Abstract
New models of healthcare delivery such as accountable care organizations and patient-centered medical homes seek to improve quality, access, and cost. They rely on a robust, secure technology infrastructure provided by health information exchanges (HIEs) and distributed research networks and the willingness of patients to share their data. There are few large, in-depth studies of US consumers’ views on privacy, security, and consent in electronic data sharing for healthcare and research together.
Objective This paper addresses this gap, reporting on a survey which asks about California consumers’ views of data sharing for healthcare and research together.
Materials and Methods The survey conducted was a representative, random-digit dial telephone survey of 800 Californians, performed in Spanish and English.
Results There is a great deal of concern that HIEs will worsen privacy (40.3%) and security (42.5%). Consumers are in favor of electronic data sharing but elements of transparency are important: individual control, who has access, and the purpose for use of data. Respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare (76.2% vs 57.3%, p < .001).
Discussion While consumers show willingness to share health information electronically, they value individual control and privacy. Responsiveness to these needs, rather than mere reliance on Health Insurance Portability and Accountability Act (HIPAA), may improve support of data networks.
Conclusion Responsiveness to the public’s concerns regarding their health information is a pre-requisite for patient-centeredness. This is one of the first in-depth studies of attitudes about electronic data sharing that compares attitudes of the same individual towards healthcare and research.
Keywords: privacy, patient-centered, distributed research network, health information exchange, consent
BACKGROUND AND SIGNIFICANCE
New models of healthcare delivery such as learning healthcare systems, accountable care organizations, and patient-centered medical homes rely on robust, secure networks to share health data electronically in order to focus on the individual needs and preferences of patients, improve the quality of care, and reduce unnecessary expenditures.1 The resulting electronic healthcare data are also valuable for research.2 The federal government has invested substantially in health information technology through Title XIII of the American Recovery & Reinvestment Act of 2009, also called Health Information Technology for Economic and Clinical Health (HITECH),3 which provided funding for health information exchanges (HIEs) and distributed research networks through AHRQ. In addition, Health Information Technology for Economic and Clinical Health (HITECH) Act of the American Recovery and Reinvestment Act of 2009, funded the Patient-Centered Outcomes Research Institute, which promoted the development of clinical distributed research networks (CDRNs) and patient-powered research networks for comparative effectiveness and patient-centered outcomes research.4,5
Two types of health data networks have emerged to provide such an infrastructure. First, distributed research networks (DRNs)6 allow researchers to access aggregated data and run analytics, while data do not leave the local organizations, which are therefore able to retain control of their own data.7,8 These distributed networks may help reduce security, legal, and privacy concerns, and encourage participation by data owners who retain control over access to their data.9 Examples include the Electronic Medical Records & Genomics Network (eMERGE), HMO Research Network (HMORN), the patient-centered SCAlable National Network for Effectiveness Research (pSCANNER) and 10 other CDRNs from PCORnet.8,10 [Each CDRN has an article in this issue of JAMIA, http://jamia.bmj.com/content/21/4.toc] Second, health information organizations (HIOs) oversee and govern the electronic movement of health-related information among unrelated organizations according to nationally recognized standards in an authorized and secure manner (http://www.nachc.com/client/Key%20HIT%20Terms%20Definitions%20Final_April_2008.pdf). HIOs facilitate HIE functions such as ePrescribing, lab result reporting, online access to health information for patients, exchange of summary of care documents between electronic health records (EHRs) systems, and transmission of data for syndromic surveillance and registries. There are 161 HIOs nationally.11
Under HITECH, states undertook efforts to clarify processes regarding HIE and propose policies governing the use of HIE. One of the areas of great debate has been the approach to consent for HIE. While HIPAA may allow this sharing between treating providers, there has been concern expressed by some privacy advocates that the public might not feel comfortable with electronic data sharing without permission/authorization.
