citizens through the use of health information applications embedded in an all-in-one card.

1. Introduction

Smart national identity cards are used in many countries [1]. In this regard, most citizens, globally, have national identity cards, even though the types of identity cards might differ. Malaysia was one of the first countries to implement multipurpose smart national identity card (SNICs), known as “MyKad” [1]. The word “My” signifies Malaysia’s internet address and refers to personal ownership. Meanwhile, the word “Kad” is the acronym for “personal identification card” and refers to “card” in the Malay language [2]. The uniqueness of MyKad is that it is an all-in-one national identity card that incorporates multiple applications with personal information, including fingerprints and a digital photo of the cardholder [1,2]. Some studies have investigated the use of MyKad as a national identity card and driver’s license [3,4,5]. Health information (HI) applications are among the embedded applications in MyKad, which stores the blood type, organ implants, chronic diseases, allergies of the MyKad holders, and information on beneficiaries or next-of-kin [6]. The stored health information is highly useful, especially when a MyKad holder is in an emergency health situation, coma, or is an outpatient, and the blood type, organ implants, chronic diseases, and allergies of the card holder are unknown by the doctor. The holder’s MyKad can be surrendered to the doctor, for it to be read through a sophisticated card reader. The card reader displays the health information embedded in the MyKad within seconds. A qualified medical practitioner can immediately access MyKad holder’s HI and prescribe a treatment that is appropriate to the patient’s health condition, to save the individual’s life [1]. However, the facilitating factors and barriers to the adoption of HI applications in MyKad are yet to be investigated. Health information is sensitive by nature, and privacy and security are major concerns among healthcare professionals and patients [1,7,8]. A study on the privacy and security problems of using health information applications in MyKad [1] found that patients worry that their families may access their health records by pretending to be the patient. The respondents agreed that using health information applications in MyKad would erode their privacy, and that MyKad is vulnerable to loss or theft [1].

The extensive adoption of mobile technology in healthcare (mHealth) in developed countries is unavoidable due to the increased costs associated with health monitoring [9]. Healthcare companies are exploring strategies to adapt to this digital marketplace through the adoption of mHealth digital technologies [10]. Despite the extensive offer, growth, and the obvious potential benefits of mHealth, massive adoption of it has still not occurred [9,11]. In the context of patient health data, security and privacy are linked, since any unauthorized access to patient health data (security breach) is a violation of patient privacy. Here, security is the state of being protected against unauthorized use of patient health information, whereas privacy is the protection from unauthorized access to the patient data [12]. Security and privacy concerns about mHealth apps are more significant when the apps are for issues associated with stigma, social isolation, or discrimination, such as HIV/AIDS, sexual orientation, and mental disease [13,14,15]. Therefore, investigating the barriers to (and facilitators of) using mHealth apps may lead toward finding a way to increase user adoptions of mHealth apps [12].

Moreover, past studies have identified some facilitating factors on technology adoption and use, while less attention was given on barriers to technological acceptance and use. In this regard, Ref. [16] synthesized eight technology models into the unified theory of acceptance and use of technology (UTAUT), and further extended this model into UTAUT2 to explain consumer acceptance [17]. Constructs were added to the model, but privacy concerns, perceived credibility, perceived risks, and trust in technology constructs were not integrated into it [18,19,20,21]. In this study, the UTAUT2 model was extended with the privacy calculus model. The privacy calculus model is intended to balance the benefits of disclosing personal information with the risk of loss of privacy [22].

This study investigates the factors that influence consumer intentions toward accepting and using health applications. The research questions that we sought to answer are the following: (a) what are the influences of the privacy calculus constructs on a consumer’s use behavior towards health application adoption? (b) What are the relationships between privacy calculus and UTAUT2 constructs? Answering the above research questions contributes toward theory development by extending UTAUT2 with the privacy calculus model.

Lastly, the sections of this paper are organized as follows. Section 2 is the literature review. Section 3 describes the methodology, followed by Section 4, which presents the results of the empirical study. Section 5 discusses the results. Section 6 describes the contributions and implications. Section 7 lists the limitations while Section 8 presents our conclusions.

2. Literature Review

We researched the technology adoption literature in the top information system and health informatics journals using keywords, such as the unified theory of acceptance and use of technology (UTAUT) model, UTAUT2 model, technology acceptance model, health information application, smart national identity card (SNIC), privacy calculus model (PCM), perceived credibility, and health informatics. The following sections will discuss the technology adoption models and explain our model development and its constructs.

2.1. Technology Adoption Models

The unified theory of acceptance and use of technology (UTAUT) is the most used technology adoption model when examining health technology acceptance and usage [23,24], besides the technology acceptance model (TAM). There are several studies in the literature widely covering the importance of the UTAUT model in assessing the adoption of e-health applications [25,26,27,28,29]. Venkatesh et al. [17] extended the UTAUT model, known as UTAUT2, in the context of a consumer behavior study. UTAUT2 includes the same four core UTAUT constructs: performance expectancy, effort expectancy, social influence, and facilitating conditions, plus three new constructs that are consumer specific: hedonic motivation, price value, and habit [17].

Compared to UTAUT, the extensions proposed in UTAUT2 produced a substantial improvement in the variance explained in behavioral intentions (56% to 74%) and technology use (40% to 52%) [17,23,30]. A recent study using a UTAUT2 extension showed its usefulness in evaluating the critical determinants for the adoption of e-health applications but did not account for the confidentiality issues, nor did it compare two different countries [23,24].

Based on the UTAUT extension literature, UTAUT and UTAUT2 were extended by many studies, including [31,32,33]. However, only one study [34] fully integrated UTAUT2 with the privacy calculus model considering the privacy calculus model constructs as the predictors of the UTAUT2 behavioral intention construct. Based on their findings, the integrated model was able to explain 67.1% of the variance in the behavioral intentions to use technology and 43.1% of the variance in a person’s willingness to disclose private information. The privacy calculus model constructs only predicted the behavioral intention constructs of UTAUT2 without considering the use behavior of UTAUT2, in which authors decided to predict with the privacy calculus constructs in the context of health information applications. On the other hand, the remaining works all adopted privacy calculus-related constructs from different sources [34].

A study to examine the user’s motivation to adopt AI-based digital assistance in service encounters [35] suggested that future studies might need to look at other inhibitors, such as privacy concerns, to explain the user’s acceptance of the drivers of digital voice assistance. Another work investigated how trust and attitude towards virtual assistance were developed [36]. The representation of the work only involved British consumers and, hence, the study recommended an examination of trust constructs in other cultural settings [36].

Gao [31] examined user adoptions toward wearable healthcare devices and found that the perceived privacy risk construct is one of the essential predictors of the intention to adopt healthcare wearable devices. Nysveen [32] studied adoption behavior towards RFID-enabled services. In contrast to [31], they were not able to present any effects of their privacy constructs on one’s intention to use. Zhou [33] studied the adoption of location-based services. Similar to [31], the author found an effect of privacy risk on the usage intention. Moreover, she was able to present an impact of the construct trust, but no relationship between the construct privacy concerns and the usage intention.

Similar to the works by [34,37], the authors extended UTAUT2 with the privacy calculus model. Boonchai Kijsanayotin [38] conceptualized that other antecedents of use behavior constructs of UTAUT should be identified and studied, which the study by [34] did not cover. In contrast to [34], we are evaluating the direct effects of privacy calculus constructs on a citizen’s ‘use behavior’ of health information applications. We expect a better explanation of a citizen’s use behavior towards health information applications by integrating the UTAUT2 with the extended privacy calculus.

