The American Journal of Managed Care Special Issue: Health Information Technology - Guest Editors: Michael F. Furukawa, PhD; and Eric Poon, MD, MPH
Public Attitudes Toward Health Information Exchange: Perceived Benefits and Concerns
Objectives: To characterize consumers’ attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits.
Study Design: A cross-sectional study.
Methods: A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE.
Results: A majority of the 1847 respondents reported they were either “very” or “somewhat” concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data.
Conclusions: Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.
(Am J Manag Care. 2011;17(12 Spec No.):SP111-SP116)
A national survey of adults regarding electronic health information exchange (HIE) found that greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns.
- Statistically significant variations in concerns about the security of electronic health records and HIE were found among employed individuals 40 to 64 years old, and minorities, indicating that HIE policies need to account for demographic and social factors in order to encourage widespread participation.
- Consumers desire greater transparency and control over who accesses their personal information.
With the benefits of HIE come challenges and opportunities for keeping health information private and secure. To better understand these challenges and opportunities the Office of the National Coordinator for Health Information Technology (ONC) and the Agency for Healthcare Research and Quality supported the Health Information Security and Privacy Collaboration (HISPC) between 2006 and 2009. The HISPC was the first coordinated nationwide effort established to assess and address the effect of variations in organization-level business practices, policies, and state laws governing the privacy and security of electronic health information on nationwide electronic HIE.2
High levels of consumer concern about privacy and security may be a barrier to widespread participation in HIE.3-5 Yet, emerging studies also indicate that consumers recognize that there are benefits to the electronic collection, storage, and sharing of their health information, such as better coordination of care.3,4,6-9 What remains unclear is how consumer engagement and participation in HIE is affected by consumers’ perceptions of the risks and benefits of HIE.
Understanding the specific privacy and security concerns of consumers, and assessing their preferences for specific safeguards, could help inform the further development of privacy and security policies and other measures that will be critical to the overall implementation of the HITECH Act This study sought to examine the reasons underlying consumer concerns and how the perceived risks and benefits impact decisions about sharing their health information. In addition, we examined the types of safeguards that could help address these concerns. We also sought to characterize consumers who expressed greater concerns and, therefore, may be less likely to participate in HIE.
A random-digit-dial (RDD) telephone survey was conducted, in English, among adults 18 years or older residing in the United States between August and November of 2010. The sample consisted of 12,795 cell phone–only households and 15,036 landline households. This was intended to be an exploratory study, and we did not oversample for minority subgroups or conduct the survey in Spanish.
The methods for weighting cell phone and landline RDD studies are still in their infancy. We followed a methodology proposed by Brick10 and the guidelines in a report from the American Association for Public Opinion Research (AAPOR) Cell Phone Task Force to weigh the data.11 We created base weights using the initial probabilities of selection and adjusted to account for nonresponse using a weightclass approach based on region. We then used a composite estimator to adjust the weights to account for dual, overlapping sample frames and compared weight sums to control totals from the 2009 National Health Interview Survey for post-stratification.
The survey methodology was approved by an Institutional Review Board at RTI International.
The survey (see eAppendix) sought to examine consumers’ detailed preferences and attitudes related to privacy and security of HIE. The survey domains included: 1) demographic information; 2) current computer and Internet usage; 3) experience with the healthcare system and general knowledge about health information; 4) general attitudes toward HIE; 5) specific questions about the privacy and security of HIE, and awareness of regulations governing privacy and security; and 6) safeguards that might address these concerns. The questionnaire items underwent multiple rounds of cognitive testing for concept clarity to ensure a general audience could understand them. The survey was then programmed as a computer-assisted telephone interview instrument.
We used descriptive statistics to characterize respondents and attitudes. We also examined bivariate associations between consumer characteristics and attitudes toward privacy and security of HIE and electronic health records (EHRs). For categorical and dichotomous variables we assessed these bivariate associations using χ2 test, or Fisher exact test where appropriate. Tests were 2-sided and Bonferroni corrections applied to multiple comparisons.
We ran logistic regression models using an iterative, backward, stepwise selection procedure to examine the association between levels of concern about the security of EHR and security of HIE with the following variables: age (18-39, 40-64, 65 ); race (white, black, Hispanic, other); gender; education (>high school vs >3 visits or <2). We used SAS version 9.2 (SAS Institute Inc, Cary, North Carolina) and SUDAAN version 10.0.1 (RTI International, Research Triangle Park, North Carolina) for analyses.
Of the 1847 respondents, 68% (n = 1261) were from the landline phone household sample. Approximately 40% (n = 8297) of the sample was ineligible; most were nonworking numbers, businesses, or fax/modems. Among those that were eligible, 6607 (55%) refused to participate. Additionally, some households (n = 3463) did not answer the phone despite 15 callbacks, while others had language barriers or other impairments (n = 472) that prevented them from completing the survey.