California has a particularly active HIO landscape with 16 community HIOs organizing exchange among unaffiliated health organization (http://www.ucdmc.ucdavis.edu/iphi/Programs/cheq/hieactivity.html) and 14 enterprise HIOs focused on exchange primarily within an integrated delivery network.12 California’s state-level efforts have highlighted several areas critical to HIE. One such effort was the California Privacy and Security Advisory Board, a public–private collaborative organized by the California Health and Human Services Agency’s Office of Health Information Integrity (CalOHII) in 2007, to obtain input from healthcare organizations and stakeholders in order to recommend policies regarding health data privacy, including consent for HIE, and security. In addition, CalOHII supported three demonstration projects to test opt-in and opt-out HIE consent options to learn about the administrative processes involved, not specifically to assert regulatory or legal requirements on HIE.13
The success of networks is dependent on public support and willingness to share health data, which requires an understanding of the patients’ and consumers’ views and preferences, and the construction of policies that fulfill those expectations. Numerous studies have found that there is a low overall awareness among the general public about how medical records are used for research purposes.14–16 There is evidence that patients are willing to share electronic data found in EHRs and personal health records for research17–20 but concerns about privacy of personal medical record information have persisted.14,21–25 Several surveys have reported equivocal findings regarding patients’ concerns about whether EHRs worsen or improve privacy and security.26,27 These concerns may be a barrier to consumer acceptance of electronic health data sharing and research.28,29
There are a few surveys that specifically include questions regarding individuals’ views about electronic HIE. An analysis of data from the 2007 Health Information National Trends Survey (n =7674) found that over half of respondents rated HIE as very important.30 The Cornell National Social Survey (n = 1000) found that 48% of patients believed HIE would worsen privacy and security and 19% thought it would improve privacy.23
Few researchers have compared the views of the same individual on sharing of data for healthcare (a.k.a. HIE) and for research. There is little reason to assume that patient opinions are similar regarding these two purposes. A study on attitudes of patients living with HIV/AIDS found that trust was correlated to willingness to share personal health information with primary treating clinicians, but this willingness did not extend to non-clinical staff or other organizations such as community resource providers or public health.31 Distinguishing patient opinions regarding data sharing is important for designing effective technology-enabled, person-centered care models and supporting individually-approved research use of data. Without this critically important attention to individual needs for privacy, security and trust in healthcare institutions and providers, people may selectively fail to divulge relevant health information to their healthcare providers.32
This paper addresses this gap, reporting on a survey of California consumers’ views of privacy and security of health data networks. This study is among the first to investigate whether patients’ views on the likelihood of consent and permission requirements for data-sharing differ for healthcare and for research uses.
OBJECTIVES
The primary research questions addressed by the survey reported here were:
What is public opinion in California regarding privacy and security of electronic HIE?
What is public opinion in California regarding privacy and security of electronic health data sharing for research?
Are there differences in views about, and the likelihood of consenting to, electronic health data sharing for healthcare and for research purposes?
MATERIALS AND METHODS
The data were collected through a Computer Assisted Telephone Interviewing software application from January 22 to February 23, 2013. A random sample of 39 854 California area code phone numbers was acquired from Scientific Telephone Samples using the equal probability of selection method.33 The database consisted of 45% cell phones (wireless only or wireless mostly) and 55% landlines (landline or mixed mode) representing the distribution of phone use in the state.34 For calls to landlines, interviews were conducted with any adult whereas for calls to cell phones interviews were conducted with the adult owner of the cell phone number. During the first half of data collection, the sample was more heavily female and older. In order to better balance gender and age during the latter weeks of data collection, interviewers asked for youngest adult male first, youngest adult female second, and finally any adult. The interviews were conducted in either Spanish or English by bilingual interviewers. The survey was anonymous and no identifying information other than gender and zip code was collected. The study was approved by the Institutional Review Board at San Francisco State University (where K.K.K. was employed at the time the research was conducted) and deemed exempt from informed consent requirements.
The survey instrument was developed initially from themes identified in previously completed patient focus groups that included: altruism and personal benefit from data sharing, data security, justice and social responsibility of organizations conducting research, trust, and issues around consent and authorization.20 The requirements of informed consent for research put forth by the common rule (US Department of Health and Human Services. 45 CFR 46. Fed Regist 1991;56:28012), which governs the research informed consent process recognizes the need to present information about confidentiality/privacy, individual choice, individual benefits/risks, and potential benefits to others, so that candidates can determine whether or not to participate. These three concepts of privacy, choice, and societal benefit were posed as tradeoffs in order to explore the balance of values represented. In addition to newly constructed questions, other items related to privacy, security, HIE, EHR, and health research were selected from the literature.18,23
HIE involves technologies designed to support the capture and sharing of electronic information for healthcare purposes including EHRs. Four survey items addressing whether EHRs and HIE affected the privacy and security of medical information were posed. (Survey questions H3–H6). HIE was described as medical information shared electronically between the places where a patient receives medical care. Privacy and security were described as follows: Having a say in who can collect, use and share your medical information has to do with the privacy of your records. Having safeguards (including the use of technology) in place has to do with the security of your medical records.
The requirements of informed consent for research put forth by the common rule (US Department of Health and Human Services. 45 CFR 46. Fed Regist 1991;56:28012), which governs the research informed consent process recognizes the need to present information about confidentiality/privacy, individual choice, individual benefits/risks, and potential benefits to others, so that candidates can determine whether or not to participate. These three concepts of privacy, choice, and societal benefit were posed as tradeoffs in order to explore the balance of values represented. A number of questions regarding identified data for healthcare and de-identified data were also posed.
In order to explore the relationship between requiring permission and likelihood of consent for healthcare and research, we presented four items: 1) permission for healthcare (Survey question H8). The opt-out choice was considered not requiring permission while the two opt-in choices, opt-in and opt-in with break the glass, were collapsed into a permission required category; 2) consent for healthcare (Survey question H7) with four response categories were collapsed to likely and unlikely; 3) permission required for research: using the data in Table 3, the “Ask Permission First” responses were collapsed into a permission required category. “There is no need to get your permission” was coded as a permission not required category; and 4) consent for research (Survey question R3). Responses were collapsed to likely and unlikely.
