User Compliance With the Health Emergency and Disaster Management System: Systematic Literature Review

Introduction

Background

Emergencies and disasters threaten the safety of human life and trigger acute feelings of stress, anxiety, and uncertainty [1]. The increasing number of disasters and the exposure of people and property to hazards have prompted an increased interest in and support for emergency and disaster management (EDM) policies and programs [2]. The terms “emergency management” and “disaster management” are often used interchangeably. Disaster management is the organization, planning, and application of measures to prepare for, respond to, and recover from disasters [3,4]. Meanwhile, emergency management is defined as a strategic management process to protect critical assets from hazards, save lives, minimize property or environmental damage, and reduce suffering [5,6]. During disaster or emergency management, there is a need to coordinate the efforts within and across organizations and securely exchange data and share information through a system [7].

Previous studies [8-11] have distinguished between the emergency management system (EMS) and the disaster management system (DMS). An EMS aims to handle emergency planning, control, and reduction with 3 essential components: hazard detection, emergency management, and public communication [8,9]. Meanwhile, a DMS consists of 3 application domains: monitoring, response, and forecasting the expected disasters [10]. In addition, a DMS includes the functionality of information sharing, search and rescue missions, and damage assessment [11]. In general, the functionality of the EMS and DMS follows the EDM phases, which are mitigation, preparedness, response, and recovery. This study uses the term “emergency and disaster management system” (EDMS) to cover all the EDM phases.

With the increasing risk of emergency and disaster, research related to EDMSs is constantly evolving for various hazard types, including health-related hazards. Health-related hazards, such as disease outbreaks (eg, COVID-19, avian influenza, and Ebola), are 1 of the most common hazardous events [9]. From 2012 to 2017, the World Health Organization (WHO) recorded more than 1200 outbreaks in 168 countries, including those due to new or re-emerging infectious diseases. In 2018, another 352 infectious disease events emerged. Several disease outbreaks are classified as Public Health Emergency for International Concern (PHEIC) by WHO, including the 2009 H1N1 influenza pandemic, Ebola (2013-2015 West African outbreak and 2018-2020 outbreak in the Democratic Republic of Congo), poliomyelitis (2014 to present), Zika (2016), and COVID-19 (2020 to now) [7]. From the ongoing COVID-19 pandemic, there have been more than 349 million cases of COVID-19 worldwide, including more than 5.5 million deaths as of January 31, 2022 [12]. Moreover, the International Monetary Fund estimates that the global economy shrunk by 4.4% in 2020 compared to 2019 due to the COVID-19 pandemic [13].

Health-related hazards have different characteristics from natural disasters and disasters caused by humans. When a natural disaster or human-induced disaster occurs, people are advised to evacuate to a safe place. In contrast, during a pandemic, people must stay at home or be quarantined to prevent disease transmission [14]. As infectious diseases spread quickly, they require fast and appropriate treatment [14]. Various media and information sources, such as mass media, text messages, social media, and notifications in the community, can be used to disseminate warnings [15]. During the COVID-19 pandemic, self-administered warning systems or applications, called contact-tracing applications (CTAs), have been widely used to disseminate alerts and recommendations [16,17]. A CTA is a form of the health emergency and disaster management system (Health EDMS) that is used to prevent, prepare for, respond to, and deal with emergencies and disasters that threaten public health [3]. Health EDMS can be applied to all stages of EDM, but the response stage requires user involvement the most. During the response phase, Health EDMS performs disease monitoring and tracing, provides medical care, and disseminates information and warnings [18-21]. Risk communication plays a vital role in attracting user attention and encouraging compliance to Health EDMS warnings.

Understanding individual behavior toward Health EDMS is essential because health EDM is not solely the government's responsibility [2]. Individuals are an integral part of the system as they are responsible for the health of themselves, their families, and their neighbors [2]. Previous studies [22-30] have identified the factors driving individuals' adoption of Health EDMS. In addition to these studies, 2 literature reviews [31,32] have summarized the determining factors of individuals' acceptance and adoption of Health EDMS. The first literature review compiled 25 studies of individuals' acceptance and adoption of a CTA. The second literature review conducted a systematic review of 21 national COVID-19 CTAs and verified CTA quality and public adoption [32]. These reviews have shown that engagement could increase adoption and that there is an association between higher application adoption and lower infection rates [32]. Several other literatures reviewed on the Health EDMS topic have discussed the privacy concerns [33-35] and the digital solutions for dealing with the COVID-19 outbreak [36,37].

The extant literature reviews focus on the acceptance and adoption of Health EDMS. Although they have offered valuable insights into the development of studies in the Health EDMS field, little attention has been paid to how effective the warning message provided by Health EDMS generates user compliance [38]. According to Han et al [38], Abdelhamid et al [39], and O’Malley et al [40], compliance with warning messages sent by Health EDMS is crucial to determining the EDMS's effectiveness. Users who comply with Health EDMS's warning message play an active role in preventing disease transmission [38]. However, the compliance rate is reported to be low in the context of health-related hazards [27,41]. Therefore, it is important to understand the factors affecting user compliance with Health EDMS's warning message. This paper addresses the following question: What theories and corresponding factors explain user compliance with the warning message provided by Health EDMS?

To answer this question, we reviewed concepts related to hazards, the EDM cycle, and EDMS features from previous research to understand the activities and stakeholders involved in EDM. After that, we mapped the EDMS feature into a CTA to find out which EDMS features have been implemented to deal with health-related hazards. We also analyzed the roles and authorization of stakeholders in each feature to find out which features involve user participation and compliance. Through this mapping, this research can make a specific contribution regarding user participation in Health EDMS and compliance with Health EDMS’s warning message.

