Consumers Are Ready to Accept the Transition to Online and Electronic Records If They Can Be Assured of the Security Measures

Abstract

Background

Healthcare has entered the electronic domain. This domain has improved data collection and storage abilities while allowing almost instantaneous access and results to data queries. Furthermore, it allows direct communication between healthcare providers and health consumers. The development of privacy, confidentiality, and security principles are necessary to protect consumers' interests against inappropriate access. Studies have shown that the health consumer is the important stakeholder in this process. With the international push toward electronic health records (EHRs), this article presents the importance of secure EHR systems from the public's perspective.

Objective

To examine the public's perception of the security of electronic systems and report on how their perceptions can shape the building of stronger systems.

Methods

A cross-sectional survey (September-November 2005) of people attending healthcare providers (n = 400) was conducted in the 4 major cities in New Zealand. Participants were surveyed on computer use, knowledge of EHR-proposed benefits and issues, security issues, and demographics.

Results

A total of 300 surveys were completed and returned (a 75% response rate), with 180 (60%) being women. One hundred eighty-eight (62.6%) had not heard of EHRs, with those who had heard of them indicating that they were a positive innovation in the health sector. However, 202 (73.3%) participants were highly concerned about the security and privacy of their health records. This feeling was further accentuated when participants were asked about security of electronic systems. Participants were worried about hackers (79.4%), vendor access (72.7%), and malicious software (68%). Participants were also introduced to various security systems, and in each case, over 80% of participants believed that these would make EHR systems more secure. A number of chi-square tests were carried out with each variable, and it was found that there were strong relationships between age, location, computer use, EHR knowledge, and the concern for privacy and the security of medical records (P < .05). The survey also showed that there was a very small difference (9.8%) between health consumers who believed that paper records are more secure than EHRs and those who believed otherwise.

Conclusions

The findings showed that for the EHR to be fully integrating in the health sector, there are 2 main issues that need to be addressed:

• The security of the EHR system has to be of the highest level, and needs to be constantly monitored and updated.

• The involvement of the health consumer in the ownership and maintenance of their health record needs to be more proactive. The EHR aims to collect information to allow for “cradle to the grave” treatment; thus, the health consumer has to be seen as a major player in ensuring that this can happen correctly.

The results from this study indicated that the consumer is ready to accept the transition, as long as one can be assured of the security of the system.

Introduction

In the health industry, the patient-doctor relationship is bound by trust – trust that has stemmed from a clause in the Hippocratic Oath: “All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal.[1]”

However, there is a shift in regard to one as a consumer rather than a patient. This change has seen a gradual transfer of responsibility from the doctor alone to both the doctor and the consumer, with the consumer now playing a greater role than in the past. This transition, coupled with the merging of information technology in to the health field, has aided in the shifting of attitudes from healthcare provider to consumer.[2]

The result of this merge has been the electronic health record (EHR). Pyper and colleagues[3] regard EHRs as a longitudinal record of the consumer's healthcare that has and is being provided to them. The aim is to establish a record that contains all consumer health information from “the cradle to the grave.” However, as with Internet banking, consumers are very tentative about the process. The risks concerning security, privacy, and confidentiality are at the forefront of any concerns harbored by the consumer.[4]

With the move to increase the impact of technology in healthcare, the use of EHRs has become inevitable. Gillies and Holt[5] showed that it is only a matter of time before the paper-based record is converted into an electronic medium. Table 1 shows the functional comparison between the 2 types of record-storing methods. It can be seen that the case for EHRs is made stronger due to the inherent weaknesses of the paper-based system. However, even though healthcare professionals have seen its strength and the advantages are clear, EHRs face their stiffest barrier when it comes to acceptance by the health consumer.

Table 1.

Functional Comparison Between the Paper-Based Record and the Electronic Version[5]

Function	Paper-Based Record	Electronic Record
Availability	One location	Multiple locations
Cost	Approximately $500 per lifetime	Tiny individual cost
Security	Low	High
Consumer control	Little to none	Can be high
Data	Difficult to extract	Should be easy to extract
Durability	Low	High
Duplication of records	Yes	No
Duplication of tests	Yes	Rare
Audit trail	No	Yes
Practitioner “freedom”	Good	Restricted
Patient interaction	None	Full

The cornerstone of a good patient record system, without regard to the storage medium used, is reliability and security. Medical records contain a large amount of sensitive personal information. This information is, more often than not, continuous, extending from the cradle to the grave. It is broad, covering an extraordinary variety of detail, and with information technology it is more accessible than ever before. These records contain information that has nonmedical use, and access to that information could be of interest to many parties. For this reason, patients tend to expect that their communications and records with the clinicians and other healthcare providers will remain confidential. Annas[6] found that patients are not likely to disclose any intimate details freely unless they are certain that no one else, not directly involved in their care, will learn of them. This is the major fear that the health consumer today has with EHRs, as they may potentially be an impediment.