Table 3:
Preferences in Consent Options for Research
| In terms of using information from your electronic health record that is sent electronically to medical researchers, which statement best reflects your opinion: | % |
|---|---|
| This information should not be used at all | 4.5 |
| Ask Permission First: | |
| They should get your permission before each research project | 44.8 |
| They should get your general permission, and periodically re-contact you to check that you still agree | 31.9 |
| They should get your general permission just once | 10.0 |
| There is no need to get your permission. Just use it. | 7.9 |
Finally, standard demographics and technology experience questions used in other national surveys were included.35,36 The survey was assessed for content validity by the authors. It was pre-tested for clarity through in person or phone interviews with six diverse individuals ranging in age (18–80), education (high school to masters degrees), race/ethnicity (Latino, Asian, White, and Black), and gender (male, female). The survey consisted of 28 items plus demographic, health status, and technology use items and was translated into Spanish by bi-lingual, experienced telephone interviewers (See Online Supplement for Survey Questions Online Supplement).
The analysis consisted of tabulation of response frequencies and descriptive statistics for all questions. Statistical significance of differences in views on data sharing for healthcare and for research was assessed using McNemar’s chi-square for discordant pairs with two-sided p < .05. Analyses were conducted using IBM SPSS v. 21. Survey response quality was assessed by calculating four AAPOR-recommended rates: response (number of complete interviews over eligible candidates), contact (proportion of cases in which a candidate was reached), cooperation (proportion of interviews of those contacted), and refusal (proportion of interviews that are refused/incomplete).37
RESULTS
The survey obtained information from 800 adult respondents who were California residents. The overall response rate was 14.0%, comprised of 14.4% landline, and 13.5% wireless, which is in line with those reported in national, random digit dialed surveys.36 The contact rate was 97.2%, cooperation rate was 14.4%, and refusal rate 83.2%. Fifty-six surveys were conducted in Spanish. The interview took an average of 15.39 min. The survey showed good reliability (28 items, Cronbach’s α = 0.77).
Table 1 compares survey respondents with the general California and U.S. population. Respondents are more likely to be 65 years or older, 25.0%, 95% CI (22.0-28.0), and college educated, 48.0%, 95% CI (44.5-51.5), than the general California or US populations. The sample is less ethnically/racially diverse than the state, white 56.0%, 95% CI (52.6-59.4), but more diverse than the US population.
Table 1:
Representativeness of Survey Sample
| Representativeness of Sample |
||||
|---|---|---|---|---|
| Variable % (N) | Survey Sample | 95% CI | California* | USA* |
| Total Responses | 100.0 (800) | |||
| Gender | ||||
| Female | 53.0 (424) | (49.5-56.5) | 50.3 | 50.8 |
| Age, years | ||||
| 18–64 | 72.0 (576) | (68.9-75.1) | 83.0 | 85.8 |
| 65 and older | 25.0 (200) | (22.0-28.0) | 17.0 | 14.2 |
| Race/Ethnicity | ||||
| White (not Hispanic/Latino) | 56.0 (448) | (52.6-59.4) | 39.7 | 63.0 |
| Hispanic/Latino | 22.9 (183) | (20.0-25.8) | 38.1 | 16.9 |
| Asian/Pacific Islander | 8.0 (64) | (6.1-9.9) | 6.6 | 5.3 |
| Black | 4.6 (37) | (3.1-6.1) | 14.1 | 13.1 |
| Mixed/Other | 4.9 (39) | (3.4-6.4) | 3.6 | 2.4 |
| Native American | 1.1 (9) | (0.4-1.8) | 1.7 | 1.2 |
| Education | ||||
| Up to high school | 23.9 (191) | (20.9-26.9) | ||
| Technical training/some college | 27.6 (216) | (24.5-30.7) | ||
| College degree or higher | 48.0 (384) | (44.5-51.5) | 30.3¶ | 28.2¶ |
| Geography | ||||
| Urban | 90.6 (673) | (88.6-92.6) | ||
| Veteran | 11.8 (94) | (9.6-14.0) | 7.8 | 0.1 |
| Income | ||||
| Median household income in (dollars)$ | 50 000–60 000 | 61 632 | 52 762 | |
| Online Technology Use (%) | Survey Sample | 95% CI | US |
|---|---|---|---|
| Internet | 86.9 (695) | (84.6-89.2) | 85# |
| 95.1 (661) | (93.6-96.6) | 92^ | |
| Ever used email to contact your doctor or nurse | 44.5 (294) | (41.1-47.9) | |
| Used the internet to connect with other patients | 13.2 (92) | (10.9-15.5) | 15.8! |
| Ever participated in an online patient community | 10.9 (76) | (8.7-13.1) | 8! |
| Ever shared your own health information for a research project via online patient community (of those in online community) | 9 (11.8) | (9.6-14.0) | |
| Have an account for a personal health record | 21.0 (168) | (18.2-23.8) |
*2007–2011 American Community Survey 5-year Estimates. Available at http://quickfacts.census.gov, Accessed 15 August 2013
¶Population 25 years of older.