2.2. Model Development

The factors of privacy concern, perceived credibility, perceived risk, and trust, were not considered in the extended UTAUT2 [18,19]. The privacy calculus model was introduced by [39,40,41] and their model empirically investigates the instantaneous effects of individual perceptions, such as privacy and risk. The main constructs of the privacy calculus model are privacy risk, privacy concern, institutional trust (i.e., trust in SNIC), and propensity to trust.

According to [20], there are few studies investigating the roles of trust, privacy, security, and risk factors in e-government adoption research because they are not part of any of the IT adoption models. However, such factors are significant in e-government and e-health studies. There are a high number of such studies using trust (e.g., [42,43,44]), privacy, security (e.g., [45,46,47,48]), risk (e.g., [49,50,51,52,53]), and perceived credibility [54], as independent factors, used along with the well-known models of technology adoption and diffusion. Shachak et al. [55] presented some of the criticism of TAM and UTAUT, and argued that it is time for biomedical informatics researchers to move away from them and focus their efforts on a broader array of implementation issues. The analysis reveals that although all other relationships have been empirically explored in some of the other studies, privacy has not been examined as much. All of the above constructs were a part of the proposed technology adoption model.

Moreover, Ref. [21] stated that the combination of behavioral, trust, and risk dimensions to examine the factors that influence new technology acceptance and use, had not been investigated. They proposed that trust and risk-related factors be included in technology acceptance and use models, such as UTAUT2. Thus, we conclude that it is important to conduct empirical research to investigate the relationships among perceived credibility, trust, perceived risk, privacy concerns, and the main constructs of the UTAUT2 model, in the context of health information application adoption. The dependent variable involves the usage behavior [17], which measures the usage frequency of health information applications. Prior privacy-related research studies have seldom studied actual use behaviors, and the potential for insights into the privacy calculus constructs predicting use behavior is important [56], especially in the context of health application adoption. There can be privacy-related factors that hinder the use of health applications; therefore, we decided that privacy calculus variables directly predicted use behavior without affecting behavioral intention.

Our previous research work was the foundation of this study. In [1] we investigated the privacy and security problems in using health information applications in SNIC, whereas [57] and [58] were the foundations for the new technology adoption model in Figure 1. We kept the original relationships of UTAUT2 and present a new model that combines constructs from individual-level technology adoption and the privacy calculus model, and we added a perceived credibility variable. Perceived credibility is an essential construct in the context of health application adoption because security, privacy, and trust issues are common concerns for health technologies. Figure 1 shows the proposed model of this study. The darker lines indicate a new relationship that needs to be tested in the UTAUT2 context. At the same time, the thinner lines show the original UTAUT2 relationships, which will all be validated in this study context.

2.3. UTAUT2 and the New Integrated Constructs and Relationships

We adopted UTAUT2’s nine constructs in our proposed model—performance expectancy (PE), effort expectancy (EE), social influence (SI), facilitating condition (FC), hedonic motivation (HM), price value (PV), habit (HB), behavioral intention (BI), and use behavior (UB). We integrated the following new constructs from the privacy constructs model—Privacy Concern (PC), Perceived Risk (PR), and Trust in SNIC (TS). Then we investigated the inter-relationships among some of the constructs.

The first construct we incorporated was behavioral intention, which describes the strength of one’s intention to perform a specific behavior [59,60]. We define behavioral intention in terms of a citizen’s intention to use health information applications. Behavioral intention is regarded as the predictor variable of use behavior while use behavior is the dependent variable in the proposed research model. BI does not represent a mediator. Therefore, we hypothesize that:

Hypothesize 1 (H1).

A citizen’s behavioral intention to use health information applications will have a positive effect on a citizen’s use behavior.

Facilitating condition refers to the existence of organizational and technical infrastructure in support of an individual’s adoption of technology [4,16,17,61,62]. The impacts of the adoption of technology and use-related skills could be assumed as attributes of the facilitating conditions of UTAUT2’s main constructs [17].

Moreover, the availability of resources directly affects the intentions of users to perform behaviors [63,64]. According to [65], one of the obstacles to a citizen’s acceptance and use of technology is the citizen’s resources to access these platforms, suggesting that citizens with better facilitating conditions (to use technologies) tend to accept and use the technology. However, a user with a lower level of facilitating conditions is more likely to have lower intentions of using the technology [17], such as health information applications. In this research, the positive influences of facilitating resources on a user’s behavioral intentions and use behavior of a particular technology, such as health information applications, was evaluated. Therefore, the following hypotheses are made:

Hypothesize 2a (H2a).

Facilitating conditions will have a positive effect on a citizen’s behavioral intention to use health information applications.

Hypothesize 2b (H2b).

Facilitating conditions will have a positive effect on a citizen’s usage behavior of health information applications.

“Habit” is the degree to which citizens tend to perform behaviors automatically [17,66,67]. For example, after using health information applications, many times, for hospital visits, citizens who use health information applications might develop positive perceptions towards the acceptance and use of SNIC applications. Therefore, this intention is developed in the user’s mind. Hence, a stronger habit will result in an embedded intention that, in turn, will affect behavior [17]. Authors, therefore, have tested it in health information application acceptance and use. The following hypotheses are formed:

Hypothesize 3a (H3a).

Habit will have a positive effect on a citizen’s behavioral intention to use health information applications.

Hypothesize 3b (H3b).

Habit will have a positive effect on a citizen’s usage behavior of health information applications.

Effort expectancy (EE) can be defined as the degree to which a user believes that using a given application or e-health technology would be free of effort [16,17,59]. In this context, authors expect that individuals tend to accept and use health information applications if they find them easy to use. Thus the following hypothesis is formed:

Hypothesize 4 (H4).

EE will have a positive effect on a citizen’s behavioral intention to use health information applications.

Performance expectancy (PE) is generally defined as the degree to which users believe that accepting and using a given technology or application would improve their job performance [16,59,68].

In the context of this study, performance expectancy is the degree to which using health information applications will benefit the citizens—improving the reliability of health information, enabling faster authentication during emergencies, offering convenience, and fitting well into everyday life. Thus, the following hypothesis is proposed:

Hypothesize 5 (H5).

PE will have a positive effect on a citizen’s behavioral intention to use health information applications.

Social influence (SI) is the extent to which users perceive that people who are vital to them should accept and use a certain technology [16,17]. In this study, it is conceptualized that communities, such as Malaysian citizens, peer groups, friends, family members, and the government, can influence the behavioral intentions of citizens, in their decisions to accept (or not) health information applications. Therefore, the following hypothesis is proposed:

Hypothesize 6a (H6a).

SI will have a positive effect on the behavioral intentions of citizens to use health information applications.

Social influence involves the perception of others’ beliefs. It may be seen as conformity, socialization, peer pressure, obedience, leadership, or persuasion [69], which may be a vehicle of the acceptance/use of SNIC applications. If users are easily impacted by members in general, they are more likely to build positive trust in new technology. Regarding “personality”, in initial stages, trust towards a new object is driven by the consumer’s personality and socialized disposition [70]. A reduction in feelings of uncertainty might result from familiarity or from the opinions of others or social influences [71], such as peer pressure, and the intention to identify with others. When applied to acceptance and use of SNIC application settings, the social influences that encourage consumers to use health information applications may be related to the tendency to trust; thus, this leads to the following hypothesis.

Hypothesize 6b (H6b).

Social influence will have a positive effect on trust in the SNIC regarding health information applications in SNIC usage.

Hedonic motivation is defined as the enjoyment or pleasure resulting from technology usage [17]. Hedonic motivation has been found to influence technology acceptance and was used as a predictor of a user’s behavioral intentions to technology usage [72]. In this context, hedonic motivation is the extent to which citizens enjoy the use of health information applications, e.g., simple thumbprint verification, reduction of errors, immediate and accurate disease diagnosis in emergency situations, etc. Thus, we hypothesize that:

Hypothesize 7 (H7).

