Communications of the Association for Information Systems


The number of people using fitness devices and mobile health applications creates unprecedented amounts of health-related fitness data. In the United States, healthcare regulations do not consider the data that these devices collect as protected health information when no covered entity is involved; therefore, the law does not provide such data with the same legal protections as an individual’s health records. Thus, users must ensure that they keep their data safe from potential data breaches and malicious activities. In this study, we analyze users’ motivations to implement safeguards to protect their private health-related fitness data. To test user motivation, we issued wearable activity tracking devices and an associated online health fitness data account to students. We instructed the students about how to use the fitness device and how the device connected to the user’s phone and Web-based application. We then had them complete a survey to determine how they form their threat perceptions and other factors influencing their avoidance motivations for computer-security incidents. With the exception of safeguard cost and privacy concerns, results support a revised threat calculus in the TTAT model and the original model constructs.