$Dollars.
#http://www.pewinternet.org/Static-Pages/Trend-Data-(Adults)/Whos-Online.aspx Spring 2013 Survey.
The California sample shows similar technology use characteristics to respondents in recent national Pew surveys. A substantial minority of respondents are using the Internet to communicate about their health: 44.5% have emailed their doctor or nurse. A small group (13.2%) has used the Internet to connect to other patients for support or information, and only 10.9% have participated in an online patient community such as a chat room or social networking site.
Research Question 1. What is public opinion in California regarding the privacy and security of electronic health information exchange?
There is variability in public opinion regarding how EHRs and HIE technologies affect privacy and security. The majority of people have a negative view of technology’s impact on both privacy and security but a substantial minority has the opposite view (See Figure 1). 40.3% of respondents think HIE worsens privacy while 28.9% think it improves privacy. 42.5% believe it worsens security. More than half of respondents (52.4%) believe EHRs worsen privacy compared to 22.0% who think it improves privacy. 42.7% believe EHRs worsen security.
Figure 1:
Effect of Health Information and Electronic Health Records on Privacy and Security (Response categories range from greatly improve to greatly worsen from left to right. Percentages may not add up to 100% due to rounding.)
To assess preferences for consent for HIE, three options were offered (Question H8). Eleven percent selected opt-out which allows access to data unless the individual expressly prohibits access. Twenty-three percent preferred opt-in alone, which requires that individuals expressly agree to data sharing. Sixty-six percent preferred opt-in with “break the glass” which allows access to data without agreement only in an emergency.
Research Question 2. What is public opinion in California regarding privacy and security of electronic health data sharing for research?
50.8% strongly agreed or somewhat agreed with statement one that societal benefit was more important than privacy, suggesting roughly equal value placed on protecting individual privacy and societal benefit. Regarding the second statement, 69.8% strongly or somewhat agreed, a majority valuing individual control over societal benefit (Table 2).
Table 2:
Attitudes on Privacy and Research
| Agreement (percent of respondents) | |||||
|---|---|---|---|---|---|
| General Attitudes on Privacy and Research | Strongly agree | Somewhat agree | Somewhat disagree | Strongly disagree | Do not know/Refused |
| Research that could be beneficial to people's health is more important than protecting people's privacy | 15.9 | 34.8 | 22.0 | 24.8 | 2.6 |
| An individual's right to control use of their medical information is more important than the possible benefits of medical research | 32.4 | 37.4 | 19.0 | 7.9 | 3.4 |
Respondents were asked about sharing unidentified data through an electronic research network. Respondents were asked to rate six factors in terms of importance (Question R4). All six factors were deemed very important by the majority (Figure 2). Security and privacy received the highest ratings and were very important to over three-quarters of respondents.
Figure 2:
Factor in Sharing Electronic Health Information in Research Networks (Response categories range from very important to very unimportant from left to right. Percentages may not add up to 100% due to rounding.)
The second question regarding participation is research network dealt with consent to share data for research based on organization conducting the research (Question R5). The likelihood of consenting to share information in a research network varied based on the organization conducting the research. None of the types of organizations listed achieved a very high likelihood of consent from a majority. But, respondents were most likely to consent if asked by a hospital and least likely if asked by an insurance companies (Figure 3).
Figure 3:
Likelihood of Consent by Type of Requesting Organization (Response categories range from very likely to very unlikely from left to right. Percentages may not add up to 100% due to rounding.)
Results regarding consent for sharing of unidentified electronic data for research (Survey question R6) is shown in Table 3. The vast majority prefer to be asked for permission first (86.7%) with small percentages endorsing the view that no was permission needed (7.9%) or that information not be used at all (4.5%). Within the permission categories, respondents most preferred providing consent before each project (44.8%) and least preferred providing a one-time general permission (10.0%).
Research Question 3. Are there differences in views about and the likelihood of consenting to electronic data sharing for healthcare and research purposes?
Respondents believe that sharing data from electronic medical records greatly improves the quality of both medical care and medical research (on a scale of 1 = greatly improve to 5 = greatly worsen) with no significant difference between the two purposes, M = 0.03, SD = 1.22, 95% CI (−0.06 to 0.12), t (727) = 0.70, p = .48. (Questions H2 and R1)
The vast majority would require permission to share data for both healthcare and research (83.7%) (Table 4). There was a small but statistically significant difference between the proportion that would require permission for healthcare versus research (McNemar’s p = .02, all cells had expected frequency >5). Almost half were likely to consent to both healthcare and research uses of their electronic data (49.0%) but significantly fewer would consent for healthcare, (McNemar’s p < .0001, all cells had expected frequency >5). A substantial minority were likely to consent to neither (15.3%).