Earlier it was stated that the advantages of an EHR over the paper-based record should alone be a reason to move to the electronically based record. However, it is in one of the functional weaknesses of the paper-based record that the patient finds reassurance. The paper-based medium is cumbersome, yet it is in this that patients draw some sense of security. Its cumbersome nature minimizes the risk for breaches of confidentiality. Although a breach can occur, the magnitude of the breach is limited by the sheer difficulty of unobtrusively reviewing large numbers of records.[7] In the case of an electronic medium, breaches can occur in a less invasive manner, making them hard to detect and thus maybe more problematic.

Privacy is the main concern that health consumers are worried about with any records system. In 1995 the Louis Harris Poll found that 100% of Americans who were surveyed saw the benefits of having their health records computerized. However, 74% expressed concern about the negative effects of a computer-based system. Their concerns were based on the following points[8]:

• Lack of understanding the dynamics of information gathering;

• Fear of having a lack of control over the use of their personal information;

• Not understanding the privacy protection laws and regulations that do and do not exist; and

• Fear of errors, carelessness, and poor judgment by those who may handle their personal information.

These concerns stemmed from their previous experiences with computerized systems. Ten years down the line, in 2005, the Harris Interactive survey found that 48% of American adults claimed that the benefits to patients and their well-being outweighed any risks to privacy.[9] Nevertheless, almost 70% of these individuals were worried that sensitive health information may leak due to weak data security. The concerns now included[9]:

• Sharing of medical information without the consumer's knowledge;

• An increase in medical errors rather than a decrease with the use of computers;

• Reduction of any existing privacy rules; and

• Consumers not revealing all necessary information to their healthcare provider due to the fear of having their details being made available electronically.

The belief that EHRs are a good way to store records was shared by consumers who were surveyed by the National Health Service. Like their American counterparts, however, the British public also believed that security and privacy of their information were their major concern.[10] A report by the California Healthcare Foundation published in November 2005 indicated that 67% of participants surveyed were concerned about the privacy and security of their health information. This same survey indicated that 13% of consumers admitted that they practiced medical hiding behavior, a practice that is detrimental to the final healthcare plan of the patient.

The Health Consumer

Traditionally the healthcare consumer has been the “least consumer-like” and the least informed.[11] Protection from social stigma as well as the belief that patients would get sicker once they knew their medical condition were the reasons used by many traditional physicians to discourage the use of EHRs. With expanding populations and the increase in occurrences of epidemics, medicine has become more scientific, and thus medical knowledge has started to become available to the layperson.[11] In the last 20 years, the emphasis has changed from cure of health conditions to prevention, with an emphasis on health and wellness.[12] According to Amatayakul,[11] “Patients have become interested in making choices for themselves about their physicians, treatments and lifestyles”; this can be clearly observed in the change of terminology from medical care to healthcare. The term medical care focuses primarily on processes administered by a physician, whereas healthcare encompasses a broader range of services and procedures.[13]

The emergence of communication technologies and the incentives in the health sector to include consumers in their operations are some of the factors in increasing the importance of the consumer in the healthcare setting.[13] Another element that has influenced the move toward a consumer-based approach has been the change in the way patients pay for their health services. From the earliest times, when health services were bartered like a normal commodity through the respective healers, patients became even less like consumers, as the payment for their health services was done by third parties in the form of medical aid companies.[11] When the third parties became a key player in the health sector, patients lost consumer identity totally, as they did not directly purchase healthcare services. However, with the shift toward managed healthcare and health plans, patients had to pay more to get additional choices.[11] Thus, they ceased being just patients, and have shifted toward the role of consumer, as they demanded more information about their healthcare providers, diseases, and treatments.