Our systematic review followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 method because it has clear, structured, transparent, and complete reporting of systematic reviews [42]. The target audience for this review was threefold: first, researchers who are interested in pursuing research on compliance with the warning message provided by Health EDMS; second, organizations and governments that need information about what related factors can influence the design and implementation of Health EDMS; and third, Health EDMS vendors or developers who would like to understand the sociotechnical factors affecting the compliance of warning messages prior to Health EDMS implementation.

This paper is organized into 5 sections. Section 1 describes the research background and explains the key concepts, and the research methodology is discussed in Section 2. Next, the results and discussion of this study are elaborated in Sections 3 and 4. The final section concludes this study.

Key Concepts

Hazard

Before discussing emergencies and disasters, it is important to understand the definition and classification of hazards. A hazard is a process, phenomenon, or human activity that can harm people's lives and health, damage property, disrupt social and economic activities, and damage the environment [3]. The WHO classification of hazards generally consists of natural, human-induced, and environmental hazards, as provided in Multimedia Appendix 1 [36].

Hazards have the potential to create any scale of emergency or disaster. Emergency and disaster, at first glance, have a similar meaning, but there are fundamental differences between the two. An emergency can be defined as a severe disruption to the functioning of a community or society, causing human, material, economic, or environmental impacts, which can be overcome by the internal resources of the community and society itself [43]. However, a disaster is a severe disturbance that impacts communities and society and cannot be overcome solely by relying on internal resources [43]. In other words, a disaster is an event that causes significant damage or loss and thus requires resources beyond a community's capability and multiple agency responses [44]. Thus, an event is declared a disaster if there is a need for external assistance to address its impact [45]. Both emergencies and disasters must be managed to prevent or minimize their impacts.

Emergency and Disaster Management

To answer the research question, we need to understand the general concept of EDM. As previously mentioned, the terms “emergency management” and “disaster management” are often used interchangeably because they have considerable overlap [3]. The EDM cycle consists of 4 phases, namely mitigation, preparedness, response, and recovery [11,45,46], as shown in Figure 1. The mitigation and preparedness phases are part of risk assessments before a hazardous event [45]. Mitigation is the application of actions to prevent a hazard from occurring or reduce its impact [18]. Although the impact of a hazard is often not wholly preventable, various strategies and actions can substantially reduce its scale or severity. Activities during the mitigation phase include engineering techniques and hazard-resistant construction, environmental and social policy development, and public awareness enhancement [3].

‎

The second phase, preparedness, aims to prepare the community to respond to a hazard [18] by providing information, creating partnerships, developing plans, building resources, and creating procedures [47]. When a hazardous event occurs, response and recovery must be carried out [45]. The response actions directly before, during, or immediately after a hazardous event occurs can save lives, reduce health impacts, ensure public safety, and meet the basic needs of the affected people [3]. Activities during the response phase include evacuation, search and rescue, medical care, and temporary housing [3,18]. The response activities may also extend to the recovery stage [45]. Recovery is a long-term action taken after the immediate effects of a hazardous event have passed in order to stabilize society and return to normalcy [18]. Recovery also aims to restore or improve the livelihoods and health of the affected populations and restore the economic, physical, social, cultural, and environmental systems [3].

Each activity shown in Figure 1 requires cooperation and coordination among the various parties, including the community, governments, health institutions, other groups, and regional and international organizations [48]. The community includes at-risk populations, survivors, and community groups or organizations [48]. Governments at all levels include leaders and politicians, ministries and agencies, national disaster management agencies, emergency services (eg, fire department, police, ambulance), and military service [48]. The third stakeholder is health institutions, including the Ministry of Health and health authorities, health-related nongovernment organizations (NGOs), health care providers, hospitals and other health care facilities, the health workforce, and private sector health organizations and professionals [48]. Other groups include universities and research institutes, nongovernment and volunteer groups, media, social media, new media, community influencers, and the private sector [48]. Finally, regional and international organizations include WHO and international NGOs [48].

This research focuses on community stakeholders affected by health hazards. Individuals can contribute to community-level surveillance, household preparedness, first-aid training, and emergency response [48]. Their active engagement in all aspects of EDM activities is vital [48]. To encourage active participation from the community, EDM needs to implement effective risk communication to attract attention and encourage user compliance. A warning is a risk communication used to inform people about a hazard so that accidents, injuries, or unwanted consequences can be avoided [49,50]. The purpose of warning messages is to draw the attention of people at risk, to reduce the time it takes to understand the warning, and to guide people to take appropriate protective measures [51,52,53]. In this case, risk communication serves as a component of disaster control and strategies to reduce the health, economic, and psychosocial impacts of major disaster events [40]. Risk communication is vital in all EDM phases, especially the response phase. The next section maps EDM phases and activities to EDMS features.

Emergency and Disaster Management System

Various studies have used different terms to describe the EDMS features for each of the 4 EDM phases. The term “emergency management system” is used by the United Nations [4] and Landau [54], which refers to a system that works for emergency planning, control, and reduction. The term “disaster management system” is used by Hannan et al [55] and Currion et al [56] as a system that aims to manage relief operations, recovery, and rehabilitation. The term “emergency response system“ is used by Amailef and Lu [57] and refers to a system that supports communications, data gathering, data analysis, and decision-making during the response phase. Meanwhile, research by Edwards et al [58] and Malizia et al [59] uses the term “emergency notification system,” which refers to a system that aims to broadcast information to as many devices as possible. Other studies by Ouyang et al [60] and Bonaretti and Fischer-Preßler [61] use the term “early warning system,” which aims to disseminate warnings to a threatened population before or at an early stage of hazardous events. In the context of biological hazards that threaten public health, the terms “digital contact tracing” [14,62] and “contact-tracing application” [34,63] are used to refer to a system that monitors and tracks infection and provides immediate support and information during pandemics.