Table 4:
Comparison of permission and consent for healthcare and research
| N = 774 | Require Permission to Share Data for Healthcarea, n (%) | Do Not Require Permission to Share Data for Healthcare, n (%) |
|---|---|---|
| Require Permission to Share Data for Researchb | 623 (87.3) | 61 (8.2) |
| Do Not Require Permission to Share Data for Research | 37 (5.0) | 23 (3.1) |
| N = 776 | Likely to Consent to Share Data for Healthcarec, n (%) | Not Likely to Consent to Share Data for Healthcare, n (%) |
| Likely to Consent to Share Data for Researchd | 380 (49.0) | 211 (27.2) |
| Not Likely to Consent to Share Data for Research | 66 (8.5) | 119 (15.3) |
aIn order to have your medical information automatically shared for medical care, some organizations ask for your permission. Which of the following choices for permission would you most prefer a) To have information automatically shared unless you say not to, b) To be asked to share information before sending it, or to be asked except if there is a medical emergency.
bIn terms of using information from your EHR that is sent electronically to medical researchers, which statement best reflects your opinion: a) Ask permission first, b) No need to get permission.
cIf you were offered the choice to have your medical information automatically shared electronically with the different places where you receive medical care, how likely would you be to agree to it? a) Very or somewhat likely, b) Very or somewhat unlikely
dIf medical researchers asked to use your unidentified medical information from your electronic medical record how likely or unlikely would you be to agree to that? a) Very or somewhat likely, b) Very or somewhat unlikely
DISCUSSION
Privacy and Security of EHR and HIE
The results reported in this study represent an in-depth investigation of California consumers’ views of electronic data sharing and expands upon evidence from other national surveys that have included a few similar questions. With regard to privacy and security in research question 1, we asked separately about EHR and HIE while Ancker’s Cornell study asked about privacy and security together.23 Our study found more positive views in general, but differences in views on privacy and security as distinct concepts. In our study, more people thought EHR would improve privacy (22%) and improve security (37%) than in Ancker’s study (18% for combined privacy/security concept). Similarly, our study found more people thought HIE would improve privacy (28.9%) and security (30.6%) compared to Ancker (19% for combined privacy/security concept). Although we found differences in views about privacy and security, it is unclear whether respondents fully understand the difference between the two concepts.
The Health Information National Trends Survey found that the value of HIE was linked to perceived ability of the healthcare provider to safeguard health information.30 A California Healthcare Foundation survey that found a majority of adults express discomfort (42%) or uncertainty (25%) about their de-identified health information from EHRs being shared with insurance plans, researchers, companies, and others.38 Consumers are still uncomfortable with privacy and security of electronic sharing of data for healthcare purposes. Generally, sharing for healthcare purposes implies that the data are identified. Even de-identified data sharing is not immune to privacy and security concerns, and building public trust in uses of HIPAA de-identified data is necessary.39
Privacy and Security of Research Data Sharing
We report that respondents value individual control over societal benefit, but societal benefit over privacy. This finding might appears contrary to the expectation that most people would exert control over their information in order to protect their privacy. However, these three concepts are distinct. Some may elect to disclose private information to another party, while others prefer to withhold information that might not compromise privacy if they had control over this information (e.g., elect not to disclose race or ethnicity). Other authors have reported that people expect some form of societal gain to occur from the sharing of their health information.16 The requirements of informed consent for research put forth by the common rule itself recognize the need to present information about confidentiality (related to privacy), voluntariness (individual choice), individual benefits/risks, and potential benefits to others, so that candidates can determine whether or not to participate (US Department of Health and Human Services. 45 CFR 46. Fed Regist 1991;56:28012). These issues warrant greater scrutiny in future research.
People’s views on sharing of data for research are affected by privacy and security, but other factors also come into play. Trust in the organization conducting the research is an important consideration in whether to participate in research data sharing. The other three factors (seeing the information, purpose of research, and kind of research) can be interpreted as elements of transparency. A majority of respondents believe these are important in their decision. Grande reported that the purpose of personal health information sharing was significantly associated with willingness to share: research use was associated with greatest willingness, and marketing or quality improvement with lowest.40
The likelihood of consent to share information in a research network varied based on the organization conducting the research with the highest likelihood associated with a hospital or university, followed by doctors and government agencies. The lowest likelihood was associated with biotechnology, pharmaceutical, and insurance companies. These findings are similar to the results reported from a recent study on sharing EHR data for research, which found the willingness to share was greatest for a university hospital, followed by a public health department, and lowest for a pharmaceutical company.40 Attitudes regarding sharing of genomic information have shown a similar pattern.41,42
Forms of Consent
There are a variety of forms of consent for data sharing which have been suggested including opt-in, opt-out, and variations of these types.43 The opt-in form of consent for HIE was clearly preferred with 89% selecting either opt-in or opt-in with break the glass, but almost a quarter of respondents would prohibit sharing data without consent even in an emergency. This aligns with findings from a New York survey that found great support (90%) for opt-in “break the glass” access to HIE data.44 The differences may be attributable to the difference in response categories offered: we asked for mutually exclusive categories (opt-in, opt-in with break the glass, and opt-out) while the New York survey asked for yes/no/do not know for the one form of consent alone.