The biggest factor in cementing the role of the patient as a consumer is through the growth and the innovative capabilities of technology. The increasing availability of interactive information has enabled many services to be available online. Health information is now only a click away, with many Internet users visiting Web sites that contain health information and treatment options. The growth of discussion boards and bulletin boards has allowed individuals to share their experiences of specific diseases and treatments. This has introduced another dimension to the healthcare industry in which consumers are more knowledgeable and understanding of the terminology and procedures that are used in the health sector.

According to Eysenbach,[14] initially the technology had been looking at development and growth through the eyes of the medical professional, with the drive toward consumerism. This has changed and has seen the birth of consumer health informatics. Consumer health informatics is defined by Eysenbach[14] as “the branch of medical informatics that analyses consumers' needs for information; studies and implements methods of making information accessible to consumers; and models and integrates consumers' preferences into medical information systems.” This definition agrees with Amatayakul's[11] statement that the “principle of consumer health informatics is that of empowering individuals to play a greater role in their own healthcare and to be active participants in the decisions that affect their healthcare” Figure 1 shows how consumer health informatics has shifted from individuals just having a choice to being empowered. Essentially, all health information can now be used to benefit the consumer of healthcare.

Figure 1.

The shift from an individual having a choice to being empowered. Adapted from Amatayakul.[11]

Empowerment will only occur if consumers themselves are allowed to interact with the healthcare system. This interaction would be one in which consumers do not receive just limited feedback, but one that promotes multiway feedback. This idea has been adopted by the European Union, who realized that the greatest interaction would occur if patients had access to their records.[14] In October 1998 the European Union required that each of their member countries pass legislation to ensure that consumers in those countries had access to all their health records.[14] With governments recognizing the need for patients to become key stakeholders of their own health, now is the perfect time for the push toward the implementation of the EHR. The implementation of EHRs is thus not a case of “if it will happen”; rather it is a question of “how long until it is completed?” President George Bush announced that he wanted most Americans to have an EHR by 2014, and he has allocated a budget of $100 million to ensure that this does happen.[15] The United Kingdom has set aside £2.3 billion to ensure that 50 million patient records are digitized by 2010.[16]

National Health Index

An initiative that has been used in New Zealand to store nonidentifiable health information is the National Health Index (NHI) number. One of the problems with implementing the EHR has been the question of how to store patient information that will be linked to a nonidentifiable system. The NHI system is one such mechanism that could be employed to achieve this. It is made up of 3 letters and 4 numbers that are uniquely associated with a certain individual. Initially the NHI number was used exclusively in the hospital to record admissions and to ensure that the hospital was aware of any medical warnings. This has changed, as the NHI number is used by all healthcare instances involving an individual. Each instance is referenced and recorded by the patient's NHI number, thus allowing for the connection of separate records and allowing a patient health summary to be built up.[17] Currently, the NHI number stores information, such as name and address, date of birth, sex, and ethnicity. The New Zealand Health Information Service (NZHIS) is quick to point out that the NHI number is not a health record; rather it is used to correctly make a match with one's health record.[18] The NZHIS also claims that 95% of health consumers have an NHI number that is given to them automatically at birth.[18] However, the number of people who actually do know their NHI number may actually differ.

The NHI number concept has not been received well by the Privacy Commissioner. In a report published in 1998, the author found that the way in which the NHI system was being implemented would not be providing any benefits to the health consumer.[17] The key finding in the report was that inconsistent information was being given out by North Health in their promotion of the NHI number. The Privacy Commission found that the information was misleading. Accordingly, the report gave a number of arguments against the NHI scheme. Essentially the claim put forward by both the NZHIS and North Health was counterclaimed by the Commission, who argued that all the benefits proposed were for activities that were not being carried out by caregivers initially and, thus, did not add value to the healthcare of a patient. The statement, “The main effect of interconnection through a common unique identifier will presumably be to facilitate the collection of information which the patient has not authorised,[17]” indicated that it was believed that the NHI number, in its current use, was used in a manner that is oblivious to the health consumer. Coney[19] also declared that for the NHI scheme to be effective, it was important for the public at large to be fully informed about the system thus becoming part of the actual system, which is essentially the stepping stone to building the EHR.

Methods

Survey Design

As part of a nationwide survey on the perceptions of the security of EHRs, 300 participants took part in this study. The sample population was health consumers visiting small- to medium-sized healthcare practices; hence the consumers targeted would be in the process of either receiving healthcare or accompanying someone who was undergoing treatment. These people would be more concerned and aware of their health information than the public generally.