Tables 1-4 map the activities and system features for each EDM phase and the stakeholders involved according to previous studies. The stakeholders consist of the community, governments, health institutions, other groups, and regional and international organizations. Tables 1-4 also show the stakeholders' roles in each feature with the responsible, accountable, consulted, and informed (RACI) matrix. In this study, the RACI matrix was used to analyze stakeholders and their level of involvement and authorization in each feature of the EDMS. Because this research focused on community users, the RACI matrix showed which features require involvement from community users. From the 4 stages of EDM, 19 main activities and 42 EDMS features were identified. Among all the features identified, there were 27 features that require involvement from the community users that the other stakeholder groups should pay attention to in order to encourage user compliance with the warning messages.

Based on Tables 1-4, community users can act as actors who are informed by or responsible for several features in an EDMS. Before a hazard occurs, community users can receive information about policies and strategies, potential hazards, and various types of education to increase their awareness of emergencies and disasters. When a hazard occurs, community users need information about the location of shelters, evacuation routes, and regular reports on ongoing disasters. During the response and recovery phases, community users play a more important role because in addition to obtaining information, they are also responsible for being actively involved in disaster management efforts. They must actively report disaster victims and missing persons, report tracing data and lab results, report damage to infrastructure, and request medical assistance and treatment. Community users who actively use EDMS features are encouraged to comply with the protocols and measures to deal with emergencies and disasters. Therefore, the design of these features is essential to drive user compliance.

Health Emergency and Disaster Management System

All the features analyzed in the previous section are used in a general EDMS dealing with all types of emergencies and disasters. To find out how these features have been used to address health-related disasters, we investigated their application to Health EDMS, an EDMS that is specifically used to respond to and cope with hazardous events that threaten public health. During the COVID-19 pandemic, Health EDMS was used by multiple countries to assist in contact tracing. Contact tracing is a control measure to prevent further disease transmission [70]. When someone tests positive for COVID-19, that person must be quarantined or self-isolated. After that, the contact-tracing process is carried out by identifying the person's close contacts and advising them to take precautionary self-isolation [71]. Close contact means direct face-to-face contact with an infected person or confirmed case [71]. Various countries have developed contact-tracing mechanisms with technology support. A CTA allows devices to communicate through Bluetooth technology, GPS, wireless technology, and sensors [71]. A CTA has features to automate contact-tracing activities and other features to disseminate information and provide medical care [70].

In this study, the discussion of Health EDMS will focus on a CTA because a CTA is a clear example of a technology application that deals with health emergencies and disasters. As a self-administered warning system, CTAs have been widely used in more than 50 countries [72]. A CTA is implemented when COVID-19 emerges in order to respond to and recover from the pandemic [16]. Therefore, the system features are geared more toward the response and recovery phases than the mitigation and preparedness phases. Table 5 displays a list of features for response and recovery phases in some CTAs implemented by different countries. The countries shown were selected based on the number of COVID-19 cases: high (the United States and India), medium (the United Kingdom and France), and low (Singapore and Switzerland) [73]. In addition to the number of cases, these countries were also chosen to represent the Americas, Europe, and Asia regions. The CTAs selected are available on Apple App Store and Google Play Store with the most significant number of users, free of cost, and launched and supported by the governments of selected countries [73]. The CTA features in the selected countries were based on the information provided by Alanzi [16] and Blasimme et al [17].

There are 6 CTAs reviewed in Table 5. PathCheck SafePlace is a CTA developed in the United States that aims to integrate people and health departments to prevent the spread of COVID-19 by sharing information [16]. The application was developed by the Massachusetts Institute of Technology, TripleBlind, and a nonprofit organization called PathCheck Foundation [16]. Aarogya Setu is an official CTA launched by the Indian government with more than 1.4 million users [16]. NHS COVID19 is a CTA launched by the National Health Service (NHS) Test and Trace in the United Kingdom [16]. Although this application does not store personal information, it still collects location information for track and trace purposes [16]. TousAntiCovid is implemented in France using a centralized IT architecture where data are stored on centralized servers run by the national health authorities [17]. Users must enter their personal information to report a positive test, which triggers a notification to other users [17]. The health authorities in France send an exposure code to users via email and post [17]. In contrast to TousAntiCovid, SwissCovid implements a decentralized protocol like in other European countries, such as the United Kingdom [66]. Users must contact health authorities to activate an exposure code after receiving a notification of a positive test result [66]. Another application, TraceTogether, is an official CTA launched by the Singapore government [16]. This application emphasizes user privacy by using anonymous IDs and giving users the right to delete their data [16].

Based on Table 5, at the most, the CTAs implemented 11 EDMS features in 5 EDM activities: response (RS)2, RS3, RS4, recovery (RC)3, and RC4. Most CTAs implemented all 3 features in RS2 to monitor and report the ongoing hazard; disseminate notifications and warnings; and provide timely, credible, and actionable information to the public. The CTAs also provide data visualization that enables users to monitor the ongoing status of the COVID-19 cases in their areas. Some CTAs (ie, PathCheck SafePlace, and Aarogya Setu, provide query resolution feature as part of RS3, allowing users to request help and ask questions through the applications [16].

Medical care provision (RS4) is 1 of the priority features in CTAs. CTAs provide automatic contact-tracing tools integrated with location mapping through GPS. Aarogya Setu integrates these tools with an electronic pass (e-pass) in transportation and public places [16]. CTAs also provide users with self-assessment tools to check their health status and exposure to COVID-19. Health institutions provide laboratory check reports to users through their handheld devices. Some CTAs(ie, PathCheck SafePlace and Aarogya Setu) also come with online consultation and appointment scheduling with health facilities [16]. The medical care and surveillance activities continue to the recovery phases in RC3 and RC4.