The form of consent for electronic sharing in research is also important to consumers. This question in our survey was adapted from a Canadian survey by Willison.18 Californians’ preferences were ordered in the same way as those of Canadians, with consent for each study as the most often preferred and no use of data as the lowest.
Differences in Views Regarding Data Sharing for Healthcare and Research
We found that respondents were more likely to agree to share deidentified information for research than to share identified information for healthcare. This suggests that individuals want control over electronic access to health information. They overwhelmingly believe it is important to be asked permission for both research and healthcare uses but there are greater differences in beliefs about consent. They differentiated between healthcare and research uses of data, and opinions regarding one use cannot be assumed to predict opinions regarding the other. Interestingly, respondents reported they were actually less likely to consent to healthcare use of their data. This may be due in part to the inclusion of identifiers in healthcare data leading to increased concern about potential breach of privacy.
HIEs should consider consumers’ preferences in the construction and operation of their networks.45 Compliance with HIPAA or state regulations regarding sharing of PHI, which primarily addresses data for healthcare may not fulfill consumers’ concerns about privacy and security related to electronic data sharing. This is highlighted by the finding that consumers are less willing to share their data for healthcare than for research. For DRNs these findings suggest that consumers are in favor of electronic data sharing for research. The forms of consent and the ability to assert some individual control, who has access to network functions, the research purpose for which data are accessed, and other elements of transparency are all important to consumers. Construction of policies and practices that respond to these concerns may improve the acceptance and support of DRNs and HIEs by consumers.
Limitations
This study was designed as a statewide survey to help inform California policy making and the stakeholder-informed design of the Scalable National Network for Effectiveness Research DRN.46 Although the demographics of the survey sample are similar to the general population in some respects, there are important differences which may limit the generalizability of the findings to either California or the USA. In particular, the sample is older and has a relatively high education level with almost half the respondents having college or post-graduate education. These respondents may have differential professional and academic exposure to issues related to healthcare privacy, policy, and technology. In addition, comparisons between surveys that use different questions or methods are fraught with difficulties. The comparisons discussed here were limited to questions that were the same or very similar, posed in large surveys. Previous surveys that include questions about electronic health data sharing usually only include a few questions, limiting our ability to compare our results with the extant literature.
CONCLUSION
Electronic networks for healthcare and research have the potential to enhance knowledge about cost effective, high quality patient-centered care and the efficient conduct of clinical research. Patient acceptance is critical given the national investment in data sharing infrastructure, federal funding for distributed research networks, and the recently announced National Patient Centered Clinical Research Network which emphasizes patient-researcher partnership.47 Understanding of views and preferences regarding electronic sharing of health information, and in particular, the important variation in views between individuals, is a pre-requisite to the effective design of network governance and acceptance and trust of the network by the public.
FUNDING
The authors were partially funded by grants from AHRQ R01HS019913 (K.K.K. and L.O-M.), Gordon and Betty Moore Foundation grant to the Betty Irene Moore School of Nursing at UC Davis (K.K.K.), and NIH U54HL108460 (L.O-M.). Funding for the survey was provided by Award Number 90HT0029 to California Health and Human Services Agency from Office of the National Coordinator for Health Information Technology, U.S. Department of Health and Human Services. Its contents are solely the responsibility of the authors and do not necessarily represent the official views of Office of the National Coordinator or the State of California. The funders had no role in decisions regarding the data or manuscript.
CONTRIBUTORS
K.K.K. oversaw the study, developed the survey, collected, and analyzed data, led the writing of the manuscript, and approved the manuscript for publication. J.G.J. collaborated on study design, analyzed data, contributed to writing and editing of the manuscript, and approved the manuscript for publication. L.O-M. contributed to study design, provided direction on data analysis, contributed to writing and editing the manuscript, and approved the manuscript for publication.
COMPETING INTERESTS
None.
Acknowledgments
The authors thank Holly C. Logan, MA, San Francisco State University, who coordinated survey data collection, Y. Jason Chang, MS, San Francisco State University, who assisted with data analysis, and Machelle Wilson, PhD, UC Davis Clinical Translational Sciences Center, who advised on statistical analysis. The telephone survey was conducted by the Henne Group.
SUPPLEMENTARY MATERIAL
Supplementary material is available online at http://jamia.oxfordjournals.org/.
REFERENCES
- 1.Smith M, Saunders R, Stuckhardt L, McGinnis JM, eds. Best Care at Lower Cost: The Path to Continuously Learning Health Care in America. Pre-publication copy ed: Institute of Medicine Committee on the Learning Health Care System in America; 2012. [PubMed] [Google Scholar]
- 2.Lauer MS, D'Agostino RB. The Randomized Registry Trial — The Next Disruptive Technology in Clinical Research? N Engl J Med. 2013;369(17):1579–1581. [DOI] [PubMed] [Google Scholar]
- 3. 111th Congress of the United State of America. American Recovery and Reinvestment Act of 2009, 2009.
