ONC Data Brief ■ No. 27 June 2015
Individuals’ Perceptions of the Privacy and Security of Medical
Records
Vaishali Patel, PhD MPH, Penelope Hughes JD MPH, Lucia Savage JD, Wesley Barker MS
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
emphasizes the importance of inspiring public trust and confidence in health information
technology (IT) (1). In 2013, approximately three-quarters of physicians used any electronic
health record (EHR). As EHR adoption rates increase, it is important for policymakers to
understand individuals’ privacy and security concerns (2). To assess the growing impact of EHR
adoption on individuals’ privacy and security concerns, this data brief examines whether privacy
and security concerns have increased with increased rates of EHR adoption between 2012 and
2013. We will also assess how privacy and security concerns may differ among individuals
whose provider has a paper versus an electronic medical record.
Many individuals express privacy and security concerns, but less than 1 in 10
withhold information from their health care providers due to those concerns.
Figure 1: Proportion of individuals who expressed concerns regarding the privacy and security of their medical record
and withheld information from their healthcare provider due to those concerns, 2012-2013.
NOTE: The number of respondents for the above items ranged from n=2040 to n=2097. Differences between 2012 and 2013 are not statistically
significant.
SOURCE: 2012-2013 Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic Health Records and Health Information
Exchange.
In 2013, about 7 out of 10 individuals had concerns about the privacy of their medical
records and about 3 out of 4 had concerns about the security of their medical records.
These concerns have not significantly changed between 2012 and 2013.
Less than 1 in 10 individuals report withholding information from their healthcare
providers. This did not significantly change between 2012 and 2013.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
2
Privacy and security concerns are no different between individuals whose
providers have paper medical records and those whose providers have an EHR.
Figure 2: National levels of privacy and security concerns and withholding information from healthcare providers due
to those concerns by whether their provider had a paper or electronic health record (EHR), 2013.
NOTE: The number of respondents for the above items ranged from n= 1772 to n=1767. Differences between paper medical record vs. EHRs are not
statistically significant.
SOURCE: 2013 Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic Health Records and Health Information
Exchange.
Although individuals with paper medical records reported slightly higher levels of
privacy and security concerns compared to individuals whose provider had an EHR, the
difference is not statistically significant.
Individuals whose provider uses an EHR had slightly higher rates of withholding
information from their provider due to privacy or security concerns. The difference,
however, is not statistically significant.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
3
Individuals’ concerns regarding sending medical records between health care
providers do not differ by whether they are sent electronically or by fax.
Figure 3: The proportion of individuals who expressed concerns regarding unauthorized viewing of their medical
record when shared between healthcare providers electronically vs. by fax, 2012-2013.
NOTE: Number of respondents range from n=2035 to n=2094. Differences between fax vs. electronic and between 2012 and 2013 are not statistically
significant. Electronically means from computer to computer; not telephone, mail, or fax machine
SOURCE: 2012-2013 Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic Health Records and Health Information
Exchange.
In 2013, 6 in 10 individuals indicated they were very or somewhat concerned about
unauthorized viewing when their medical records are sent electronically between health
care providers; a similar proportion of individuals expressed concerns about
unauthorized viewing when their provider sends their medical records via fax.
There were no statistically significant changes between 2012 and 2013 in the proportion
of individuals who expressed concerns regarding unauthorized viewing of their medical
information when their medical records were sent between health care providers
electronically or by fax.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
4
Individuals’ support for EHRs and HIE is high despite potential privacy or security
concerns.
Figure 4: The proportion of individuals who support their providersuse of an EHR and electronic health information
exchange (HIE) despite potential privacy and security concerns, 2012-2013.
NOTE: The number of respondents for the above items ranged from n= 2009 to n=2048. Differences between 2012 & 2013 are not statistically
significant.
SOURCE: 2012-2013 Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic Health Records and Health Information
Exchange
In 2013, about 3 out of 4 individuals wanted their provider to use an EHR, despite any
potential privacy or security concerns.
In 2013, about 7 in 10 individuals supported their providers’ use of electronic HIE when
sharing their medical records with other providers treating them, despite any possible
privacy and security concerns.