In the previous section, there were 27 EDMS features that involved the user community. Meanwhile, Table 5 shows that only 11 have been implemented in Health EDMS, mainly functioning to monitor and report ongoing hazards and provide medical care and logistical support. Health EDMS does not implement all the features at the mitigation and preparedness stages. Several features in the response and recovery phases are also not implemented because they are not in accordance with the scope of health-related hazards, such as shelter data management, reporting of victims and missing persons, and recording of infrastructure damage. In Health EDMS, all the measures need to be complied with by the users to make them effective in controlling the pandemic [38,40]. When surveillance and monitoring tools detect hazardous conditions, Health EDMS disseminates notifications and warnings to users. User compliance with notifications and warnings determines the success of Health EDMS. The following section discusses user compliance in the information system (IS) context.

Compliance

Compliance refers to the agreement with the expectations stated in the rules, standards, proposals, requests, orders, or suggestions [74]. It is also defined as a relationship consisting of the power used by superiors to control subordinates and subordinates' orientation to this power [75]. Compliance can include approval as well as obedience [74]. In health care, compliance is conceptualized as a cognitive-motivational process of personal attitudes and intentions, behaviors, and the outcome of patient-practitioner interactions [76]. It also involves professional power over the patient [76]. Compliance is not based solely on an individual risk-benefit assessment but also involves relationships between commanders and followers and between organizations and members [38].

Research on compliance has been investigated in various fields, and theories regarding compliance also come from multiple domains, such as psychology, criminology, health, management, and organization [77]. In the organizational context, business dynamism and IT advancements encourage companies to frequently update their IS and its usage policy [78]. In this case, users need to maintain IS compliance behavior due to the interdependent nature of tasks that need to be accomplished through IS [78]. Social (trust and support) and performance (discipline and stretch) management influences collective compliance with IS [78]. Compliance also has been widely studied in IS security policy research [38]. Employees are willing to comply with IS security policy if they feel they have the capacity to carry out a security task, have a positive attitude in carrying it out, and see others performing the same security task [77]. When they encounter a security threat, they evaluate the threat and coping behavior to decide whether to comply [77]. Employee compliance with IS and its usage policy is critical to achieving IS objectives in supporting business operations [78].

Health EDMS differs from other ISs as it is used in life-critical and time-sensitive situations, often with limited resources. Immediate compliance with the health notifications and warnings is essential to save lives [38]. When a person receives a warning, the warning response can be sequenced as follows: listen to the warning, understand the content of the warning message, believe that the warning is credible and accurate, personalize the warning, confirm the warning, and respond by taking protective action [79]. Previous studies have shown that responses to warning messages are influenced by the type of hazard, the message and its source, the medium or channel through which the message is communicated, the characteristics of the recipient, and situational or environmental factors [51,79]. We conducted a systematic literature review to map the extant studies on user compliance with Health EDMS.

Methods

Search Strategy

A systematic literature review is a secondary study conducted to identify, evaluate, and interpret all available research relevant to a particular research question, topic area, or phenomenon of interest [80]. A systematic literature review summarizes the existing research insights, identifies research gaps, suggests areas for further investigation, or provides a framework to position new research activities [81]. Our systematic review was conducted using PRISMA 2020 guidelines [42]. The PRISMA checklist can be seen in Multimedia Appendix 2.

The search was conducted using the online databases Scopus, ScienceDirect, ProQuest, IEEE, and PubMed. The keywords or search strings used to search the papers were (“emergency” OR “disaster” OR “response” OR “notification” OR “warning” OR “alert” OR “tracing”) AND (“system” OR “apps” OR “application”) AND (“compliance”). The search was conducted for journal papers published between January 2000 and February 2022.

Inclusion and Exclusion Criteria

The inclusion criteria were the review guidelines for study selection, as displayed in Table 6: be published in a journal, have full text available, and be written in English. In addition, in accordance with the objectives of this study, the papers had to discuss compliance with the warning or alert from Health EDMS and focus on individual perceptions or behaviors on Health EDMS. Therefore, papers with related terms, such as “emergency management system,” “disaster management system,” “emergency notification system,” “emergency warning system,” “emergency response system,” and “contact-tracing application,” were also included in this review. We did not include the keywords “mobile health” or “mHealth” because these applications are not used specifically for health emergencies and disasters but are for everyday use, which was not the scope of this research. This study was limited to a review of previous research on compliance from a user perspective and did not include the technical design of Health EDMS.

Study Selection

The study selection was carried out as follows:

• Step 1: The keyword or search string was searched in the aforementioned online databases. We limited the search to the abstract, title, or keyword fields. Duplicate records were removed.
• Step 2: The title and abstract of the identified papers were reviewed based on the inclusion criteria. Papers that did not meet inclusion criteria were removed.
• Step 3: The remaining papers were read in full to determine whether they met the inclusion criteria.

Data Items and Synthesis

The data extraction process aimed to identify relevant information from the included studies that pertained to our research question. This process included producing a Microsoft Excel data sheet consisting of key aspects related to the research aim. The following data were extracted from each publication: title, author(s), year of publication, name of the journal, country, topic, research question or objective, factor(s), method, recommendation, finding, and research gap. Each paper's full text was read, and the research data were entered into the Excel sheet. Once the extraction was completed, the Excel sheet was reviewed, and then the findings of the studies were analyzed to answer the research question. The results of the review are discussed in the next section.

Results

Review Process

The selected electronic databases were searched following the previously explained search strategy. In total, 618 papers were retrieved. Next, duplicate papers were removed, resulting in 573 (92.7%) papers. The papers' titles and abstracts were reviewed by applying the inclusion criteria. After removing the papers that did not fulfill the inclusion criteria, we were left with 95 (16.6%) papers. Next, the papers' full texts were read to ensure they covered the predefined scope. This step resulted in 14 (14.7%) selected papers. A summary table of the characteristics of the included studies is provided in Multimedia Appendix 3. Figure 2 shows the review process using PRISMA guidelines.