- 4.Collins FS, Hudson KL, Briggs JP, Lauer MS. PCORnet: turning a dream into reality. JAMIA. 2014;21(4):576–577. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 5.Consortium PP, Daugherty SE, Wahba S, Fleurence R. Patient-powered research networks: building capacity for conducting patient-centered clinical outcomes research. JAMIA. 2014;21(4):583–586. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 6.Holmes JH, Elliott TE, Brown JS, et al. Clinical research data warehouse governance for distributed research networks in the USA: a systematic review of the literature. JAMIA. 2014;21(4):730–736. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 7.Brown J, Holmes J, Maro J, et al. Design specifications for network prototype and cooperative to conduct population-based studies and safety surveillance. No. 13. (Prepared by the DEcIDE Centers at the HMO Research Network Center for Education and Research on Therapeutics and the University of Pennsylvania Under Contract No. HHSA29020050033I T05.). Rockville, MD: Agency for Healthcare Research and Quality; 2009. [Google Scholar]
- 8.Ohno-Machado L, Alipanah N, Day M, et al. Clinical Data Research Networks, Patient Registries and Patient Powered Research Networks, Taxonomy and Comprehensive Inventories. Technical Report. June 12, 2013 ed. Washington DC: Patient Centered Outcomes Research Institute; 2013. [Google Scholar]
- 9.Brown JS, Holmes JH, Shah K, Hall K, Lazarus R, Platt R. Distributed health data networks: a practical and preferred approach to multi-institutional evaluations of comparative effectiveness, safety, and quality of care. Med Care. 2010;48(6):S45–S51. [DOI] [PubMed] [Google Scholar]
- 10.Ohno-Machado L, Agha Z, Bell DS, et al. pSCANNER: patient-centered Scalable National Network for Effectiveness Research. JAMIA. 2014;21(4):621–626. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 11. eHealthInitiative. 2012 Report on Health Information Exchange: Supporting Healthcare Reform. Secondary 2012 Report on Health Information Exchange: Supporting Healthcare Reform 2012. http://www.ehidc.org/resource-center/surveys/view_document/43-survey-2012-annual-hie-survey-results-report-on-health-information-exchange-supporting-healthcare-reform-data-exchange Accessed October 1, 2013.
- 12. CaleConnect. Enabling Exchange: An Assessment of Community and Enterprise Health Information Organizations in California. 2012. http://www.ohii.ca.gov/calohi/downloadfile.aspx?id=571 Accessed December 22, 2014.
- 13. California Health and Human Services Agency. Report to the Legislature: Demonstration Project Specific to Patient Consent for Health Information Exchange. 2014. http://www.ohii.ca.gov/calohi/downloadfile.aspx?id=581 Accessed December 22, 2014.
- 14. Medical Research Council. The use of personal health information in medical research: general public consultation. Secondary The use of personal health information in medical research: General public consultation 2007. http://www.ipsos-mori.com/Assets/Docs/Archive/Polls/mrc.pdf Accessed October 13, 2013.
- 15.Robling MR, Hood K, Houston H, Pill R, Fay J, Evans HM. Public attitudes towards the use of primary care patient record data in medical research without consent: a qualitative study. J Med Ethics. 2004;30(1):104–109. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 16.Whiddett R, Hunter I, Engelbrecht J, Handy J. Patients' attitudes towards sharing their health information. Int J Med Inform. 2006;75(7):530–541. [DOI] [PubMed] [Google Scholar]
- 17.Weitzman ER, Kaci L, Mandl KD. Sharing medical data for health research: the early personal health record experience. J Med Internet Res. 2010;12(2):e14. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 18.Willison DJ, Schwartz L, Abelson J, et al. Alternatives to project-specific consent for access to personal information for health research: what is the opinion of the Canadian public? J Am Med Inform Assoc. 200714(6):706–712. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 19.Willison DJ, Keshavjee K, Nair K, Goldsmith C, Holbrook AM. Patients' consent preferences for research uses of information in electronic medical records: interview and survey data. BMJ. 2003;326(7385):373. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 20.Mamo LA, Browe DK, Logan H, Kim KK. Patient informed governance of distributed research networks: results and discussion from six patient focus groups. American Medical Informatics Association Annual Symposium. Washington, DC; 2013. 920–929. [PMC free article] [PubMed] [Google Scholar]
- 21.Willison DJ, Steeves V, Charles C, et al. Consent for use of personal information for health research: do people with potentially stigmatizing health conditions and the general public differ in their opinions? BMC Med Ethics. 2009;10(1):10. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 22.Perera G, Holbrook A, Thabane L, Foster G, Willison DJ. Views on health information sharing and privacy from primary care practices using electronic medical records. Int J Med Inform. 2011;80(2):94–101. [DOI] [PubMed] [Google Scholar]