Participants were obtained through a 2-step process. The first step involved locating practices and obtaining consent to allow their practice to be used as a survey point. This was achieved by going through the phone book and identifying a number of practices in the major city centers (Auckland, Christchurch, Dunedin, and Wellington). A letter was sent to each chosen practice outlining the study and asking them to participate. The letters were standardized. Each had a reply form printed on blue paper to enable easier communication with the practice manager or doctor. A total of 70 letters were sent out. The letter outlined that the time required by the practice would be minimal, as participants would fill out the survey as they waited to be seen by the doctor. The practices sent in their replies in a prepaid envelope. Step 2 involved those practices that replied in the affirmative. This step involved preparing the survey packs. Each pack was made up of an information sheet, consent form, and a 2-page questionnaire. Each practice received a minimum of 30 survey packs. The packs were sent out with a postage-paid return envelope and a request to the practice managers or doctors to return the surveys as soon as all the surveys had been completed.

The survey was designed iteratively over a period of 3 months. During that time, the survey was narrowed down to target the specific area that was being studied, with the rules outlined by Leedy and Ormrod.[20] Questions used in previous studies[3,9,10] were modified and used in this study. Questions from the previous studies were used, as they had a few questions that targeted the number of specific areas that were relevant to this study. The primary focus of these other studies was not just security, and a number of these questions were adapted and used in this questionnaire to strengthen the results from the survey. Furthermore, other questions were developed with the help of the statistics department and others involved in the health informatics field. Feedback was obtained from both the NZHIS and the Royal New Zealand College of General Practitioners (RNZCGP), and their recommendations and suggestions were included in the survey. When changes were complete, the survey underwent a pilot test. The pilot test was conducted to ensure that the responses obtained from the survey would be sufficient to answer the research question(s). The pilot also tested the language used in the survey, to ensure that there was no ambiguous terminology. The pilot study was conducted over 2 days. Twenty students from a university hall of residence participated. Participants came from a wide range of backgrounds, ages, and across both sexes. The pilot study identified a number of questions that needed to be changed to allow for better understanding, as well as several format changes. The responses to the pilot study were also an indication of the type of answers that the main survey would get. Changes were then made, and the revised survey was tested on a small group of participants. This survey was found to be easy to understand, and it was subsequently employed to obtain the data required for this study. When the survey had been finalized, ethics approval was sought and obtained from the University of Otago Human Ethics Committee, Dunedin, New Zealand.

Statistical Analysis

The survey included demographic questions that enabled us to determine whether there were any relationships that would be clearly attributed to demographic qualities, including, age, sex, and location. Ethnicity was not added because of the time constraint. Location was seen as important, as the study took place in the 2 major cities of the North and South Islands, respectively. This would indicate whether there was any major difference between the 2 islands.

Data were initially analyzed with standardized descriptive statistics. Further analysis to identify any statistically significant results was undertaken with chi-square analysis or Fisher's exact test (as appropriate). The dependent variables in each case were the participants' concern for the privacy and security of their medical information and the participants' answers to whether they believed that EHRs were more secure than paper-based records. All analyses were computed in SPSS version 13.0, and 2-tailed significance was considered at the P < .05 level.

Results

The demographic findings showed that the majority of people who took part in this survey were between the ages of 20 and 39. The results indicated that those attending healthcare providers were in their early 20s or reaching middle age. The participant group was also made up of more women than men. This agreed with the findings of the Australian Institute of Health Welfare and Cancer study.[21] They found that women tended to visit a healthcare provider more than men.[21] In this study, 200 women made up the overall figure of 300. This is 66% of the population sample.

The survey was sent to the 4 main city centers in New Zealand. The highest proportion of the population sample came from Dunedin. The percentage breakdown from each location is also shown in Table 2. In addition to the city breakdown, Table 3 gives a summary of the numbers according to their placement on either the North or South Island. Table 3 shows that the survey sample obtained an even distribution across the North and South islands.

Table 2.

Breakdown of Survey Numbers by Location

City (in New Zealand)	Number of Participants	Percentage (%)
Auckland	66	21.9
Christchurch	52	17.7
Wellington	81	26.9
Dunedin	101	33.5
Total	300	100

Table 3.