Hedonic motivation will have a positive effect on the behavioral intentions of citizens to use health information applications.

The price value is defined as the cognitive substitutions of users among the perceived advantages of the applications and the economic costs for using them [73]. According to [74], there will be a higher number of users if the price of the technology is lower; for instance, many Malaysian citizens applied for SNIC when the application processing fee was reduced from MYR 50 to MYR 10 for late applicants [5], and this assumes that the health application price is constant. Thus, price value will have an optimistic effect on behavioral intentions to technology usage. The following hypothesis is proposed.

Hypothesize 8 (H8).

Price value will have a positive effect on the behavioral intentions of citizens to use health information applications.

Perceived credibility is not only related to a user’s performance expectancy of internet banking services [62]; the same may apply to health information applications as it stores sensitive health information about, e.g., chronic diseases, allergies, and organ implants. As for SNIC, citizens may become victims of identity theft and fraud, for instance, health information in SNIC may be misused by a dishonest officer [54]. The health information of citizens is stored in the health application embedded in SNIC and this may risk an individual’s health information privacy. However, if the health information application has privacy and security features, then this may have a positive influence on the benefits expected from it. Thus, the following hypothesis was made:

Hypothesize 9 (H9).

Perceived credibility will have positive effects on the performance expectancies of a citizen’s behavioral intention to use health information applications.

The first construct from the privacy calculus model, which we included in our research model, is perceived risk. It involves the unfavorable and uncertainty outcomes related to consumer anticipation [75]. Belanger [49] defined perceived risk as the individual anticipations of citizens—of suffering a loss in search for a preferred result [76].

In the e-health context, perceived risk is conceptualized as the belief of losses associated with the exposure of personal health information [77]. Perceived risk is an essential element in a patient’s wish to guard the privacy of his or her health information [78]. However, similar to disruptive technologies, we should balance the benefits of using personal health information with the possible risks to the patient [79].

Moreover, health information applications in SNIC contain medical history, blood type, organ implants, chronic diseases, and the allergies of the SNIC holder. A dishonest officer with an SNIC card reader can misuse or disclose the health information stored in it to a third party, which can be an example of opportunistic behavior [64].

Patients are concerned that their health information may fall into the wrong hands or be misused [80]. Unlike financial situations where data are lost, and the institution can issue new accounts, cards, and cheques, health data cannot be reset in the same way, and there are more rigorous requirements on data security and privacy. There can be a risk in encoding false health information, which might be difficult or impossible to correct, and health data migration also involves huge efforts with many risks.

Several empirical studies have demonstrated that risk is a direct factor in the adoption of technology, with high-risk systems being less likely to be adopted [81]. Risk is a factor that could clearly reduce a potential user’s interests in using health information applications [82]. Thus, it would reduce the likelihood that the potential user intends to accept the health information application in SNIC. Therefore, the following hypothesis is introduced:

Hypothesize 10a (H10a).

Perceived risk will have a negative effect on the usage behaviors of health information applications.

Dinev [40] stated that perceived internet privacy risk is negatively affected by internet trust, which suggests a direct association between trust and risk in the privacy context. As health data become more sensitive, more trust is needed for an individual to intend to use health information applications [83]. As for SNIC, perceived risk will negatively influence trust in SNIC. When users develop trust in hospitals, doctors, administrators, and new technologies, such as health information application, in SNIC, they are more likely to overcome their risk perceptions toward it [84]. Hence, keeping in mind the risks related to acceptance and the use of SNIC applications, the higher the risk the user expects in accepting and using a health information application, the weaker the trust he or she will have towards SNIC applications. Thus, we predict the following:

Hypothesize 10b (H10b).

Perceived risk will have a negative influence on trust in the SNIC regarding a citizen’s usage behavior of health information applications.

According to [84], performance expectancy evaluates how helpful citizens recognize an information system, such as a smart national identity card or mobile technology, to help in attaining their objectives in case of job performance. The performance expectancy of a new technology to be accepted is negatively influenced by perceived risk [85]. Possible loss and uncertainty, both associated with perceived risk, may include a positive assessment of the novel technology to be accepted. In essence, a high risk perception level is related to environmental and behavioral uncertainty pertaining to possible threats and loses, which in turn influence the progress of a person’s cognitive recognition about the benefits of health information applications in SNIC. Therefore, it is predicted that:

Hypothesize 10c (H10c).

Perceived risk will have a negative influence on the performance expectancy of a citizen’s behavioral intention to use health information applications.

According to [86], perceived risk is described as a possible consequence of concealing information, when disclosure is important for attaining a positive outcome. An individual’s risk calculation involves an assessment of the likelihood of negative consequences as well as the perceived severity of these consequences [87]. Privacy concerns are beliefs about who has access to information that is disclosed when using the internet or health applications in SNIC and how it is used. The higher the uncertainty about the access and use, the greater the privacy concerns [40].

Prior studies [88,89,90,91] discovered that perceived risk has a positive effect on privacy concerns of a consumer’s use behavior. In the context of this study, citizens may perceive less privacy risks in using health information applications due to the security access module (SAM) in the card reader, which is likely to lead to lower privacy concerns regarding health information application usage. Moreover, citizens may perceive the usefulness of health information applications in SNIC in saving human lives during emergencies, such as accidents. Thus, they do not consider risk as an important concerns. Thus, we propose the following hypothesis:

Hypothesize 10d (H10d).

Perceived risk will have a positive influence on the privacy concern of a citizen’s use behavior regarding health information application usage.

According to [92], trust can be defined as the eagerness of one party to be susceptible to the dealings of another party based on the anticipation that the other will execute a particular task essential to the trustor, irrespective of the capability of controlling or screening that additional party. In this context, institutional trust is known as trust in SNIC [71,77], and we will be using the trust in SNIC construct in this research. Trust in SNIC is based on the belief that needed structural conditions are present to improve the probability of achieving a successful outcome in an endeavor, such as e-commerce or e-health [77].

When studying trust in an e-health-based information technology, artifacts, such as health information applications, and trust in the SNIC as an institution, should be considered. Trust in the SNIC is broken down into two sub-constructs: structural assurance and situational normality. Structural assurance relates to the procedures in place in the environment, while situational normality deals with the order of the environment [77,93].

This study will focus on the structural assurance of the health information application in SNIC, and this construct will be evaluated as a single construct (e.g., [40,64,94]). In structural assurance, one believes that structures, such as guarantees, regulations, promises, legal recourse, or other procedures, are in place to promote success [77]. A citizen with high SNIC-related structural assurance would believe that technological and legal SNIC protections, such as health data encryption, would safeguard them from loss of health information privacy. In the context of this study, we believe that citizens with favorable trust perceptions towards the SNIC are more likely to use health information applications. Therefore, the hypothesis developed is as follows:

Hypothesize 11a (H11a).

Trust in the smart national identity card will have a positive influence on the usage behavior of health information applications.

Current studies about information technology acceptance and use that investigate trust factors suggest that performance expectancies will be low if users do not trust the properties of new technology or an application provider [71,95]. Empirical evidence in the context of electronic document services [19] and in a nurse’s perceptions of the usefulness of an electronic logistics system [96] suggest that trust is important to performance expectancy. Hence, trust is proposed to influence performance expectancy. To a certain degree, trust presents a type of individual assurance, ensuring that a user will receive the imagined advantages or usefulness from an exchange relationship [84]. Considering the citizen’s acceptance and use of health information applications, trust in SNIC applications provide an essential foundation for a citizen to review if the embedded health information application can be useful to him or her. Therefore, we anticipate the following hypothesis:

Hypothesize 11b (H11b).