There were no statistically significant differences between 2012 and 2013 in the
proportion of individuals who supported EHRs or electronic HIE, despite potential
privacy and security concerns.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
5
Summary
Building public trust is vital to ensure that all stakeholders are comfortable engaging in
electronic health information exchange (HIE) and the adoption of health IT to achieve the
benefits of an interoperable health care system. Findings from national surveys conducted by
ONC in 2012 and 2013 show that the privacy and security of medical records are significant and
important concerns for individuals nationwide. About 7 in 10 individuals express concerns about
privacy and security although less than one in 10 individuals have withheld information from
their providers due to these concerns. Evidence from this survey suggests that increased
adoption of EHRs is not associated with individuals’ privacy and security concerns. Levels of
privacy and security concerns and rates of withholding have not significantly changed between
2012 and 2013, despite increases in the adoption of any EHR among providers during the same
time period.
2
Furthermore, individuals whose providers use an EHR have similar levels of
concerns about the privacy and security of their medical records as compared to individuals
whose providers use paper records. Continuing to assess this pattern will be important as
evidence is still emerging. Two recent analyses using other national surveys have found similar
findings but another study found an association between EHRs and rates of withholding (3,4,5).
A majority of individuals nationwide also expressed concerns regarding unauthorized viewing of
medical records when information is shared between health care providers. In 2013, about 6 in
10 individuals expressed concerns about their provider sharing their health information with
other providers. However, this level of concern did not significantly differ by whether the
information was sent between health care providers by fax or through electronic means.
Additionally, individuals’ level of concern for sharing of health information through these means
did not change significantly between 2012 and 2013.
Furthermore, we found that individuals’ support for the use of EHRs and electronic HIE, despite
any concerns they may have about the privacy and security of their medical record, continues to
remain strong. In 2013, at least three-quarters of individuals wanted their provider to use an
EHR, and 7 in 10 wanted to share their medical records electronically with other providers
treating them, despite any privacy or security concerns. This suggests consumers’ awareness that
the potential risks associated with electronic health information may be balanced by the
significant benefits (4).
In summary, we found that the concerns individuals may have about the privacy and security of
their medical records are not unique or limited to EHRs. More importantly, in spite of potential
concerns, a majority of individuals want their providers to use an EHR and to share appropriate
medical information electronically with the individual’s other health care providers.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
6
Definitions
The definitions for the items related to security and privacy were developed from the National
Committee on Vital and Health Statistics (NCVHS). According to NCVHS, health information
privacy is an individual's right to control the acquisition, uses, or disclosures of his or her
identifiable health data. Security refers to physical, technological, or administrative safeguards
or tools used to protect identifiable health data from unwarranted access or disclosure.
Privacy of Medical Record:
Privacy concerns were assessed with the question “Privacy means
you have a say in who can collect, use and share your medical record. How concerned are you
about the privacy of your medical record?” Individuals were considered concerned if they
reported they were either very or somewhat concerned.
Security of Medical Record: Security concerns were assessed with the question “Security means
having safeguards to keep your medical record from being seen by people who aren’t permitted
to see them. Safeguards may include technology. How concerned are you about the security of
your medical record?” Individuals were considered concerned if they reported they were either
very or somewhat concerned.
Withholding of information was assessed by asking: “Have you ever kept information from your
healthcare provider because you were concerned about the privacy or security of your medical
record?” Individuals were considered to have withheld information from their healthcare
provider if they reported “Yes.”
Electronically was defined as “from computer to computer, instead of by telephone, mail, or fax
machine.”
Data Source and Methods
Data are from The Office of the National Coordinator for Health Information Technology’s
(ONC) Consumer Survey of Attitudes Toward the Privacy and Security Aspects of Electronic
Health Records and Health Information Exchange. The survey was conducted by NORC at the
University of Chicago with MITRE.