Breakdown of Survey Numbers for North Island and South Island

	Number of Participants	Percentage (%)
North Island	147	49
South Island	153	51
Total	300	100

It was found that a high percentage of the sample were regular computer users (82%), used email (80%), and used the Internet (70%); however, the results of the survey indicated that a large proportion (44%) of the sample population did not undertake online purchasing. Those who did purchase items over the Internet were also mainly in the seldom-use category (5%), which may suggest that these participants only used a computer when they wanted to buy something online.

Participants were asked about their concerns in regard to the confidentiality and privacy of their health records (Table 4). The findings indicated that generally participants were concerned about their health information.

Table 4.

Participants' Concerns About the Confidentiality and Privacy of Their Health Records

	Number of Participants	Percentage (%)
Yes	220	73.3
No	66	22.0
Not sure	14	4.7
Total	300	100.0

Participants were asked their opinion in regard to the privacy and confidentiality of their medical records as well as their knowledge about the NHI number. Although 95% of the population had an NHI number, this study found that only 31.7% of the sample indicated that they knew about the NHI number. This may be a general indication that a majority of the New Zealand health-seeking population are unaware of the NHI number and the information that it stores.

Participants were given a list of potential problems that may be encountered by EHRs. The results showed that most participants perceived that the EHR would lead to their medical information being shared easily. They believed that EHRs would lead to sensitive medical information leaking out (40.3%) as well as allowing the sharing of their medical information without their knowledge (42%). The participants did not believe too strongly in the statement “electronic health records could increase medical errors,” with only a small difference between those who agreed with it (41%) and those who did not (38%). This could indicate that the perception in regard to medical errors is not the major concern that the health consumer has with EHRs. The next 2 statements highlighted this fact. Participants believed that access was an issue with EHRs. These results do concur with that perception. Overall 53% of the people surveyed believed that EHRs would have an inherent weakness in its security system, whereas 29% thought that the EHRs would have a strong security system built in.

Having been given a list of potential problems, participants were then given a list of problems that affect other electronic systems. Participants were asked to rank how strongly they agreed that each of these problems would be transferred to the EHR domain. The 2 main problems included vendor access to the system and the actions of hackers and crackers who might harm the system deliberately. When grouped into the categories of agree, neutral, and disagree, Figure 2 demonstrates the perception that all of the problems given will affect EHRs as well.

Figure 2.

Graph illustrating participants' perceptions of problems that affect other electronic systems, and how they will affect electronic health records.

Figure 2 indicates that 72.7% of participants believed that vendor access would be a real problem with EHRs, whereas 79.4% were worried about hackers. This fits in with the strong concern with regard to access that was found by the earlier question. Malicious software (68%) was also a concern by the participants. On the other hand, only 56% and 53.6% believed that long-term accessibility and failure to back up would be a problem, indicating that the primary concern is with unregulated access to the system.

When informed about the various security mechanisms that might be implemented with EHRs, the results pointed out that if implemented then participants believed that EHRs would be more secure.

Table 5 shows that there is a strong sentiment that with the addition of antivirus software, firewalls, restricted system access, audit trails, and encryption, EHRs would be more secure. In each case, over 80% of the respondents agreed that the security mechanism would make the EHR more secure.

Table 5.

Participants' Perceptions on Whether Security Would Increase If There Are Various Security Mechanisms in Place

	Strongly Agree	Agree	Neutral	Disagree	Strongly Disagree
Anti-virus software	46.7	33.0	11.7	5.7	3.0
Firewalls	55.0	30.3	8.0	4.3	2.3
Restricted system access	58.7	29.3	6.0	3.0	3.0
Audit trails	57.3	29.0	8.0	2.7	3.0
Encryption	54.7	29.7	10.0	3.3	2.3

The final quantitative question asked whether participants believed that EHRs were more secure than paper-based records. It was hypothesized that participants would believe that paper records are still more secure. Initially it was also thought that there would be a large difference between the 2 answers in favor of paper records; however, the results from this study indicated otherwise. The difference between those who believed that EHRs were more secure than paper records and those who believed that paper records were more secure is only 9.8%. Over half (54.9% [163]) of the participants answered that they believed that paper records were a more secure system. The most common reason given was that “I don't trust computers as they tend to crash,” which was followed up by a more security-relevant comment: “I am scared of hackers.” Hackers were mentioned 100 times in the comments section; this makes up 61% of the total number of people who believed that paper records are safer. This is a clear indication that participants believe that the security is still not strong enough to prevent hack attacks; 45.1% (134) of the people surveyed agreed that EHRs are a more secure method of storing health records. The most common comment pertained to the fact that “papers get lost, damaged, and misplaced,” which has been described as one of the reasons to move to an electronic system.