Trust in the SNIC will have a positive effect on the performance expectancy of a citizen’s behavioral intention to use health information applications.

Privacy concern is defined as concern about the possible loss of privacy as a result of information disclosure to healthcare providers, third-party payers, and public healthcare facilities [40]. Previous studies have found that privacy concerns can have a negative effect on the adoption of information technology systems and, therefore, these concerns are the main threats to e-commerce or e-health usage [97]. Junglas [98] argued that future technology adoption would be less determined by usefulness factors than by concerns that go against human nature.

Moreover, privacy concern has an important influence on user acceptance of healthcare services [99] and e-health records [100]. The traits of digital data, in general, and e-health records, in particular, are such that there is an unpredicted increase in the likelihood of privacy breaches and mistreat of data. Concerning personal health information, the privacy debate has escalated considerably. The implications of using e-health records to administer patient care, and the privacy concerns, which will surface as a consequence of such usage, have been identified in the health informatics literature [101,102].

Previous works showed that 29% of Americans hold back information from their medical doctors due to privacy concerns [103]. The use of electronic medical records and connecting to clinical databases has risen concerns about the security and privacy of health information [104]. There is a need for a more flexible approach for users to identify their privacy preferences rather than simply accepting or rejecting a fixed set of policies stated by the service provider [105].

In the case of health information applications, patients should be permitted to control aspects, such as which parts of their personal health information will be disclosed, to whom the data will be disclosed, and for what purposes the data will be disclosed [106]. To the degree in which people have stronger privacy concerns on their health information—their views toward the use of health information applications should be more negative [107]. Therefore, the following hypothesis is proposed:

Hypothesize 12 (H12).

Privacy concerns will have a negative effect on a citizen’s usage behavior of health information applications.

3. Method

Data Collection and Analysis Process

A quantitative research method to extend UTAUT2 with the privacy calculus model was used for this study. A questionnaire survey was distributed by hand to the Malaysian SNIC (i.e., MyKad) holders, and the health information application was embedded into it. A survey of 720 respondents was collected and analyzed using the structural equation model (SEM) technique of partial least squares (PLS). PLS was selected as it can be used to analyze interaction effects relevant to this study. PLS also allows concurrent assessments of both reliability and validity of constructs together with the structural model [108]. We used a measurement model that was composed of 13 constructs in this study, each measured through one or more items. These constructs included effort expectancy, performance expectancy, facilitating condition, social influence, price value, habit, and hedonic motivation. We evaluated the structural model and its discriminant validity for assessing constructs relationships.

Questionnaire instruments were adapted from survey instruments (e.g., [9,30,43]) that were already tested and validated. The questionnaire instruments were responded on a five-point Likert scale range, from “one” equivalent to strongly disagree to “five” equivalent to strongly agree. The target populations of this study were Malaysian citizens. Malaysia is a multicultural and multi-ethnicity country, and it is one of the developing countries in South East Asia. Some countries (e.g., the USA) allow their citizens (as an option) to store their basic health data on their driver’s license IDs. However, Malaysia introduced the health information application, which is part of many applications in an all-in-one SNIC. The collectivist culture of Malaysian citizens might influence acceptance and use of these embed applications in SNIC.

The respondents were selected from three zones—the southern zone, central zone, and the northern zone. The states chosen from the southern zone were Malacca and Johor. The states selected from the central zone were Selangor and Kuala Lumpur, while the states under the northern zone were Kedah and Perak. The selection approach (i.e., the three zones) was based on the accessibility of the multimedia super corridor (MSC) flagship application facilities in the six states. These states are developing; the necessary infrastructure for SNIC implementation and e-commerce are widely used within these states [109]. Due to the nature of this research, researchers decided to use judgment sampling. Judgment sampling can be defined as the selection of the most advantageously-placed respondents capable of providing the information necessary for that particular study [110]. It was chosen since the respondents were selected based on their possession and usage of SNIC-embedded applications.

4. Results

4.1. Respondent Characteristics

More than half of the respondents were male (52.4%), and the remaining were female (i.e., 47.6%). Most of the respondents were between 18 and 24 years old (61.0%), while 32.5% of the respondents were between 25 and 45 years old. Moreover, 6.4% of the respondents were below 64 years old. In terms of years of experience in using SNIC, 61.7% of the respondents had more than ten years of experience as the citizens receive their SNIC at 12 years old. Moreover, 35.1% of the respondents had experience using SNIC anywhere from 3 to 10 years, while 3.2% of the respondents had less than three years of experience regarding SNIC usage, as shown in

Table 1. Summary of the demographics and sample characteristics of the respondents.

Question	Categories	Number	Percentage
Gender	Male	377	52.4%
	Female	343	47.6%
Age group	18–24	439	61.0%
	25–45	234	32.5%
	46–63	46	6.4%
	64 or older	1	0.1%
Experience	<3 Years	23	3.2%
	3–10 years	253	35.1%
	>10 Years	444	61.7%
Use frequency	Zero times	224	31.1%
	One time	48	6.7%
	Two times	56	7.8%
	Three times	67	9.3%
	Four times	69	9.6%
	Five times	95	13.2%
	Six times	43	6.0%
	Seven times	47	6.5%
	Eight times	36	5.0%
	Nine times	14	1.9%
	Ten times	21	2.9%

.

Regarding the usage frequency of health information applications in SNIC, 31.1% of the respondents did not use health information applications in SNIC, while 68.9% of the respondents used it a different number of times, for instance, 13.2% of the respondents used health information application in SNIC five times; 9.6%, 6.5%, and 2.5% of the respondents used health information application in SNIC four, seven and, ten times, respectively, as shown in Table 1. The table shows a summary of the demographic profiles of the respondents.

4.2. Evaluation of the Measurement Model

The assessment of the measurement model involves an evaluation of reliability and validity. Validity, in turn, comprises two main types: convergent and discriminant. Convergent validity is often assessed by way of two key coefficients [111]: the composite reliability (CR) and average variance extracted (AVE). In assessing a model’s convergent validity, the loading of each indicator on its associated latent variable (LV) must be calculated and compared to a threshold. Generally, the loading should be higher than 0.7 for validity to be considered acceptable [112]. A loading lower than 0.4 indicates that an item should be considered for removal, and items with loadings of 0.4–0.7 should be considered for removal if their removal increases the CRs and AVEs above the threshold [111,112]. The loadings of the measurement items range from 0.830 to 1.000, which surpass the suggested value of 0.7, as shown in

Table 2. Evaluation results of the measurement model.