‎

Study Characteristics

The included papers showed that Health EDMS research was conducted in the United States (n=5, 35.7%), the United Kingdom (n=2, 14.3%), China (n=2, 14.3%), Switzerland (n=1, 7.1%), France (n=1, 7.1%), Germany (n=1, 7.1%), South Korea (n=1, 7.1%), and Israel (n=1, 7.1%). Figure 3 shows the distribution of the papers by country.

‎

From 2004 to 2022, 14 studies on user compliance with Health EDMS were found. There were relatively few studies before 2021. Research on Health EDMS compliance increased rapidly in 2021 (there were 7, 50.0%, studies) due to the COVID-19 pandemic. The COVID-19 pandemic has led to many studies on user compliance with CTAs, EDMSs for handling health-related emergencies and disasters.

Related to the sources of publications, 2 (14.3%) papers were published in the Journal of Medical Internet Research and 1 (7.1%) paper each was published in the following journals: MIS Quarterly, AIS Transactions on Replication Research, Applied Ergonomics, BMJ Open, Disaster Medicine and Public Health Preparedness, Disasters, Frontiers in Psychology, Human Factors, Humanities and Social Sciences Communications, International Journal of Disaster Risk Reduction, Public Health, and Public Relations Review. These papers used the quantitative research method (n=11, 78.6%), mixed method (n=1, 7.1%), and conceptual method (n=2, 14.3%). The papers that applied quantitative methods used surveys (n=7, 50.0%) and experiments (n=4, 28.6%) to collect data. The 1 (7.1%) paper that applied a mixed method used a combination of experiments (quantitative) and focus group discussions (qualitative). In addition, 2 (14.3%) conceptual papers developed arguments about concept associations.

Theoretical Lens of User Compliance with Health EDMS

The theories used in Health EDMS compliance research (Table 7) include the protective action decision model (PADM), Etzioni's compliance theory, the Health Belief Model (HBM), protection motivation theory (PMT), social amplification of risk framework (SARF), extension of the technology acceptance model (TAM2), and the theory of planned behavior (TPB). Of the 14 papers in this review, 5 (35.7%) did not use any theory to analyze compliance factors, 2 (14.3) were conceptual papers [82,83], and the others applied selected concepts or themes from previous studies. To investigate compliance with Health EDMS, Freberg [84] examined the message source and message reliability; Albrecht et al [85] examined risk perception, risk preference, and social preference; and Panchal et al [86] examined security and privacy concerns, information content, usability, and knowledge of the application. Next, we elaborate on each of the theories used in Health EDMS compliance research.

Protective Action Decision Model

The PADM is a framework for managing the societal response to environmental hazards [51]. The PADM has been applied to 3 different areas: risk communication, evacuation modeling, and long-term hazard adjustment [51]. In the PADM, decision-making begins with environmental cues, social cues, and warnings [51]. Environmental cues are signs of threat obtained from the environment, such as sight, smell, or sound [51]. Social cues are signs obtained after observing the behavior of others [51]. A warning is a message sent from an information source through a channel to the recipient [51]. The 3 triggers encourage a pre–decision-making process involving exposure, attention, and comprehension [51]. Exposure measures whether people receive information, attention measures whether people care about the information, and comprehension measures whether people understand the information [51].

Furthermore, the pre–decision-making process generates perceptions of the environmental threats, alternative protective actions, and relevant stakeholders (government, other groups, and community) [51]. These perceptions provide the basis for protective action decision-making [51]. The dependent variable of the PADM is a behavioral response that is generally in the form of information seeking, protective responses, or emotion-focused coping [51]. The actual implementation of a response depends not only on people's intentions to act but also on the physical and social conditions that can hinder or facilitate the action [51]. The final stage in the PADM is the feedback loop [51]. People attempt to confirm or contradict every warning they receive, usually by searching for additional information from different sources and channels [51].

Stakeholder perceptions and protective action perceptions have been shown to influence compliance with warnings during the avian influenza A (H7N9) outbreak [87] and the COVID-19 pandemic [15]. Meanwhile, threat perception has not been shown to affect warning compliance based on COVID-19 research in Germany and China [15,52]. The use of protective measures can reduce threat appraisal, making people feel less likely to be infected. However, the duration of the pandemic, the extended and repeated warnings, and the familiar feeling of the disease resulted in information fatigue that undermined the perceived threat [52]. Among all the theories in Table 7, the PADM is the only theory that focuses on the human response to threats [51]. The PADM also specifies prompts for action, which are important for encouraging engagement in health-related behaviors [87]. However, for slow-moving and long-term health-related hazards, the PADM has not been able to predict changes in threat perceptions.

Etzioni's Compliance Theory

Etzioni's compliance theory states that there are 2 parties to a compliance relationship: an actor who has power and another actor who responds to the power (subordinated actor) [91]. Power can be differentiated into 3 types according to the means used to make the subject comply [91]. Coercive power applies physical sanctions, force, and fear to control lower-level participants [91]. Remuneration power applies material resources and rewards to control others [91]. However, normative power is the provision and manipulation of symbolic rewards and deprivations [91]. The effectiveness of each power in obtaining the cooperation of subordinates depends on their involvement [91].