Chi square and Fisher's exact test were carried out on all the questions with the dependent variables being participants' concern for the privacy and security of their medical condition, and the participants' answer to whether EHRs are safer than paper records. The following research questions were found to be statistically significant; in each case P < .05:

• Younger age groups have less security concerns, as they have a greater understanding of computers (P = .02).

• Women are more concerned about the security of health information on EHRs, as they are greater users of healthcare (P = .006).

• There is an identifiable common trend across the country. The perceptions of consumers in regard to the security of EHRs between the North Island and the South Island did not show any significant differences (P = .023).

• Those who buy items over the Internet are less apprehensive about security concerns (P = .01).

• Many people in New Zealand have not heard about EHRs, and this influences their feelings about them (P = .004).

• The benefits are all consumer-focused; thus consumers agreed that EHRs will provide most of the benefits that have been proposed (P = .04).

• Consumers, when given a list of the negative aspects of the EHR, will agree that the EHR may raise a number of concerns for them (P = .03).

• When consumers are made aware of the security measures that may be in place, they believe that their record is more secure (P = .001).

Discussion

The issues of privacy and security have been a major concern of consumers worldwide. These issues have limited the progress of EHRs and their uptake by consumers. As described earlier, previous studies[3,9,10,16] have shown that the health consumer believes that EHRs pose a problem when it comes to keeping their health information private and confidential. Ryan and Boustead[22] and Hunter[23] showed, in their smaller studies, that the New Zealand health consumers have voiced similar concerns. The results from this study indicate similar opinions from a larger sample group. As well as being concerned about the privacy and security of their medical records, the participants' greatest fear was that their information might be accessed by unauthorized people. Westin[9] reported that in July 2004 it was found that 66% of the American public showed concern about the privacy and security of their health information on electronic systems. A report by the California Healthcare Foundation, which was published in November 2005, indicated that 67% of participants surveyed were concerned about the privacy and security of their health information.[24] This study also confirmed this, with 73% of the participants showing concern about the privacy and security of their health information. These findings illustrate that there is an identifiable concern within the health consumer population. The findings from this study showed a greater percentage of people who were concerned about the privacy and security of their health information compared with the findings of the American studies. This may be because of the smaller sample size of this study. However, the numbers showed that the concerns surrounding security and privacy have to be addressed to ensure that the health consumer is comfortable with the transition toward EHRs.

The biggest concern raised was about hackers. Overall, 79% of the participants of this study believed that hackers would pose a big problem for EHRs, whereas 61% of the participants who preferred the paper medium chose that medium because of their concern about hackers. Cyber Dialogue reported in the year 2000 that 59% of American health consumers were concerned about hackers,[25] whereas in 2005 an increased percentage of 62% was reported.[9] This fear of hackers and of unauthorized access may be due to the media hype that surrounds such intrusions when they do occur. Health consumers only need to tune in to their local news channels or read the newspaper to learn of privacy breaches and cases of hackers stealing health information. When individuals learn of such incidences, they are further alarmed, as they are already fearful that their information is not adequately protected. Also, such situations strengthen the convictions of those who believe that it is not possible to provide sufficient assurances of privacy and security of electronic health information.[26] This study did not address the impact of the media on the perceptions of electronic security, but an early hypothesis for a further study may indicate that there is a strong relationship between the two. The fear that individuals have about the possibility of their information being accessed by unauthorized people, such as hackers, employers, and insurance companies, will be heightened when they hear of any incidents when the security of an electronic system has been compromised.[27] Despite the large percentage of people fearing hackers, the general finding in studies is that hackers are in fact only responsible for less than 20% of improper releases of medical information. The higher number of inappropriate access occurs due to “insiders” or inadequate personnel or operational policies. In this regard, it is important that the consumers are educated as to where the potential threats do come from and how they can be alleviated and monitored.

This study also showed that there is only a small difference between participants who believe that paper-based records are more secure than EHRs and those who do not believe so. From the comments given, it can be inferred that if EHRs have the security mechanisms that were mentioned in the survey, the health consumer would perceive them as being safer. This was a surprising result. Although it was hypothesized that the paper record would be perceived as being more secure, it was believed that the difference between those who did perceive this and those who did not would be larger. The small difference and the comments indicate that the participants in this study perceived that the security mechanisms are strong enough to solve the security problem. This may indicate that if health consumers know about the security mechanisms and have some understanding of how they work, their perceptions of security will be increased.