Construct	Item	Loading	CR	AVE
Effort expectancy			0.884	0.657
EE1	Learning how to use MyKad’s HI application is easy for me.	0.841
EE2	My MyKad’s HI application seldom incurs any errors when I use it.	0.750
EE3	I find MyKad’s HI application easy to use.	0.832
EE4	It is easy for me to complete my hospital visit within seconds by using MyKad’s HI application.	0.816
Facilitating condition			0.817	0.529
FC1	MyKad holders with MyKad’s HI application do not have to bring health card anymore.	0.747
FC2	Not many hospitals or medical centers recognize MyKad’s health information.	0.769
FC3	Not many hospitals or medical centers have hardware and software devices which can read and write health information in MyKad.	0.668
FC4	I could obtain assistance from hospitals if I have any inquiry about MyKad’s HI application.	0.720
Performance Expectancy			0.920	0.697
PE1	Using MyKad’s HI application helps me accomplish a quick verification process at hospitals.	0.833
PE2	Using MyKad’s HI application increases the reliability of my personal medical history.	0.864
PE3	MyKad’s HI application allows doctors to know their patient’s health information immediately.	0.856
PE4	MyKad’s HI allows paperless transaction (without filling in a medical form).	0.797
PE5	It saves a lot of time in searching patient’s previous health record.	0.824
Social influence			0.832	0.624
SI1	The fact that most Malaysian have MyKad effects my intention to use MyKad’s HI application.	0.809
SI2	Malaysian government’s encouragement effects my intention to use MyKad’s HI health application.	0.841
SI3	My peer group affects me to apply for MyKad’s HI application.	0.714
Habit			0.898	0.747
HB1	The use of MyKad health information application has become a habit for me.	0.899
HB2	I am ’habited’ to using MyKad’s HI application while visiting hospitals.	0.908
HB3	I must use MyKad’s HI application.	0.781
Hedonic motivation			0.878	0.644
HM1	Using MyKad’s HI application is enjoyable, e.g., simple thumbprint verification.	0.813
HM2	Using MyKad’s HI application is nice for an accurate diagnosis of disease in emergencies.	0.830
HM3	I feel more satisfied when I use health information application in MyKad.	0.828
HM4	Using MyKad’s HI application offers me new experiences.	0.735
Price value			0.830	0.620
PV1	The replacement cost of MyKad with an activated HI application due to damage is reasonable.	0.700
PV2	I have applied for MyKad as HI application because it is free of charge.	0.787
PV3	MyKad with an activated HI application is a good value for the application processing fee.	0.867
Trust in SNIC			0.921	0.659
IT1	MyKad’s HI application has enough security to make me feel comfortable using it	0.787
IT2	I feel assured that legal structures adequately protect me from problems on the use of MyKad’s HI application.	0.790
IT3	I trust the technology that MyKad’s HI application is using.	0.800
IT4	I trust in the ability of MyKad’s HI application to protect my health privacy.	0.840
IT5	I trust in MyKad as a HI application.	0.828
IT6	I have confidence in the reliability and integrity of the MyKad’s HI application transaction.	0.826
Privacy Concern			0.887	0.612
PC1	I am concerned about the privacy of my health information while using MyKad.	0.718
PC2	I am concerned that the HI application in MyKad is collecting too much health data from me.	0.778
PC3	I am concerned that the MyKad service providers will use my health data without my authorization.	0.823
PC4	I am concerned that health information in MyKad may be used or edited without permission.	0.807
PC5	I am concerned that my family may access my health records by pretending to be the patient.	0.782
Perceived Risk			0.886	0.609
PR1	The decision of whether to use MyKad’s HI application is risky.	0.753
PR2	I perceive that HI in MyKad can be accessed by unauthorized individuals without my knowledge.	0.780
PR3	I feel vulnerable when using HI application in MyKad.	0.764
PR4	I believe that there could be negative consequences from using HI application in MyKad.	0.789
PR5	There would be a high potential for privacy loss associated with storing health information into MyKad.	0.813
Perceived credibility			0.857	0.666
PCR1	I perceive that it is secure to load health information into my MyKad.	0.825
PCR2	MyKad’s HI application is difficult to be forged.	0.801
PCR3	The MyKad’s HI application is well established.	0.821
Behavioral intention			0.932	0.821
ITU1	I intend (expect) to continue using MyKad’s HI application in the near future.	0.877
ITU2	I will always try to use MyKad’s HI application in my daily life.	0.919
ITU3	I plan to continue using MyKad’s HI application frequently.	0.922
Use behavior			1.000	1.000
AU1	Per 10 times, how many times you use HI application in MyKad when required by the respective authorities.	1.0

.

Table 2 shows that the composite reliability for all measurement model constructs was above 0.8, which is greater than the recommended value 0.7 [113]. We used CR coefficient to assess construct reliability; reliability is a property that is related to validity [111].

These results indicate that the measurement model presents acceptable reliability. Moreover, the AVEs of the LVs should also be higher than 0.5 for their convergent validities to be considered acceptable [111,112]. Therefore, the average variance extracted (AVE) was tested, which denotes the average variance discovered amongst a set of items. Table 2 shows that the AVEs of the constructs were higher than 0.5, except for one construct. The AVE value for facilitating the condition construct showed less than 0.5, and increased its AVE value by excluding items with the lowest loading values. The AVE values for all of the constructs increased to greater than 0.5 after dropping items with lower values. The model was retested and found to have acceptable measurement properties.

4.3. Discriminant Validity

To assess the discriminant validity of the relationships between the structural model constructs, we selected the Heterotrait–Monotrait ratio of correlations (HTMT), which is a new method used to evaluate discriminant validity in variance-based SEM and cross-loadings for additional checks of validity problems [114]. According to [114], the Fornell–Larcker criteria and the examination of cross-loadings were the leading methods used to assess the discriminant validity for variance-based structural equation modeling, for instance, PLS. However, Ref. [114] found that these methods do not reliably identify the lack of discriminant validity in most study cases. Therefore, they proposed the Heterotrait–Monotrait ratio of correlations, which is another method based on the multitrait-multimethod matrix.

The authors of [114] recommended drawing on the HTMT criteria for discriminant validity evaluations in variance-based SEM. If the HTMT value is less than 0.85, which is the most conservative criterion HTMT value, we can conclude that the discriminant validity is established [114].

After running SmartPLS 3.0 bootstrap [115], we checked the HTMT inference criterion to confirm if HTMT values were significantly different from 1 [114]. We found that the maximum HTMT value was 0.784, as shown in

Table 3. Heterotrait-Monotrait Ratio (HTMT).

	UB 1	EE 2	FC 3	HB 4	HM 5	TS 6	BI 7	PC 8	PCR 9	PE 10	PR 11	PV 12	SI 13
UB
EE	0.288
FC	0.065	0.598
HB	0.425	0.676	0.335
HM	0.244	0.783	0.568	0.614
TS	0.286	0.724	0.433	0.606	0.712
BI	0.359	0.550	0.360	0.489	0.565	0.593
PC	0.040	0.354	0.442	0.193	0.348	0.303	0.248
PCR	0.325	0.568	0.410	0.473	0.573	0.628	0.491	0.467
PE	0.154	0.597	0.586	0.359	0.643	0.536	0.455	0.367	0.359
PR	0.125	0.329	0.373	0.233	0.328	0.266	0.184	0.628	0.498	0.229
PV	0.379	0.748	0.510	0.739	0.784	0.739	0.609	0.348	0.568	0.533	0.428
SI	0.294	0.729	0.628	0.637	0.658	0.624	0.522	0.328	0.549	0.630	0.335	0.722

¹ Use Behavior. ² Effort expectancy. ³ Facilitating condition. ⁴ Habit. ⁵ Hedonic motivation. ⁶ Trust in SNIC. ⁷ Behavioral intention. ⁸ Privacy concern. ⁹ Perceived credibility. ¹⁰ Performance expectancy. ¹¹ Perceived risk. ¹² Price value. ¹³ Social influence.

, which means none of the HTMT criteria showed discriminant validity issues for inter-construct correlations. This is good as the HTMT value was below 0.85. We can conclude that discriminant validity was established. We found that the HTMT inference criterion indicated that all of the HTMT values were significantly different from 1. Thus, discriminant validity was established for this study model.

4.4. Evaluation of the Structural Model

Table 4. Structural model results: UTA2 and UTAUT2 with the privacy calculus model.

