Article Figures & Data
Figures
- Figure 1
Privacy: features consumers want for safeguarding their medical information.
- Figure 2
Consumers’ preferences regarding permission to view electronic health information.
Note: Top numbers represent the total number of respondents replying to each question.
Tables
Characteristic All Respondents No. (%)a Sex, female 91 (54) Raceb White 138 (81) Black 13 (8) Other 9 (5) Missing or refused 10 (6) Age, y 18–24 10 (6) 25–44 60 (36) 45–64 67 (40) 65 or older 32 (19) Annual household incomeb <$30,000 28 (17) $30,000 to $60,000 36 (21) $61,000 to $80,000 25 (15) $81,000 to $100,00 15 (9) >$100,000 54 (32) Missing or refused 12 (7) Education levelb ≤8th grade 1 (1) Some high school, did not graduate 3 (2) High school graduate or GED 25 (15) Some college or 2-year degree 54 (32) ≥4-year college graduate 84 (50) Missing or refused 3 (2) Internet access available at work or home 139 (82) Preference No. (%)a Methods for storing and sharing health information with which respondents were comfortableb On an editable and readable portable device (n = 169) 140 (83) At different locations and shared over a secure connection (n = 165) 131 (79) On a single, central database and shared over a secure connection with the use of a password (n = 162) 110 (68) Interest in automatic storage of medical information in a database (n=165)c Yes 111 (67) No 54 (33) If not interested in automatic storage, preferences for restricting electronic storage of health information in a database (n = 54)b,c Determine which clinicians send information that will be included 45 (83) Determine what types of medical information are included (test results, medication information, etc) 49 (91) Determine which health care visits will be included (outpatient visit, emergency department visit, hospital stays, etc) 46 (85) Approve every piece of information 42 (78) Parties most trusted to regulate the privacy and security of the database (n=152)c Office practice or physicians organization 76 (50) Other 31 (18) Health plan 24 (16) Hospitals 11 (7) Government 10 (7) Length of time physician should be able to access health information through HIE after permission has been given by the patient (n = 167)c: One week after patient’s visit with physician 39 (23) One year after permission is given 27 (16) Continuous access until permission is taken away 94 (56) Indefinite access 7 (4) Parties that should be able to view health information in the case of a medical emergency when permission cannot be obtained (n = 168)b,c Designated family member or friends 156 (93) Primary care doctor 158 (93) Other doctors or clinicians (in emergency department or hospital, etc) 138 (82) No one should access my health information without my permission even in a medical emergency 21 (13) -
↵a Percentages may not sum to 100 because of rounding and numbers may not sum to 170 because of missing responses. Actual denominators indicated in parentheses after row entries.
-
↵b Respondents were to asked to select all options that applied.
-
↵c Respondents were asked to consider a system where their medical information from different health care visits and clinicians is stored on a central electronic database that their doctors can access (health information exchange, HIE) with their permission.
-
Supplemental Appendix
Supplemental Appendix. Survey Questions
Files in this Data Supplement:
- Supplemental data: Appendix - PDF file, 3 pages, 201 KB
The Article in Brief
Rina V. Dhopeshwarkar , and colleagues
Background Health information exchange (HIE), the exchange of electronic health information across health care clinicians and organizations, could help improve quality of health care. Little is known, however, about features, safeguards, and policies that would help consumers feel more comfortable about the privacy and security of their electronic health information. This survey of 170 New Yorkers about the use of electronic health records (EHRs) and HIE aims to understand their detailed preferences for the privacy and security of their health information.
What This Study Found In New York, where patients must actively consent to having their data accessed through health information exchange, survey respondents are generally supportive of electronic sharing of health information and are willing to have their health information automatically stored in an HIE; however, they want to have control over the privacy and security of that information. More than two-thirds of people surveyed are willing to have their health information automatically stored in an HIE. Most respondents, however, want safeguards against unauthorized viewing of their information. They also want to be able to see who has viewed their information, be able to stop electronic storage of their data, be able to stop all viewing, and be able to select which parts of their health information are shared. Among the approximately one-third of patients who are uncomfortable with automatic inclusion of their health information in an electronic database for HIE, 78 percent wish to approve all information explicitly, and most prefer restricting information by clinician, visit, or information type.
Implications
- The authors conclude that, given the highly sensitive nature of health information and the consequences that can occur in the event of its disclosure, patient preferences around the storing and sharing of electronic health information should be considered when developing and implementing systems, standards and policies. They advocate for consent policies that allow consumers to control what, by whom, and for how long their health information can be accessed.