- 23.Ancker JS, Silver M, Miller MC, Kaushal R. Consumer experience with and attitudes toward health information technology: a nationwide survey. JAMIA. 2013;20(1):152–156. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 24.Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. Journal of the American Medical Informatics Association 2014;21 (2), 374–378. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 25.Kim KK, Browe DK, Logan HC, Holm R, Hack L, Ohno-Machado L. Data governance requirements for distributed clinical research networks: triangulating perspectives of diverse stakeholders. JAMIA 2013;21(4):714–719. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 26.National Partnership for Women & Families. Making IT Meaningful: How Consumers Value and Trust Health IT. Washington DC: National Partnership for Women & Families; 2012:32–33. [Google Scholar]
- 27.Fox S, Rainie L. The online health care revolution: how the Web helps Americans take better care of themselves. Secondary The online health care revolution: How the Web helps Americans take better care of themselves 2000. http://www.pewinternet.org/∼/media//Files/Reports/2000/PIP_Health_Report.pdf Accessed September 1, 2013. [Google Scholar]
- 28.Westin AF. Public attitudes toward electronic health records. AHIP Cover. 2005;46(4):22–25. [PubMed] [Google Scholar]
- 29.Weitzman E, Kelemen S, Kaci L, Mandl K. Willingness to share personal health record data for care improvement and public health: a survey of experienced personal health record users. BMC Med Inform Decis Mak. 2012;12(1):39. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 30.Wen K-Y, Kreps G, Zhu F, Miller S. Consumers’ perceptions about and use of the internet for personal health records and health information exchange: analysis of the 2007 Health Information National Trends Survey. J Med Internet Res. e73. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 31.Teixeira PA, Gordon P, Camhi E, Bakken S. HIV patients’ willingness to share personal health information electronically. Patient Educ Couns. 2011; 84(2):e9–e12. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 32.Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. JAMIA. 2014;21(2):374–378. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 33.Hansen MH, Hurwitz WN. On the theory of sampling from finite populations. Ann Math Stat. 1943;14(4):333–362. [Google Scholar]
- 34.Blumberg SJ, Luke JV, Nadarajasundaram G, Davern ME, Boudreaux MH. Wireless Substitution: State-level Estimates From the National Health Interview Survey, 2010–2011. Secondary Wireless Substitution: State-level Estimates From the National Health Interview Survey, 2010–2011. 2012. [PubMed] [Google Scholar]
- 35.Horrigan J. The Mobile Difference: Pew Internet & American Life Project. 2009. Available from: http://pewinternet.org/Reports/2009/5-The-Mobile-Different-Typology.aspx. [Google Scholar]
- 36.Fox S. The Social Life of Health Information Washington, DC: Pew Internet & American Life Project. 2011. Available from: http://pewinternet.org/Reports/2011/Social-Life-of-Health-Info.aspx. [Google Scholar]
- 37. The American Association for Public Opinion Research. Standard Definitions: Final Dispositions of Case Codes and Outcome Rates for Surveys. 7th edn. AAPOR; 2011, Deerfield, IL.
- 38. California Healthcare Foundation. Consumers and Health Information Technology: A National Survey. Secondary Consumers and Health Information Technology: A National Survey 2010. http://www.chcf.org/∼/media/MEDIA%20LIBRARY%20Files/PDF/C/PDF%20ConsumersHealthInfoTechnologyNationalSurvey.pdf Accessed September 1, 2013.
- 39.McGraw D. Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data. JAMIA. 2012;20(1):29–34. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 40.Grande D, Mitra N, Shah A, Wan F, Asch DA. Public Preferences About Secondary Uses of Electronic Health Information. JAMA Intern Med. 2013;173(19):1798–1806. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 41.Rogith D, Yusuf RA, Hovick SR, et al. Attitudes regarding privacy of genomic information in personalized cancer therapy. JAMIA. 2014;21(e2):e320–e325. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 42.Shoenbill K, Fost N, Tachinardi U, Mendonca EA. Genetic data and electronic health records: a discussion of ethical, logistical and technological considerations. JAMIA. 2014;21(1):171–180. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 43.Goldstein MM, Rein AL. ‘Consumer consent options for electronic health information exchange: policy considerations and analysis’, Prepared for the Office of the National Coordinator for Health IT. Washington, DC: George Washington University Medical Center, 2010. [Google Scholar]
- 44.Ancker JS, Edwards AM, Miller MC, Kaushal R. Consumer perceptions of electronic health information exchange. Am J Prev Med., 2012; 43(1):76–80. [DOI] [PubMed] [Google Scholar]
- 45.Hripcsak G, Bloomrosen M, FlatelyBrennan P, et al. Health data use, stewardship, and governance: ongoing gaps and challenges: a report from AMIA's 2012 Health Policy Meeting. JAMIA. 2014;21(2):204–211. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 46.Kim KK, Browe DK, Logan HC, Holm R, Hack L, Ohno-Machado L. Data governance requirements for distributed clinical research networks: triangulating perspectives of diverse stakeholders. Journal of the American Medical Informatics Association. 2014; 21(4). [DOI] [PMC free article] [PubMed] [Google Scholar]
- 47.Selby JV, Krumholz HM, Kuntz RE, Collins FS. Network news: powering clinical research. Sci Transl Med. 2013;5(182):182fs13. [DOI] [PMC free article] [PubMed] [Google Scholar]