DV: Behavioral Intention	UTAUT2 1	UTAUT2 with Privacy Calculus Model	VIF
${\mathbb{R}}^2$	0.339	0.338
Adj. ${\mathbb{R}}^2$	0.332	0.332
Performance Expectancy	0.013 ***	0.013 ***	1.731
Effort expectancy	0.010 **	0.010 **	2.304
Social influence	0.004 *	0.004 *	1.797
Facilitating condition	0	0	1.559
Hedonic motivation	0.013 ***	0.013 ***	2.234
Price value	0.028 ****	0.028 ****	1.918
Habit	0.010 **	0.010 **	1.749
DV: use behavior
${\mathbb{R}}^2$	0.196	0.202
Adj. ${\mathbb{R}}^2$	0.193	0.196
Behavioral intention	0.053 ****	0.045 ****	1.477
Facilitating condition	0.008 **	0.007 **	1.322
Habit	0.100 ****	0.079 ****	1.451
Perceived risk		0.006 **	1.441
Privacy concern		0.045 **	1.503
Trust in SNIC		0.001	1.742
New relationships incorporated into UTAUT2
Social influence → trust in SNIC		0.272 ****	1.069
Perceived risk → trust in SNIC		0.017 **	1.069
Perceived credibility → performance expectancy		0.001	1.535
Perceived Risk → performance expectancy		0.008 **	1.187
Trust in SNIC → performance expectancy		0.189 ****	1.37
Perceived risk → privacy concern		0.397 ****	1

¹ Direct effect only. * p < 0.1 (t ≥ 1.65). ** p < 0.05 (t ≥ 1.96). *** p < 0.01 (t ≥ 2.57). **** p < 0.001 (t ≥ 3.29).

presents the results of predicting behavioral intentions and use behavior in the context of UTAUT2 and extended UTAUT2 with a privacy calculus model. It also shows the results of new relationships incorporated into the baseline UTAUT2 model, ${\mathbb{R}}^2$, and variance inflation factor (VIF) values. We ran two separate models to evaluate the support for the original UTAUT2 (direct effects only) and the extended UTAUT2 with the privacy calculus model (direct effects only).

To examine for the collinearity problem and common method bias, variance inflation factors (VIFs) were computed, as shown in Table 4, and were found to be around two and less than the conservative thresholds of 5 and 3.3, respectively, suggesting that the collinearity problem and common method bias were not major issues in our study.

We calculated Cohen’s f-square to check the effect size of each of the constructs. By convention, f-square effect sizes of 0.02, 0.15, and 0.35 are termed small, medium, and large, respectively [116]. The majority of the significant constructs had effect sizes between small and medium while there were some with large effect sizes.

The baseline UTAUT2 was confirmed, as shown in Table 4. There was a significant effect of performance expectancy, effort expectancy, social influence, habit, hedonic motivation, and price values on behavioral intention. Behavioral intention, facilitating condition, privacy concern, and perceived risk all had significant effects on use behavior.

However, trust in SNIC had a insignificant impact on use behavior. The results indicate that, of the 19 directly-hypothesized relationships in the research model, three were non-significant while three were supported in the opposite direction.

Chin [117] suggests that ${\mathbb{R}}^2$ values around 0.670 substantial, values around 0.333 average, and values of 0.190, are weak [117]. ${\mathbb{R}}^2$ values depend on the research discipline; for instance, ${\mathbb{R}}^2$ values of 0.20 is considered high in consumer behavior discipline [118], such as consumer acceptance and use of technology.

The UTAUT2 model counts for 33.8% of the variance in the behavioral intentions to use health information applications, 28.4% of the variance in privacy concern, 25.7% of the variance in trust in the SNIC, 24.1% of the variance in performance expectancy, and 20.2% of the variance in the use behaviors of health information applications.

Moreover, individual effect sizes of the predictors (f2) were examined in order to gain further information about the unique and separate contributions of each construct.

With respect to the behavioral intentions of citizens to use (i.e., BI), price value (PV) had the most significant effect size (0.028) categorized as “small” according to the categories proposed by Chin. Effort expectancy, facilitating condition, habit, hedonic motivation, performance expectancy, and social influence all had less of an effect with sizes in the “small” category.

5. Discussion

The behavioral intentions of citizens were positively related to use behavior of health information applications ($\beta =0.230,t=5.196$) (H1). The result is consistent with the technology acceptance literature on behavioral intentions, shown to be the predominant predictor of actual usage Venkatesh and Davis [16], Venkatesh [17]. The majority of construct variances were counted for by the combined effects of all constructs rather than their separate, independent contributions. In the case of use behavior (i.e., UB)—habit (HB) and behavioral intention to use (BI) presented the largest individual effect sizes of 0.079 and 0.045, respectively, classified as “small”.

However, facilitating conditions, trust in SNIC, behavioral intention, privacy concern, and perceived risk indicated less effect sizes considering the sizes of the small categories; thus, their inclusive contributions played an important role. In addition, trust in the SNIC had an effect size of 0.189 on performance expectancy (PE), classified as “medium”. Regarding trust in the SNIC, social influence had an effect size of 0.272, which was ranked as “medium”, considering the categories proposed by Chin. The effect size (0.397) of perceived risk about privacy concerns was “large”.

The behavioral intention was positively related to use behavior along with various applications of the TAM model (e.g., [59,119]). Therefore, behavioral intention is deemed a critical predictor of use behavior regarding new technology. Facilitating conditions was found to have insignificant effects on a citizen’s behavioral intention to use health information applications ($t=0.295$) (H2a), but it was found to have a significant negative influence on a citizen’s use behavior of health information applications, with a significant path coefficient ($p<0.05$) of $t=2.020$ (H2b) based on 720 respondents.

These findings are consistent with the studies by [16], which identified that facilitating conditions have no effect on behavioral intentions but have significant effects on use behavior [17]. Moreover, the significant results are also consistent with the studies stating that facilitating conditions can serve as the proxy for actual behavioral control and influence behavior directly (e.g., [17,60]). A user with a lower level of facilitating conditions is more likely to have a lower intention to use technology [17], such as health information applications in SNIC. However, the study discovered that facilitating conditions had a positive effect on a citizen’s use behavior regarding health information applications.

The insignificant relationship between facilitating conditions and behavioral intentions might be the result of the unavailability of necessary facilitating conditions, such as software and hardware devices that can read and write health information in SNIC, services for SNIC holders to activate health information applications into SNIC, and hospital/medical center acceptance of health information applications. However, due to the significant negative relationship between facilitating conditions and use behavior, it can be concluded that citizens are highly concerned about the unavailability of the necessary facilitating conditions stated above. Therefore, the unavailability of facilitating conditions contributed to the negative impact on a citizen’s use of health information applications.

The study found that habit had a positive effect on a citizen’s behavioral intentions to accept health information applications ($t=2.286$) (H3a). Habit was also found to have a significant influence on a citizen’s ‘use behavior’ of health information applications with a significant path coefficient ($p<0.001$) of $t=7.549$ (H3b). This result indicated that habit was among the essential determinants of a citizen’s intentions to accept and use the health information application, and it lends further support to previous technology acceptance studies that came to similar conclusions (e.g., [17,66,67,91,120]).

This finding implies that citizens show positive mindsets toward the acceptance and use of health information applications during hospital visits as they need to produce their SNICs while visiting hospitals or medical centers. The automatic acceptance and use of health information applications are saved in the minds of the citizens, and the strong habits result in embedded intentions that, in turn, affected a citizen’s behavioral intentions toward accepting and using health information applications. The study found that effort expectancy positively affects a citizen’s behavioral intentions toward using health information applications ($t=2.190$) (H4). This finding confirms the previous research studies that had discovered positive effects on behavioral intentions toward technology acceptance and use [16,17,121]. Therefore, the ease associated with the use of health information applications is believed to be important. Thus, we suggest that SNIC application designers and developers focus on developing easy-to-use and simple applications.