The subordinated actor can have 3 kinds of involvement: alienative, calculative, and moral [91]. Alienative involvement leads to intense negative orientation, while calculative involvement can lead to positive or negative orientation [91]. However, moral involvement, also known as commitment, leads to intensely positive orientation [91]. Moral involvement can be based on pure commitment (based on the internalization of norms) and social commitment (based on pressure from primary groups and their members) [91]. Subsequently, combining 3 types of power and 3 types of involvement produces 9 kinds of compliance [91]. However, 3 kinds of compliance are more frequently found in practice [91]. These are the relationships between coercive power and alienative involvement, remuneration power and calculative involvement, and normative power and moral involvement [91]. These compliance types are called congruent types [91]. This happens when the subordinate's involvement type is the same as the types that want to be generated by organization power [91]. The congruent types are more frequent because they are more effective to implement.

Etzioni's compliance theory has been adapted to campus emergencies [38] and health care–related emergencies [41]. Both studies were designed to accommodate emergency notifications sent by normative organizations, such as the campus and the government [38,41]. Normative power was adapted as the subjective norm, while coercive power and remuneration power were adapted as a perceived security threat and a perceived financial threat, respectively [38,41]. The results of the 2 studies are similar and show that subjective norms are the most important factor promoting immediate compliance in health-related hazard scenarios [38,41].

Health Belief Model

The HBM is a conceptual model for understanding why individuals do or do not perform various actions related to health behavior [92]. The HBM defines 6 different constructs. These constructs focus on individual representations of threat perceptions and evaluation of health behaviors [93]. Threat perception is defined as 2 central beliefs: perceived susceptibility to health problems and perceived severity of disease consequences [93]. Health behavioral evaluation also consists of 2 constructs: perceptions of the benefits or efficacy of the recommended health behaviors and perceptions related to the barriers to enacting these behaviors [93]. In addition, the HBM proposes that cues to action can activate health behaviors when individuals hold appropriate beliefs [92]. Cues to action can be individual perceptions of symptoms, social influences, and health education campaigns [93]. In a later version of the theory, individual health motivations are also included as constructs that drive health behavior actions [93].

The HBM has been used to analyze individual compliance with warnings to take recommended protective actions during the H7N9 [87] and COVID-19 [88] outbreaks. The perceived risk or perceived vulnerability positively influenced compliance intentions in the H7N9 outbreak [87]. Meanwhile, all HBM constructs except health motivation were used by Guillon and Kergall [88] and were shown to affect compliance to protective measures and CTAs during the COVID-19 pandemic. However, the HBM does not consider the effect of information on protective behavior, even though risk information has been seen as an essential driver of risk perception and behavioral response [87].

Protection Motivation Theory

In a hazardous event, the increased fear of the individual also increases their intention to take action [90]. The PMT describes the social and cognitive processes that underlie protective behavior [94]. The PMT proposes that people protect themselves based on threat appraisal and coping appraisal [94]. Threat appraisal refers to the perceived likelihood that the event will occur and have negative consequences [94]. Threat appraisal is a person's assessment of the estimated severity of the disease (perceived severity) and estimates the likelihood of contracting the disease (perceived susceptibility) [95]. In addition, the PMT also states that fear arousal indirectly affects attitudes and behavior changes through the perceived severity of danger [95]. However, coping appraisal consists of the individual's expectation that implementing the recommendations will eliminate the threat (response efficacy) and the belief that they can successfully carry out the recommended actions (self-efficacy) [95]. Thus, if individuals conclude that a threat will affect them, they will be more motivated to protect themselves and initiate or continue certain self-protective behaviors [94].

In Health EDMS compliance studies, the PMT has been used in campus emergency notification systems [90] and emergency alerts during the COVID-19 pandemic in South Korea [89]. However, the PMT constructs cannot explain rapid compliance with health advisory warnings on campus. Instead, the PMT can better explain compliance in fast-evolving scenarios, such as robberies, active shooters, and building fires. In the COVID-19 alert study, the PMT construct was used as a mediating factor between reading text messages and practicing preventive behaviors. Response efficacy was the only variable driving compliance to warnings, whereas the perceived risk was insignificant. Based on these 2 studies [89,90], the PMT constructs are less predictive of explaining compliance in slower-developing scenarios, such as health-related hazards.

Social Amplification of Risk Framework

SARF describes a dynamic process for understanding how risk is perceived when communicated to the community [15]. SARF conceptualizes that individual and social perceptions of risk and risk behavior can be shaped, enhanced, or attenuated when there is an interaction between hazardous events and psychological, social, institutional, and cultural processes [96]. In this case, the IS and the characteristics of the public response can form a social amplification that determines the nature and magnitude of the risk. ISs can amplify risk events in 2 ways: by intensifying or attenuating the signals that individuals and social groups receive about risk and by filtering out the many signals related to risk attributes and their importance [96].

Amplification occurs in 2 stages: when transferring information about the risk and when the community responds to the information [96]. Signals about risk are processed by individual and social amplification stations, including scientists communicating risk assessments, news media, cultural groups, and interpersonal networks [96]. Reinforced risk leads to a behavioral response, resulting in secondary impacts, such as financial loss, organizational change, and physical risk [96]. Communication is at the core of SARF, as individuals are most often exposed to risky information through the media or discussions with others [15]. In this manner, risk amplification allows different “amplification stations” to compete for public attention and influence how the public perceives and responds to risk [15].

SARF has been used to investigate compliance behavior in China during the COVID-19 pandemic [15]. One variable from SARF, namely information interaction, is used to examine how interactions between individuals can shape risk perceptions [15]. Information interaction significantly influences risk perception and preparedness intentions, while also serving as a mediator for warning [15]. Of the 2 stages of amplification in SARF, this study only analyzed amplification when the public responds to information [15]. Other SARF variables have not been found in Health EDMS compliance studies.

