Greater consumer participation in determining how HIE occurs could engender greater trust among all demographic groups, regardless of varying levels of privacy and security concerns.
Objectives: To characterize consumers’ attitudes regarding the perceived benefits of electronic health information exchange (HIE), potential HIE privacy and security concerns, and to analyze the intersection of these concerns with perceived benefits.
Study Design: A cross-sectional study.
Methods: A random-digit-dial telephone survey of English-speaking adults was conducted in 2010. Multivariate logistic regression models examined the association between consumer characteristics and concerns related to the security of electronic health records (EHRs) and HIE.
Results: A majority of the 1847 respondents reported they were either “very” or “somewhat” concerned about privacy of HIE (70%), security of HIE (75%), or security of EHRs (82%). Concerns were significantly higher (P <.05) among employed individuals 40 to 64 years old and minorities. Many believed that HIE would confer benefits such as improved coordination of care (89%). Overall, 75% agreed that the benefits of EHRs outweighed risks to privacy and security, and 60% would permit HIE for treatment purposes even if the physician might not be able to protect their privacy all of the time. Over half (52%) wanted to choose which providers access and share their data.
Conclusions: Greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns. Addressing the specific privacy and security concerns of minorities, individuals 40 to 64 years old, and employed individuals will be critical to ensuring widespread consumer participation in HIE.
(Am J Manag Care. 2011;17(12 Spec No.):SP111-SP116)
A national survey of adults regarding electronic health information exchange (HIE) found that greater participation by consumers in determining how HIE takes place could engender a higher degree of trust among all demographic groups, regardless of their varying levels of privacy and security concerns.
Electronic health information exchange (HIE), the electronic sharing of health information among healthcare providers, patients, and other entities, promises an array of potential benefits for healthcare consumers through improved quality, safety, and efficiency.1 Health information exchange may also provide consumers with new, more effective, methods for engaging with their healthcare providers to view and manage their health information. In February 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was passed, which included substantial funding to support the nationwide adoption of health information technology (health IT) and HIE.
With the benefits of HIE come challenges and opportunities for keeping health information private and secure. To better understand these challenges and opportunities the Office of the National Coordinator for Health Information Technology (ONC) and the Agency for Healthcare Research and Quality supported the Health Information Security and Privacy Collaboration (HISPC) between 2006 and 2009. The HISPC was the first coordinated nationwide effort established to assess and address the effect of variations in organization-level business practices, policies, and state laws governing the privacy and security of electronic health information on nationwide electronic HIE.2
High levels of consumer concern about privacy and security may be a barrier to widespread participation in HIE.3-5 Yet, emerging studies also indicate that consumers recognize that there are benefits to the electronic collection, storage, and sharing of their health information, such as better coordination of care.3,4,6-9 What remains unclear is how consumer engagement and participation in HIE is affected by consumers’ perceptions of the risks and benefits of HIE.
Understanding the specific privacy and security concerns of consumers, and assessing their preferences for specific safeguards, could help inform the further development of privacy and security policies and other measures that will be critical to the overall implementation of the HITECH Act This study sought to examine the reasons underlying consumer concerns and how the perceived risks and benefits impact decisions about sharing their health information. In addition, we examined the types of safeguards that could help address these concerns. We also sought to characterize consumers who expressed greater concerns and, therefore, may be less likely to participate in HIE.
A random-digit-dial (RDD) telephone survey was conducted, in English, among adults 18 years or older residing in the United States between August and November of 2010. The sample consisted of 12,795 cell phone—only households and 15,036 landline households. This was intended to be an exploratory study, and we did not oversample for minority subgroups or conduct the survey in Spanish.
The methods for weighting cell phone and landline RDD studies are still in their infancy. We followed a methodology proposed by Brick10 and the guidelines in a report from the American Association for Public Opinion Research (AAPOR) Cell Phone Task Force to weigh the data.11 We created base weights using the initial probabilities of selection and adjusted to account for nonresponse using a weightclass approach based on region. We then used a composite estimator to adjust the weights to account for dual, overlapping sample frames and compared weight sums to control totals from the 2009 National Health Interview Survey for post-stratification.
The survey methodology was approved by an Institutional Review Board at RTI International.
The survey (see eAppendix) sought to examine consumers’ detailed preferences and attitudes related to privacy and security of HIE. The survey domains included: 1) demographic information; 2) current computer and Internet usage; 3) experience with the healthcare system and general knowledge about health information; 4) general attitudes toward HIE; 5) specific questions about the privacy and security of HIE, and awareness of regulations governing privacy and security; and 6) safeguards that might address these concerns. The questionnaire items underwent multiple rounds of cognitive testing for concept clarity to ensure a general audience could understand them. The survey was then programmed as a computer-assisted telephone interview instrument.