Performance expectancy was identified as having a significant effect on citizens’ behavioral intention to use health information applications, which was confirmed through a highly significant coefficient with $t=2.656$ (H5). This result shows that performance expectancy is an important factor that affects a citizen’s behavioral intentions toward using health information applications. The result was supported by previous studies, which showed that performance expectancy had a significant impact on behavioral intentions to accept and use new technology (e.g., [16,17,47,62]). This finding can be explained in that citizens might believe that health information applications will benefit them by improving the reliability of their health data, allowing quicker verification, providing convenience, minimizing identity theft, and fitting into the lifestyles.

Social influence was found to have a positive effect on citizens’ behavioral intentions to use health information applications with the proof of a significant path coefficient ($p<0.1$) with $t=1.726$ (H6a). This indicates that citizens will be inclined to use health information applications if the important people in their lives use the applications. This is in-line with previous studies, which confirmed that social influence is a factor that affects the acceptance and use of technology [16,17,122]. As citizens become familiar with health information applications, they may advise their colleagues, friends, parents, and spouses to use the applications. Therefore, one’s beliefs about health information applications were affected by their peer groups.

Social influence was also found to have a significant effect on trust in SNIC regarding health information application usage ($\beta =0.465$) (H6b). This means that citizens will tend to trust health information applications if famous people in their lives use it. This result is in line with prior studies that showed social influence is a factor that affects trust in technology [70,123]. Once citizens become familiar with the health information applications, they may suggest their friends and family members activate the health information application; this might reduce feelings of uncertainty [123] regarding health information application usage. Collectivism cultures, such as Malaysia, are group-centered, which mostly orient to group goals. Peer opinions and support highly impact one’s beliefs. Therefore, an individual’s beliefs concerning trust in SNIC, regarding health information application usage, are affected by their peers.

Hedonic motivation showed a significant positive correlation with one’s behavioral intentions toward using health information applications ($t=2.600$) (H7). This finding confirms the previous work of [17,72], and it confirms that citizens enjoy using health information applications, via, e.g., simple thumbprint verification, reduction of errors, and immediate and accurate diagnosis of diseases in emergencies.

The study found that price value has a positive effect on a citizen’s behavioral intention to use health information applications with the proof of a significant path coefficient, with $t=3.822$ (H8). Previous studies also revealed that price value has a significant influence on a user’s technology acceptance [17,74]. For instance, many Malaysian citizens applied SNIC when the application processing fee was reduced from MYR 50 to MYR 10 for late applicants [5]. Therefore, it can be concluded that price value has a positive impact on behavioral intention to use technology.

Perceived credibility was found to have an insignificant relationship with performance expectancy ($\beta =0.035,t=0.951$) (H9) regarding one’s behavioral intentions toward using health information applications. The insignificant finding is supported by the study by [124], which confirmed that perceived credibility had an insignificant effect on performance expectancy. The possible argument for this insignificant relationship is that citizens might have less privacy and security concerns due to performance expectancy. They considered benefits of using health information applications, such as improving the reliability of personal health data, allowing quicker verification, providing convenience, minimizing identity theft, and fitting into one’s lifestyle.

Perceived risk was not found to have a significant negative relationship with a citizen’s ‘use behavior’ of a health information application ($\beta =0.080,t=2.090$) (H10a), but this relationship was positively supported. This finding is inconsistent with our expectations and led us to reject our earlier hypothesis. The significant result is consistent with the studies of [125,126] even though their results contradict current results, which found perceived risk positively influences use behavior. The possible explanation for this significant positive relationship is that citizens decide who can access and what can be accessed, and this might be the self-privacy control features of their health information application interface. Therefore, citizens may not consider risk when they are using it.

Moreover, citizens may have a positive view of an application as they usually trust applications provided by the government. Additionally, storing citizens’ health information into SNIC (i.e., MyKad) is voluntary; this may reduce risk perceptions to which citizens believe that using health information applications can cause possible loss, such as a patient’s health information being misused by unauthorized individuals to claim insurance. Hence, voluntarily activating a health information application may result in a positive attitude towards using it. The security access module (SAM) in the card reader, which has security and cryptography performance, may also contribute to the positive attitude towards using health information applications. In conclusion, citizens with high-risk perceptions may be silent regarding the negative impacts on a citizen’s use behavior, thereby giving a non-significant negative result. While citizens might be concerned about using health information applications, the benefits of saving a human life in emergency medical situations, such as accidents, may take precedence.

Perceived risk, surprisingly, was not found to have a significant negative relationship with trust in SNIC. However, the results show that perceived risk has a significant positive effect on trust in SNIC ($\beta =0.117,t=2.510$) (H10b) regarding use behavior of health information application usage. The positive impact of perceived risk on trust in technology has been empirically confirmed in many e-commerce studies [127,128,129,130]. The finding is consistent with prior e-commerce studies in which a consumer’s perceived risk can be reduced by trust, and it could increase consumer trust [131,132,133]. Moreover, privacy risk positively impacts a healthcare consumer’s perception of intrusion [81].

The possible explanation for this significant positive relationship is that citizens have lower risk perceptions about the use of health information applications as they have more privilege to decide whom to give access to and what to access. Citizens have voluntarily stored their health information in SNIC, which we believe may reduce their risk perceptions as well. The security access module (SAM) in the card reader, which has security and cryptography performance, may also contribute to the positive attitudes towards using health information applications by reducing risk perceptions. It can be concluded that citizens may compromise risk perceptions, as the basic health information stored in SNIC is essential in saving human lives during emergencies, such as accidents.

Perceived risk shows a significant positive relationship with performance expectancy ($\beta =0.085,t=2.169$) (H10c) contrary to the initially hypothesized concept, which was that perceived risk would have a negative influence on the performance expectancy of a citizen’s behavioral intention to use health information applications. Prior studies [84,124] on e-government services and mobile banking services identified that perceived risk has a significant negative relationship with performance expectancy. The possible explanation for the significant positive relationship is that citizens may perceive less privacy risk in using health information applications, which results in their performance expectancies regarding health information application usage positively. Moreover, citizens may need to perceive the usefulness of health information applications in saving human lives during emergencies, such as accidents; hence, they do not consider risk as important concerns. Thus, the application has the potential to take care of more risks and provide more benefits.

The study identified that perceived risk has a significant positive relationship with privacy concern ($\beta =0.533,t=14.761$) (H10d) regarding the use of health information application. The work of the prior researchers [88,89,90,91] supported the findings that perceived risk has a significant positive influence on the privacy concern of use behavior. The possible explanation to the significant positive relationship is that citizens may perceive less risk in using health information applications due to the security access module (SAM) in the card reader, which is likely to lead to lower privacy concerns regarding health information application usage. Moreover, citizens may perceive the usefulness of health information applications in saving human lives during emergencies, such as accidents; hence, they do not consider risk as important concerns for them.

Trust in SNIC shows an insignificant relationship with a citizen’s use behavior of health information application usage ($\beta =0.417,t=0.855$) (H11a). The insignificant result is consistent with the study by [134], who identified that there is an insignificant relationship between trust in technology and usage behavior in the mobile money context. The possible justification for the insignificant influence on a citizen’s usage behavior of a health information application is that citizens have more options to control their health information privacy while using health information applications. They can decide whom may access it and what health information can be accessed. This may result in ignoring the trust in SNIC while using health information applications. Moreover, storing health information into SNIC (i.e., MyKad) is voluntary, and this may contribute to the lack of concern about the trust in SNIC regarding the use of its embedded health information application.