The respondent universe for the survey was the civilian, non-institutionalized population ages 18
years old and older within the 50 states and the District of Columbia. This survey utilized a dual
random digit dialing (RDD) frame of landline phone numbers and wireless/mobile phone
numbers developed by Survey Sampling International (SSI). In order to reduce sampling
variability and to represent the nation, NORC stratified the landline RDD frame by Census
Region. The 2013 survey oversampled Hispanic, Asian and Black populations. From each
household with a selected phone number in a given frame only one adult was selected to
complete the telephone interview. A total of 2,107 surveys were completed in 2013 and 2,050
surveys were completed in 2012.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
7
References
1. Health Information Technology for Economic and Clinical Health (HITECH) Act, Title
XIII, Division A of the American Recovery and Reinvestment Act (ARRA), Pub. L. No.
111-5, §§ 13001-13424, 123 Stat. 115, 228-279 (2009).
2. Report to Congress. Update on the Adoption of Health Information Technology and
Related Efforts to Facilitate the Electronic Use and Exchange of Health Information.
October, 2014.
http://www.healthit.gov/sites/default/files/rtc_adoption_and_exchange9302014.pdf
3. Patel V, Beckjord E, Moser R, Hughes P, Hesse B. The Role of Health Care Experience
and Consumer Information Efficacy in Shaping Privacy and Security Perceptions of
Medical Records: National Consumer Survey Results. JMIR Medical Informatics. 2015
Apr-Jun; 3(2)
4. National Partnership for Women and Families. Engaging Patients and Families: How
Consumers Value and Use Health IT. Washington, DC: National Partnership for
Women and Families, 2014.
5. Campos-Castillo C, Anthony DL. The double-edged sword of electronic health records:
implications for patient disclosure. Journal of the American Medical Informatics
Association. 2014;0:1–7.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
8
About the Authors
The authors are with the Office of the National Coordinator for Health Information Technology,
Office of Planning, Evaluation, and Analysis and the Office of the Chief Privacy Officer.
Acknowledgements
MITRE and NORC at the University of Chicago contributed to the development of the survey
instrument, survey administration, and data analysis.
Suggested Citation
Patel V, Hughes P, Savage L, Barker W. (June 2015). Individuals’ Perceptions of the Privacy
and Security of Medical Records and the Sharing of Medical Records between Health Care
Providers. ONC Data Brief no. 27.
Office of the National Coordinator for Health
Information Technology: Washington DC.
ONC Data Brief No. 27 | Individuals’ Perceptions regarding the Privacy and Security of
Medical Records and Sharing of Medical Records between Health Care Providers
9
Appendix
Data presented in this data brief are weighted national estimates. Items used for this data brief
are listed in Appendix Table A1 below.
Appendix Table A1. Selected Items from the ONC Consumer Survey of Attitudes Toward the Privacy and Security Access of
Electronic Health Records and Health Information Exchange, 2013, used for this analysis
Question Text
Response Options
1. Privacy means you have a say in who can collect, use and share your medical
record. How concerned are you about the privacy of your medical record?
Very Concerned
Somewhat Concerned
Not Very Concerned
Not Concerned at All
2. Security means having safeguards to keep your medical record from being seen
by people who aren't permitted to see them. Safeguards may include technology.
How concerned are you about the security of your medical record?
Very Concerned
Somewhat Concerned
Not Very Concerned
Not Concerned at All
3. Have you ever kept information from your health care provider because you
were concerned about the privacy or security of your medical record?
YES/NO
4. If your medical record is sent by fax from one health care provider to another,
how concerned are you that an unauthorized person would see it?
Very Concerned
Somewhat Concerned
Not Very Concerned
Not Concerned at All
5. If your medical record is sent electronically from one health care provider to
another, how concerned are you that an unauthorized person would see it?
Electronically means from computer to computer, instead of by telephone, mail, or
fax machine.
Very Concerned
Somewhat Concerned
Not Very Concerned
Not Concerned at All
6. I want my health care providers to use an electronic medical record to store and
manage my health information despite any concerns I might have about privacy
and security.
Strongly Agree
Agree
Disagree
Strongly Disagree
7. I want my health care providers to use a computer to share my medical record
with other providers treating me despite any concerns I might have about privacy
and security.
Strongly Agree
Agree
Disagree
Strongly Disagree
8. As far as you know, do any of your health care providers maintain your medical
records in an electronic system?
YES/NO