We used descriptive statistics to characterize respondents and attitudes. We also examined bivariate associations between consumer characteristics and attitudes toward privacy and security of HIE and electronic health records (EHRs). For categorical and dichotomous variables we assessed these bivariate associations using χ2 test, or Fisher exact test where appropriate. Tests were 2-sided and Bonferroni corrections applied to multiple comparisons.
We ran logistic regression models using an iterative, backward, stepwise selection procedure to examine the association between levels of concern about the security of EHR and security of HIE with the following variables: age (18-39, 40-64, 65 ); race (white, black, Hispanic, other); gender; education (>high school vs >3 visits or <2). We used SAS version 9.2 (SAS Institute Inc, Cary, North Carolina) and SUDAAN version 10.0.1 (RTI International, Research Triangle Park, North Carolina) for analyses.
Of the 1847 respondents, 68% (n = 1261) were from the landline phone household sample. Approximately 40% (n = 8297) of the sample was ineligible; most were nonworking numbers, businesses, or fax/modems. Among those that were eligible, 6607 (55%) refused to participate. Additionally, some households (n = 3463) did not answer the phone despite 15 callbacks, while others had language barriers or other impairments (n = 472) that prevented them from completing the survey.
Twenty-five percent of the respondents were between 18 and 39 years old, 46% were between 40 and 64 years old, and 29% were 65 years or older (Figure 1). According to 2009 US Census data, these age groups are 41%, 43%, and 16%, respectively. A majority of respondents were white (60% vs 72% US) or female (59%). Almost three-quarters (73% vs 84.6% US) of respondents attended high school or beyond.12 Half reported they were either unemployed, retired, or a student.
Concerns About the Security of EHR and HIE
Of all respondents, 82% reported that they were “very” (59%) or “somewhat” concerned (23%) about the security of EHR. Additionally, 75% of respondents reported being “very” (45%) or “somewhat” concerned (30%) about the security of HIE. Security was described as “the protections (policies and technologies) used to keep unauthorized individuals from being able to access and view your electronic health information.” Most of the reasons underlying consumers’ concerns about the security of HIE related to the potential misuse of their personal health information for fraud or identity theft (93%), posting of personal data on the Internet (90%), the receipt of unsolicited advertising and junk mail (88%), or discrimination (77%). Another reason for consumers’ concern regarding the security of HIE was the potential loss of their personal health information (82%).
Consumers With Greater Concern Regarding the Security of EHR
Multivariate analyses regarding concerns about the security of EHR are significantly higher (P <.05) among respondents between the ages of 40 and 64 years (odds ratio [OR] 2.1, 95% confidence interval [CI] 1.5-2.9), 65 years and older (OR 1.6, CI 1.1-2.3), and full-time employed individuals (OR 1.5, CI 1.1-2.0). Race (P = .0684) and frequency of physician visits (P = .1092) approached significance. Consumers With Greater Concerns Regarding the Security of HIE Multivariate analyses show that concerns regarding the security of HIE are significantly higher (P <.01) among respondents between the ages of 40 and 64 years (OR 1.6, 95% CI 1.1-2.1), full-time employees (OR 1.7, 95% CI 1.3-2.4), and minorities including black (OR 1.6, 95% CI 1.0-2.3), Hispanic (OR 1.7, 95% CI 1.0-2.7), and other minorities (OR 1.7, 95% CI 1.1-2.6).
Concerns About the Privacy of HIE
Nearly 70% of respondents were either “very” (35%) or “somewhat” (35%) concerned about the privacy of HIE. Concern about privacy was described as the concern that an unauthorized individual would gain access to or view their personal health information without their permission. The most frequent reasons underlying consumer privacy concerns were being denied credit (58%) or employment (54%). When asked about how likely certain events would occur if their health information was accessed by someone that did not have permission, the majority reported that it was “very” or “somewhat” likely that identity theft (74%) or fraud (65%) would occur, and about half of the respondents reported it was at least “somewhat” likely that they would be discriminated against (49%).
Benefits and Risks Associated With HIE
Consumers reported potential risks and benefits associated with HIE more generally. In addition to concerns regarding access by unauthorized individuals, a majority of respondents (75%) reported concerns that it was at least “somewhat likely” that their information would be accidentally linked to the wrong person or accidentally released to the wrong physician (65%).
Yet, respondents also indicated that HIE would have benefits. They thought HIE was “very likely” or “somewhat likely” to help doctors better coordinate care (89%), reduce the number of medical tests needed (81%), improve medical care (78%), and improve quality of care (76%).