The study identified that trust in SNIC positively affected the performance expectancy of behavioral intentions to use health information application ($\beta =0.443,t=9.267$) (H11b). The significant finding is consistent with the studies by [19,71,84,95]. One possible explanation is that citizens believed that mechanisms were in place to ensure enough security, legal structure, reliability, and integrity of health information applications. These may result from higher performance expectancy regarding usage. Therefore, an effective strategy to increase awareness of the embedded applications in SNIC would be to help improve a citizen’s acceptance of health information applications.

The results indicate that the relationship between privacy concerns and use behavior was negatively significant with the proof of significant path coefficient ($p<0.05$) with ($\beta =-0.079,t=2.040$) (H12). The negative impact of privacy concerns on technology use has been empirically confirmed in many e-commerce studies (e.g., [40]). Moreover, many types of research in the context of location-based services have also found the negative impact of privacy concerns on the usage intention of location-based services (e.g., [135,136,137]).

The probable explanation for this negatively significant relationship is that citizens have high privacy concerns about the use of health information applications. For instance, a patient’s organ implants and chronic disease may be known to the healthcare providers not directly involving in the patient’s care. They may also have concerns about the trustworthiness of the institutions administering the system. Therefore, health information application designers and developers should consider enhancing the protection of privacy, as our findings revealed that privacy concerns would have a negative influence on the use of health information applications.

To summarize, UTAUT2 original relationships were validated along with the privacy calculus model. The relationships were significant, while some relationships were supported in opposite directions. The findings discovered new predictors for use behavior constructs of UTAUT2. However, the different dimensions of privacy concerns, risks, and trust factors need to be explored further in future studies. Other insights from the results involve balancing between the barriers and drivers to technology adoption, while developing specific systems, such as e-health applications.

6. Contributions and Implications

The main contribution of this study is an extension of UTAUT2 with the privacy calculus model. UTAUT2 focuses on technology acceptance and use in the consumer context; however, other additional factors will affect the health informatics consumer context. Therefore, this study investigated how perceived credibility, privacy concern, perceived risk, and trust in the SNIC act on the UTAUT2’s core constructs.

Privacy concern was found to negatively impact technology use. We can conclude that it is more likely that users will hesitate to accept technology if they have privacy concerns while using it. Thus, we can overcome the negative impacts of particular technology usage by providing users with privacy control choices while using it.

We found that perceived risk has a positive effect on technology use. The user’s awareness of perceived risks, inherent in using a technology, act as an essential method to establish trust in new technology. If the users know about the potential risks while using technology and its risks outweighs the benefits they can gain, then risk perception will have a positive impact on technology use. An application with privacy control features can reduce risk perception of its users. Trust in SNIC has an insignificant effect in using health information applications embedded in SNIC. Hence, there is a possibility that users accept technology without trusting it due to a lack of choices while using it, or the users are addicted to using it. For example, users do not have many choices while using government-provided applications.

We examined the interrelationships between some of the UTAUT2 and privacy calculus models. Their interrelationships significantly impacted the behavioral intentions of citizens and their actual usage of health information applications in SNIC. Moreover, UTAUT2 was validated in different technologies, countries, and respondents of different age groups, for the model to offer additional theoretical understandings to further SNIC adoption.

The study also supported all of the original UTAUT2 constructs in the context of health information application adoption. Future research can investigate more dimensions of privacy concern, perceived risk, and trust in technology.

This research has implications for practitioners, especially for healthcare providers and application developers. Even though we validated the proposed model constructs, which consisted of drivers and barriers in the acceptance and use of health information applications, this research discovered that perceived risk has a significant positive impact on privacy concern, trust in SNIC, performance expectancy, and use behavior of health information applications in SNIC. This shows that increasing awareness of perceived risk towards SNIC applications may be more significant than its benefits. Hence, the application providers need to identify a mechanism for risk awareness, reducing privacy concerns, and trust-building strategies that may assist in inspiring confidence in health information application users.

Application developers could improve the structural assurance of smart national identity card technology, for instance, introducing techniques to strengthen health data encryption. Citizens’ specific trust in the structural assurance of SNIC for storing health information may be developed through handling the health information in a competent fashion, which could increase citizens’ intentions to accept and use health information applications. Moreover, we discovered that social influence has a positive effect on trust in SNIC. For instance, application providers could conduct group gathering events in which peer groups provide testimonies on the use of a specific technology. This strategy might inspire trust in the audience towards the use of that technology.

The results of this study have highlighted that reducing privacy concerns improves the actual use of health information application in SNIC. Therefore, application providers and developers should tackle citizens’ privacy concerns about the use of health information applications. Application providers should work on developing privacy protection for the health information applications in SNIC, such as legislation, as well as introduce smart national identity card privacy-enhancing technologies, which can enhance privacy practices to suit various citizens [138]. Moreover, the study identified that the unavailability of supporting infrastructure and services leads to low-frequency use technology. Hence, application providers should provide necessary supporting infrastructures and services to the health information application users.

7. Limitations

Our data collection was confined to only six states in Malaysia. The survey data can be collected from all of the states of Malaysia, in the future, as the technological advancements of the states might be different. Moreover, trust in SNIC was not found to have a significant effect on the use behavior of health information applications. This most likely reflects a limited evaluation of this construct, which was assessed as a one-dimensional construct (i.e., structural assurance). Including more trust perception, such as benevolence, integrity, and competence dimensions in health information application adoption, is essential in order to develop flexible, reliable, and long-term trust relationships [77]. The study also adopted privacy concerns and perceived risks as one-dimensional constructs. Multiple dimensions of privacy concerns, perceived risks, and trust could be included in future studies. The respondents were SNIC (i.e., MyKad) holders and the HI application was part of the embedded applications. The respondents resided in states with the necessary accessibility and infrastructure for SNIC implementations. The judgment sampling method was used to select respondents that had access to SNIC infrastructure. However, the results show that 224 respondents did not use the HI application embedded into SNIC (i.e., MyKad). Thus, further studies could be conducted as to why some SNIC holders do not use the HI application by looking into the barriers.

Moderating effects is a core aspect of UTAUT2, but it is outside the scope of this research. Therefore, it is necessary to evaluate the potential moderating effects of gender, age, and experience on the HI application acceptance and use in the future. The current study did not look into the direct effects of perceived credibility to the users’ behavioral intentions and usage behaviors, which might have introduced new insights. In addition, the model was cross-sectional by assessing citizens’ intentions and their use behaviors at a single point in time. Citizen perceptions might evolve depending on the experiences they gain from using the HI application. Longitudinal research could be conducted in the future to predict citizens’ intentions and use behavior over time. In general, the study result has been presented to demonstrate the factors that obstruct the acceptance and use of health information application and leverage on the factors that increase its adoption. The limitations mentioned regarding this model need to be improved (as a future direction of this work).

8. Conclusions

To achieve the objective of this study, the extended UTAUT2 with a privacy calculus model was used and validated via a reliable significance analysis. The results are consistent in many cases with the expectations and provide support to some essential influential constructs that affect citizens’ behavioral intentions to use health information applications, which include effort expectancy, performance expectancy, social influence, facilitating condition, habit, price value, and hedonic motivations. The authors also validated the added new constructs that predict use behavior of health information applications, which include privacy concerns and perceived risks. Application developers can provide privacy control privilege to the users, so they could decide what health data to share, and who to share it with. The decision-makers can put forward policies that ensure the confidentiality of health data in HI applications. Lastly, the study enhanced UTAUT2 by utilizing additional constructs that included privacy concerns, perceived risks, perceived credibility, and trust in technology. The authors expect that this work will inspire additional future research, which can provide a beneficial map that can broaden the understanding of perceptions in the context of health technology adoptions and emerging new technologies.