Twenty-five percent of the respondents were between 18 and 39 years old, 46% were between 40 and 64 years old, and 29% were 65 years or older (Figure 1). According to 2009 US Census data, these age groups are 41%, 43%, and 16%, respectively. A majority of respondents were white (60% vs 72% US) or female (59%). Almost three-quarters (73% vs 84.6% US) of respondents attended high school or beyond.12 Half reported they were either unemployed, retired, or a student.
Concerns About the Security of EHR and HIE
Of all respondents, 82% reported that they were “very” (59%) or “somewhat” concerned (23%) about the security of EHR. Additionally, 75% of respondents reported being “very” (45%) or “somewhat” concerned (30%) about the security of HIE. Security was described as “the protections (policies and technologies) used to keep unauthorized individuals from being able to access and view your electronic health information.” Most of the reasons underlying consumers’ concerns about the security of HIE related to the potential misuse of their personal health information for fraud or identity theft (93%), posting of personal data on the Internet (90%), the receipt of unsolicited advertising and junk mail (88%), or discrimination (77%). Another reason for consumers’ concern regarding the security of HIE was the potential loss of their personal health information (82%).
Consumers With Greater Concern Regarding the Security of EHR
Multivariate analyses regarding concerns about the security of EHR are significantly higher (P <.05) among respondents between the ages of 40 and 64 years (odds ratio [OR] 2.1, 95% confidence interval [CI] 1.5-2.9), 65 years and older (OR 1.6, CI 1.1-2.3), and full-time employed individuals (OR 1.5, CI 1.1-2.0). Race (P = .0684) and frequency of physician visits (P = .1092) approached significance. Consumers With Greater Concerns Regarding the Security of HIE Multivariate analyses show that concerns regarding the security of HIE are significantly higher (P <.01) among respondents between the ages of 40 and 64 years (OR 1.6, 95% CI 1.1-2.1), full-time employees (OR 1.7, 95% CI 1.3-2.4), and minorities including black (OR 1.6, 95% CI 1.0-2.3), Hispanic (OR 1.7, 95% CI 1.0-2.7), and other minorities (OR 1.7, 95% CI 1.1-2.6).
Concerns About the Privacy of HIE
Nearly 70% of respondents were either “very” (35%) or “somewhat” (35%) concerned about the privacy of HIE. Concern about privacy was described as the concern that an unauthorized individual would gain access to or view their personal health information without their permission. The most frequent reasons underlying consumer privacy concerns were being denied credit (58%) or employment (54%). When asked about how likely certain events would occur if their health information was accessed by someone that did not have permission, the majority reported that it was “very” or “somewhat” likely that identity theft (74%) or fraud (65%) would occur, and about half of the respondents reported it was at least “somewhat” likely that they would be discriminated against (49%).
Benefits and Risks Associated With HIE
Consumers reported potential risks and benefits associated with HIE more generally. In addition to concerns regarding access by unauthorized individuals, a majority of respondents (75%) reported concerns that it was at least “somewhat likely” that their information would be accidentally linked to the wrong person or accidentally released to the wrong physician (65%).
Yet, respondents also indicated that HIE would have benefits. They thought HIE was “very likely” or “somewhat likely” to help doctors better coordinate care (89%), reduce the number of medical tests needed (81%), improve medical care (78%), and improve quality of care (76%).
When asked which of these potential risks or benefits was the most important, consumers reported that benefits were most important. These included the ability of HIE to better coordinate care (23%), improve quality of care for the country (16%), and for themselves personally (15%).
We also asked about the tradeoffs associated with privacy and security. Nearly 75% of respondents agreed that an EHR has benefits that outweigh any risk to privacy and security. Even among respondents who reported being “somewhat” or “very” concerned, a significant majority agreed that the benefits of HIE outweigh the risks (Table).
Sixty percent of respondents reported they would be willing to allow physicians to share their information electronically for treatment, even if they may not be able to protect their privacy all of the time. Approximately half of those who reported they were “very” concerned about privacy or security of EHR and HIE would permit their physician to share their information for treatment even if they may not be able to protect privacy all of the time (Table). A significantly higher proportion of individuals who reported they were “somewhat” concerned would allow their physician to do so (P <.0001).
Consumer Preferences Regarding Who Should Be Involved in Determining Privacy Settings for HIE
Most individuals desired to have their physicians involved in determining their privacy settings. Over a third (39%) preferred that they, their physicians, and their family determine their privacy setting. A little over a quarter (26%) indicated that they and their physician could determine this. Few individuals wanted to have the sole responsibility (18.5%) or have their physician (4.8%) have the sole responsibility in determining their privacy settings.