When asked which of these potential risks or benefits was the most important, consumers reported that benefits were most important. These included the ability of HIE to better coordinate care (23%), improve quality of care for the country (16%), and for themselves personally (15%).
We also asked about the tradeoffs associated with privacy and security. Nearly 75% of respondents agreed that an EHR has benefits that outweigh any risk to privacy and security. Even among respondents who reported being “somewhat” or “very” concerned, a significant majority agreed that the benefits of HIE outweigh the risks (Table).
Sixty percent of respondents reported they would be willing to allow physicians to share their information electronically for treatment, even if they may not be able to protect their privacy all of the time. Approximately half of those who reported they were “very” concerned about privacy or security of EHR and HIE would permit their physician to share their information for treatment even if they may not be able to protect privacy all of the time (Table). A significantly higher proportion of individuals who reported they were “somewhat” concerned would allow their physician to do so (P <.0001).
Consumer Preferences Regarding Who Should Be Involved in Determining Privacy Settings for HIE
Most individuals desired to have their physicians involved in determining their privacy settings. Over a third (39%) preferred that they, their physicians, and their family determine their privacy setting. A little over a quarter (26%) indicated that they and their physician could determine this. Few individuals wanted to have the sole responsibility (18.5%) or have their physician (4.8%) have the sole responsibility in determining their privacy settings.
Over three-quarters (79%) indicated they would want a physician to override their privacy settings in a medical emergency in order to treat them.
Consumer Preferences Regarding Setting Limits on Who May Access Their Health Information
Only about a third of respondents indicated that it was important to limit access to their health information by family (39%) or physicians (32.9%) involved in their healthcare. However, most indicated that it was “somewhat” or “very” important to be able to limit access among physicians not involved in their care (69.1%), friends (68.7%), employers (67.6%), and payers (67.1%).
Permission would be granted by 90% of respondents to electronically share their health information with at least some healthcare providers. Over half (52%) reported they preferred limiting access specifically to chosen providers, whereas 38% indicated they would permit access to any provider.
Most respondents (71%) reported they would be “somewhat” or “very” likely to request a list of disclosures their physician made through an EHR about treatment, payment, and other healthcare purposes. Among those requesting disclosure, nearly all responders wanted to know what was disclosed (95%), who disclosed it (95%), to whom it was disclosed (97%), and why it was disclosed (97%).
About half (49%) of respondents reported that they would be willing to share all of their health information with their healthcare provider, less than a third (32%) would share some of it, and about 12% would refuse to share any information. Respondents who were very concerned about privacy of HIE or security of EHR or HIE were significantly more likely to prefer limiting data sharing to either physicians of their choosing or the treating physician, and not sharing data with any physician, in comparison to those who expressed fewer concerns (Figure 2).
Overall, we found that consumers remain concerned about privacy and security, and these concerns are greater among those aged 40 to 64 years, employed individuals, and minorities. Overall consumer concerns related to HIE focused on unauthorized access, and the potential misuse of their information for fraud and by other parties for denying credit or employment. Despite these concerns, most consumers recognize the benefits of HIE and many believe that the benefits outweigh privacy and security concerns. Although most consumers would permit HIE among at least some of their healthcare providers, about half wanted to choose which providers could access and share their data, and a majority wanted to limit access among those not directly involved with their treatment.
The reasons underlying consumer concerns suggest the need to improve individuals’ engagement in decisions about who determines access to their health information and the need to continue to improve consumer trust in the technology and the healthcare system. Education about data security, consumer rights, and recourse in cases of unauthorized disclosures and misuse of data may help address the reasons underlying consumer concerns and build trust in the use of electronic information.
Providing consumers with greater access to and control over their electronic health information may also help increase consumer confidence in electronic HIE. The ability to readily obtain a list of disclosures may help build a better sense of trust between individuals and the healthcare system by making it easier for them to monitor data accuracy and to better understand who has accessed their information and why.
Limitations and Future Research
Care should be taken in generalizing these results. Although the study is cross-sectional, the total number of respondentsis only 1847 and many important demographic subgroups are not heavily represented. Although we did notoversample racial and ethnic subgroups or conduct the interview in Spanish, participation by minority and racial and ethnic subgroups was higher than in the overall US population. The findings indicate that the concerns held by the general population may be more strongly held among these groups consistent with Patel et al.13 Given the modest scale of the study, the results should be interpreted as exploratory for future research.