Extension of the Technology Acceptance Model

TAM2 extends the original TAM by including additional key determinants of perceived usefulness and usage intention constructs: social influence and cognitive instrumental process [97]. The social influence processes consist of subjective norms, voluntariness, and image [97]. Subjective norms are added as determinants considering that people can choose to perform a behavior if they believe their important references think they should [97]. TAM2 distinguishes between mandatory and voluntary use arrangements by adding voluntariness as a moderating variable [97]. In addition, TAM2 theorizes that social influences can affect how users judge the system's image (ie, whether the system can increase their status in a social system) [97]. The elevated status leads to increased power and influence that eventually provides a general basis for greater productivity (perceived usefulness) [97]. TAM2 also investigates how these determinants' effects change with increasing user experience over time with the target system [97]. As cognitive instrumental processes, TAM2 includes job relevance, output quality, and result demonstrability constructs. TAM2 shows that the influence of cognitive instrumental processes is not influenced by experience over time [97].

Research on CTAs in the United Kingdom found that most TAM2 constructs significantly affect user behavior to download the application and comply with notifications [27]. The trust factor was added and proved to be significant [27]. Compliance with the notification was fairly high, but there were issues surrounding trust and understanding of the application's features that hindered the adoption of the CTA [27]. Moreover, Dowthwaite et al [27] stated that users would likely delete the CTA when they are frustrated by a notification from the application (output quality) and do not understand how their data would be used (result demonstrability). Although TAM2 has described the factors that influence compliance with Health EDMS, it is still unclear what level of experience, output quality, and result demonstrability can positively affect compliance.

Theory of Planned Behavior

The TPB was first introduced as a development of the theory of reasoned action (TRA) and has been most widely adopted in the research on motivations for human behavior. The TPB explains that behavior is influenced by intention and intention is determined by 3 types of beliefs: attitudes, subjective norms, and perceived behavioral control [98]. Attitude is a comprehensive evaluation of the implementation of behavior [98]. Subjective norms are individual perceptions of other people's expectations considered important about certain behaviors [98]. Meanwhile, perceived behavioral control is an individual's perception of how easy or difficult it is to do something [98]. It can also be interpreted as the resources and opportunities available to a person to encourage them to perform a behavior [98]. The TPB has been applied in studies of ISs, organizations, and user populations.

The TPB is 1 of the most influential theories in disaster and emergency preparedness planning. The TPB has been used to analyze the factors that affect rapid compliance with emergency notifications in 7 emergency scenarios in a campus: robbery, active shooter, building fire, hazardous material, riot/violent protest, air quality advisory, and health advisory [90]. Attitude significantly affected compliance across all scenarios, while subjective norms significantly affected almost all scenarios except the active shooter [90]. However, perceived behavioral control was only significant in the air quality advisory scenario [90].

Factors Affecting User Compliance With Health EDMS

This section summarizes the factors affecting compliance with Health EDMS from the selected papers. People can comply immediately or verify and then comply after receiving a warning [38]. Verification is performed by contacting other people or seeking information from other media and channels [41]. In this case, various features of Health EDMS, such as warning and notification (RS2.2), interactive messaging (RS2.3), or video and media (RS2.3), can facilitate remote verification to increase compliance levels [41]. Other technological factors, such as system design, including communication channels, public education, usability, and information content, also affect warning compliance [78].

In addition, individual characteristics and social influence play a significant role in driving compliance [78,85,90]. The individual evaluates the situation to build their belief about whether compliance with an emergency message yields a valuable outcome [90]. They also consider their expectations from influential people in their lives, social pressures, and cultural norms about behavior [90]. The factors affecting compliance with Health EDMS can be categorized into 3 main groups: individual, technology, and social.

Sorensen [79] stated that warning compliance is influenced by sender and receiver factors, situational factors, and social contacts. Upon receiving the warning, individuals make decisions based on their judgment of the message source, their ability to understand the message and implement countermeasures, and the personal situation they experienced. The sender and receiver are included in the category of individual factors. Moreover, compliance results from interactions between users and other parties who provide warnings. In this study, the interaction is described in the form of social factors consisting of situational factors and social contact. Sorensen [79] also stated that system design can affect the response to warnings.

From the literature reviewed, our study identified 14 individual, 10 technological, and 4 social factors that influenced users' compliance with Health EDMS. Most of them were derived from the previously discussed behavior theories, while others were added by the researchers without referring to any particular theory. From individual factors, perceived risk and response efficacy are the most widely used predictors of compliance. From technological factors, the most frequently used factors are warning message characteristics. Moreover, subjective norms and stakeholder perception are the most researched social factors. A summary table of the individual, technological, and social factors influencing users' compliance with Health EDMS is provided in Multimedia Appendix 4.

Discussion

Principal Findings

EDM is 1 of the most challenging management tasks because decisions must be made in a short time, under a rapidly changing environment, with unique situations for each incident, and involve high operational costs [64]. In this case, an IS (EDMS) can be used to support decision-making. Each stage in EDM (ie, mitigation, preparedness, response, and recovery) requires a different type of EDMS feature in terms of the problem to be solved, the stakeholders involved, the need to provide real-time data, presentation of the data to users, and the technological sophistication required [64]. This research mapped EDMS features from various literatures into the main activities at each EDM stage. From the 4 stages of EDM, 19 main activities and 42 EDMS features were identified (Tables 1-4). This study also identified stakeholder roles for each feature using the RACI matrix, which will be helpful during EDMS development. The list of features presented in this study is expected to guide governments and system developers in designing a comprehensive and integrated EDMS.