Participants answered that they believed that all the advantages of an EHR would be beneficial to the health system. This was backed up by a number of comments saying that “the advantages far outweigh the disadvantages of an electronic health record.” This indicates that the health consumer does understand that the EHR will provide a number of benefits that are not found with the paper record. Also, if assured about security mechanisms, participants tended to comment: “If I can be assured that the security mechanisms are implemented correctly, then I will say EHRs are safe, but until then I cannot and will not say that.” This was found by Donohue,[27] who reported that 60% of health consumers would be willing to go down the electronic route if their privacy and confidentiality can be ensured through stringent security measures.

The results have shown that EHRs do have an area that needs to be addressed before such records can be accepted by the health consumer. User acceptance of technology is important in any field, and more so in the health sector. The push toward consumer health informatics and the increased influence of information technology (IT) in the health sector are 2 reasons why the user acceptance is very important for the EHR system to be successful. This fits in with the model suggested by Venkatesh and colleagues.[28] Health consumers' reactions to EHRs will improve once the consumers have actually used the electronic system. In order to be persuaded to use the technology, the health consumer needs to be assured that the technology is secure in every manner, from its physical operation to the way that it handles information. Figure 3 illustrates this model adapted to fit the EHR scenario.

Figure 3.

User acceptance model of electronic health records. Adapted from Venkatesh and colleagues'[28] basic concept underlying user acceptance model.

Venkatesh and colleagues[28] have also reported on the Unified Theory of Acceptance and Use of Technology (UTAUT) model. The study looked at a number of variables and factors that may affect an individual's intentions of using technology. Social anxiety was one of the variables measured and was found to be not significant in the uptake of technology.

However, this model was not tested in the health sector, and as indicated by the results, social anxiety, in the form of concerns about security and privacy, is an influencing factor in the uptake of technology by the health consumer. Thus, a model that is independent of other sectors needs to be investigated specifically for the health sector (Figure 3). The model indicates that each consumer has an inherent reaction when introduced to the idea of using an EHR. This reaction will then stimulate them to either plan how they intend to use the EHR, or in some cases the initial reaction will lead to an immediate actual use of the EHR. The actual use of the EHR will then affect the initial reaction of new users of an EHR system. This will then help in identifying the areas that need to be addressed from initial reaction, actual reaction, to intention for use vs actual use of an EHR. All will have an impact on the final perception of the consumer.

Once an understanding can be reached as to why the health consumer is averse to the use of EHRs, proper measures can be implemented to alleviate the fears and increase the health consumer's acceptance of EHRs. These fears may result from cultural differences, including ethnic backgrounds, lack of understanding technology, or simply from a feeling that health information is too confidential to be shared with a wider community.

This study has highlighted the fact that security, privacy, and confidentiality are the major concerns connected to health information. These concerns are further heightened when a traditional paper-based record is transferred to the electronic medium. They become the major barrier to the health consumer's acceptance of the move to the EHR system. If the system is not accepted by the health consumer, it will not serve the purpose for which it has been established.

Limitations of the Study

This study achieved the goals that it aimed to cover. However, there were a number of limitations in this study, and future work in this area may look to improve on these areas. Time was a crucial factor. This study was limited to 1 year and thus had to be scaled down to ensure that valid and meaningful results could be obtained. The study did achieve that. However, with a longer time frame, this study could be conducted with a larger population sample, which could be divided into rural areas and urban areas. This might be a better indication of how location could be a factor. Also, the study did not divulge into various ethnic groups, as cultural values may influence perceptions. By adding an ethnic dimension to this study, it may show the different perceptions of security that are a result of different cultures. Different cultures perceive healthcare in different ways, and health information takes on a different meaning in different cultures.

The actual research design may have an inherent potential for bias, as some of the questions themselves may have resulted in the respondents believing something that they may not have known, but believed they had known. This may have played some role in the overall answering of the questions; however, this may not have resulted in heavy bias, as the results indicated there was generally an even spread of answers to most questions.

A factor that may have led to bias in this study was the actual respondents themselves. It was intended for the study to be filled in by consumers who were attending a healthcare provider. This may have introduced bias if the participant was not feeling well; thus, it may have affected how the questions were answered.