Policy Implications of Findings
These findings suggest that as policymakers establish privacy and security policies for HIE, consideration should be given to variations in concerns expressed by specific demographic groups. Moreover, policymakers should recognize that they have a shared responsibility to assure public trust in HIE. Ultimately, reaching the intended goals of HIE will require greater effort to educate consumers about HIE and make HIE data practices more transparent.
Author Affiliations: From Center for the Advancement of Health IT (LD), RTI International, Chicago, IL; Statistics and Epidemiology (SAS), RTI International, Research Triangle Park, NC; Office of the National Coordinator (VP, SP), Washington, DC.
Funding Source: ONC Contract No. HHSP 233-20084100EC.
Author Disclosures: The authors (LD, VP, SAS, SP) report no relationship or financial interest with any entity that would pose a conflict of interest with the subject matter of this article.
Authorship Information: Concept and design (LD, SP); acquisition of data (LD); analysis and interpretation of data (LD, VP, SAS, SP); drafting of the manuscript (LD, VP, SAS, SP); critical revision of the manuscript for important intellectual content (LD, VP, SAS, SP); statistical analysis (SAS); provision of study materials or patients (LD); obtaining funding (LD); administrative, technical, or logistic support (LD, SP); and supervision (LD, SP).
Address correspondence to: Linda Dimitropoulos, PhD, Director, Center for the Advancement of Health IT, RTI International, 230 W Monroe St, Suite 2100, Chicago, IL 60606. E-mail: firstname.lastname@example.org.
1. President’s Council of Advisors on Science and Technology. Report to the President realizing the full potential of health information technology to improve health care for Americans: the path forward. http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast-health-itreport.pdf. Published December 2010. Accessed December 10, 2010.
2. Office of the National Coordinator for Health Information Technology. Health Information Security and Privacy Collaboration (HISPC). http://healthit.hhs.gov/porta/server.pt?open=512&objID=1240&parentname=CommunityPage&parentid=8&mode=2&in_hi_userid=10882&cached=true. Published January 2010. Updated April 9, 2010. Accessed August 17, 2011.
3. O’Donnell HC, Patel V, Kern LM, et al. Healthcare consumers’ attitudes towards physician and personal use of health information exchange. J Gen Intern Med. 2011;26(9):1019-1026.
4. Patel VN, Dhopeshwarkar RV, Edwards A, Barrón Y, Sparenborg J, Kaushal R. Consumer support for health information exchange and personal health records: a regional health information organization survey. [published online ahead of print July 29, 2010] J Med Syst.
5. Wen KY, Kreps G, Zhu F, Miller S. Consumers’ perceptions about and use of the Internet for personal health records and health information exchange: analysis of the 2007 Health Information National Trends Survey. J Med Internet Res. 2010;12(4):e73.
6. California HealthCare Foundation. Consumers and Health Information Technology: A National Survey. April 2010. http://www.chcf.org/~/medi/MEDIA%20LIBRARY%20Files/PDF/C/PDF%20ConsumersHealthInfoTechnologyNationalSurvey.pdf. Accessed April 13, 2010.
7. NPR/Kaiser Family Foundation/Harvard School of Public Health. The Public and the Health Care Delivery System. http://www.kff.org/kaiserpolls/upload/7888.pdf (top line report) and http://www.kff.org/kaiserpolls/upload/7887.pdf (summary and charts). Published April 2009. Accessed August 9, 2011.
8. Simon SR, Evans JS, Benjamin A, Delano D, Bates DW. Patients’ attitudes toward electronic health information exchange: qualitative study. J Med Internet Res. 2009;11(3):e30.
9. Kaiser Permanente. Health care information technology summit survey results revealed. http://xnet.kp.org/newscenter/ehr/2007/050207healthcareitsummit.html. Published May 2007. Accessed August 9, 2011.
10. Brick M, Dipko S, Presser S, Tucker C, Yuan Y. Nonresponse bias in a dual frame sample of cell and landline numbers. Public Opin Q. 2006;70(5):780-793.
11. AAPOR Cell Phone Task Force. New Considerations for Survey Researchers When Planning and Conducting RDD Telephone Surveys in the U.S. With Respondents Reached via Cell Phone Numbers. http://aapor.org/AM/Template.cfm?Section=Cell_Phone_Task_Force&Template=/CM/ContentDisplay.cfm&ContentID=2818. Published 2010. Accessed May 22, 2008.
12. U.S. Census Bureau. Population estimates; national characteristics, national sex and age. http://www.census.gov/popest/national/asrh/NCEST2009-sa.html. Accessed August 14, 2011.
13. Patel VN, Dhopeshwarkar RV, Edwards A, et al. Low-income, ethnically diverse consumers’ perspective on health information exchange and personal health records. Inform Health Soc Care. 2011;36(4):233-252.