This study mapped the EDMS features into CTA functionalities. Contact-tracing strategies have been implemented worldwide, with varying degrees of success [86]. In 2020, months after COVID-19 spread, CTAs were launched in more than 50 countries [72], both official and unofficial, to respond to the pandemic. This study found that at the most, a CTA implements 11 EDMS features for the response and recovery phases. For the response phase, a CTA provides features to monitor and report ongoing hazards, disseminate notifications and alerts, provide information to the public, manage request data, manage contact-tracing data, manage medical care, and manage laboratory test data. When the number of infected cases decreases and activities return to normal, a CTA can still be used in the recovery phase to support ongoing medical care and monitoring activities. An important feature that needs to be implemented in the recovery phase is the management of lessons learned data. The lessons learned can provide insight into the use of Health EDMS in the response stage [63], especially for new infectious diseases that have not been previously identified. This feature will be beneficial in determining future strategies and policies. A CTA was only implemented when the disease had spread, so there were no mitigation and preparedness functions. The system should also be equipped with these functions for further development to enable early strategic planning and build sufficient capacity for dealing with the health-related hazard.

Rapid compliance with warnings is vital to save lives. The features of Health EDMS can provide information and warnings that increase the sense of urgency and become a source of verification to improve compliance levels [41]. Through a systematic literature review using the PRISMA method, this study classified factors that determine compliance with Health EDMS into individual, technological, and social factors. Based on the analysis and synthesis of the literature, we proposed a research framework showing the relationship between the influencing factors of Health EDMS feature use and design and user compliance with Health EDMS (Figure 4). The framework shows that individual, technological, and social factors influence the use and design of surveillance and reporting features, and medical care and logistical support features. Appropriate use of these Health EDMS features during health disaster events affects user compliance with Health EDMS.

‎

In the previous explanation (Table 5), 11 features have been implemented in Health EDMS, mainly for surveillance and reporting ongoing hazards and providing medical care and logistical support. Individual, technological, and social factors influence the use of these features. Individual factors are related to perceptions of health risks, experiences, attitudes, and perceptions of Health EDMS. The perceived probability and consequences of contracting a disease can encourage someone to take protective actions in Health EDMS [85,88]. Individuals who feel the threat of an illness will seek more information about it and will always be aware of warnings and notifications from the system. Therefore, individual factors influence the use of surveillance and monitoring features of Health EDMS. During the COVID-19 pandemic, the perception of risk also encouraged the public to carry out laboratory tests and self-quarantine to ensure they did not contract the disease or infect other people [88]. They were self-encouraged to take preventive measures, such as testing, medical treatment, and requesting logistical assistance through Health EDMS.

Technological factors cover all aspects of information and technical quality. System notifications and warnings can change how individuals think and feel about threats and risks. Health EDMS must provide sufficient information to users about their possible risk exposure and the actions they should take [86]. The information quality of the system will drive the use of both feature sets in Health EDMS (ie, surveillance and monitoring, and medical care and logistical support). In addition, if users believe that Health EDMS is easy to use, relevant to their needs, and protects their privacy, they will be encouraged to use the system [27,86].

In addition to technological and individual factors, the use and design of Health EDMS are influenced by social factors. Opinions from influential people, such as family, friends, or coworkers, encourage individuals to use Health EDMS [90], for example, seeking information about hazards and viewing daily case reports. Moreover, users who believe that Health EDMS stakeholders have the expertise to manage hazards will use Health EDMS as their primary source of information and warnings [15]. Users will also ask for medical and logistical assistance through Health EDMS if they believe the stakeholders can respond quickly and effectively [15]. In designing Health EDMS, social factors can be supported by allowing users to share information to social media or messaging applications. Health EDMS must also highlight the ability of the stakeholders to overcome the health hazards [15]. Frequent use of the surveillance and monitoring features as well as the medical and logistical assistance features of Health EDMS may increase compliance. User compliance analyzed in previous research is limited to the intention to comply, not actual compliance. Future research needs to examine actual compliance to produce stronger evidence on the causal factors and effective interventions in this area.

The proposed research framework was developed based on our analysis of theories and corresponding factors affecting user compliance with Health EDMS in the existing literature. Future research can empirically examine the framework with a specific health EDMS. Collaborations with CTA providers are needed to examine actual compliance. In addition to the proposed research framework, we proposed 2 research topics on Health EDMS that require further investigation. First, Health EDMS has only implemented features to handle the response and recovery phases of EDM. The mitigation and preparedness phases of EDM are not supported by Health EDMS. Health EDMS should not only be used to respond to and cope with disasters but also be used to prevent and prepare for health-related hazards. Nevertheless, unlike natural disasters or human-induced disasters, such as forest fires, the characteristics of future health-related hazards are unknown. How to design features for mitigation and preparedness of future health-related hazards is an interesting research topic. Second, considering that a CTA is a relatively new IS implemented for a specific pandemic case, the effectiveness of CTA features in increasing user compliance with warnings has not been widely analyzed. Instead of examining a CTA as a whole, future research should investigate each feature of a CTA in depth toward increasing user compliance.

Conclusion

Health EDMS has been implemented to cope with health-related hazards. However, the compliance rate with Health EDMS remains low [27,41]. This study reviewed previous research on user compliance with Health EDMS based on PRISMA reporting guidelines. Research on this topic increased rapidly in 2021 due to the COVID-19 pandemic. This study identified 7 theories researchers adopted when examining Health EDMS compliance behavior: PADM, Etzioni's compliance theory, HBM, PMT, SARF, TAM2, and TPB. This study also discussed the individual, technological, and social factors influencing the use of 2 Health EDMS features (ie, surveillance and reporting features, and medical care and logistical support features). During health-related hazards, community users play an important role in actively reporting disaster victims and missing persons, report tracing data and lab results, report damage to infrastructure, and request medical assistance and treatment. Community users who actively use the surveillance and reporting features as well as the medical care and logistical support features will be encouraged to comply with the protocols and measures to deal with the health disaster. An in-depth understanding of user compliance before designing a health EDMS is essential for governments and developers to increase the effectiveness of Health EDMS implementation.