U.S. PUBLIC SHARPLY DIVIDED ON PRIVACY RISKS OF ELECTRONIC MEDICAL RECORDS

February 23, 2005//Hackensack, NJ:U.S. adults are divided right down the middle on whether the potential privacy risks associated with a patient electronic medical record system outweigh the expected benefits to patients and society, according to Dr. Alan F. Westin, Professor of Public Law & Government Emeritus, Columbia University and Director of a new Program on Information Technology, Health Records & Privacy at Privacy & American Business (P&AB).

In testimony given today before the National Committee on Vital and Health Statistics of the Department of Health and Human Services, Dr. Westin released the results of a new national Harris Interactive® survey on the American public and what are known as Electronic Medical Records (EMR).

This telephone survey was conducted in conjunction with the new Westin Program and was fielded February 8-13, 2005.

Major Findings

  • Half of U.S. adults – 48% – say the benefits to patients and society of a patient Electronic Medical Record system outweighs risks to privacy but 47% say the privacy risks outweigh the expected benefits. Four percent said they weren’t sure.
  • Majorities – between 62 and 70% of adults – are worried that sensitive health information might leak because of weak data security; that there could be more sharing of patients’ medical information without their knowledge; that computerization could increase rather than decrease medical errors; that some people won’t disclose necessary information to health care providers because of worries that it will go into computerized records; and that existing federal health privacy rules will be reduced in the name of efficiency.

“I am convinced that how the public sees the privacy risks and responses from EMR managers will be absolutely critical to the EMR system’s success – or will be a major factor in its failure,” Dr. Westin said. “That is the reality that program advocates will need to consider, respond to, and overcome by implementing a range of laws, rules, practices, technology arrangements, privacy education, and positive patient experiences – if EMRs are to win majority public support and high patient participation,” Dr. Westin added.

  • In what Dr. Westin calls the most important policy-input from the survey, more than eight out of ten respondents – 82% – say offering consumers tools to track their own personal medical information in the new EMR system and to assert their privacy rights is important to implement at the start of any EMR system. In fact, 45% of U.S. adults considered this to be Very Important. Only 17% did not see this as important, with 1% not sure.

“I view this result as a powerful, publicly-derived Privacy Design Specification for any national EMR system,” Dr. Westin said. “It is a design approach that will be ignored, put off until a later time, or rejected as unworkable at the peril of any EMR system’s entire future.”

Additional Findings

  • 14% of the public now believe their personal medical information has been released improperly, representing 30 million U.S. adults – down from 27% who thought this in 1993 (Harris-Equifax Health Information Privacy Survey).
  • Two-thirds of the public – 67% – recall that they had received a HIPAA notice, representing 148 million adults. However, a surprising 32%, representing 68 million adults, say they had never received a HIPAA privacy notice. (Only 1% chose to say Not Sure).
  • Two-thirds (67%) of those who remember receiving a privacy notice say their confidence in how their medical records are handled has increased a great deal (23%) or somewhat (44%), based on their experience and what they may have heard about HIPAA and the privacy notices. Thirteen percent said their confidence increased “not very much” and 18% “not at all.”
  • Less than a third of the public – only 29% – said they had read or heard about a national EMR program. This represents 62 million U.S. adults. Our demographic data showed that these were, predictably, primarily the better-educated, higher-income, technology-using members of the public.

Recommendations

In his testimony, Dr. Westin made several recommendations to the Committee, based on the survey findings:

  • Create a “Privacy by Design Working Group” in the EMR Program now to:
    • conduct continuing EMR Privacy Risk and Threat Assessments design and propose new privacy laws and regulations to accompany EMR roll-outs
    • identify system design elements that would enhance rather than defeat privacy interests
    • identify and test procedures to empower individual patients to access the EMR systems directly, to assert their privacy rights and carry out their individual privacy choices.
  • Create an EMR Privacy Board with continuing problem-solving identification, investigative, and standards-recommending duties.HARRIS INTERACTIVE, INC.

161 SIXTH AVENUE

NEW YORK, NEW YORK 10013

February 16, 2005

HOW THE PUBLIC SEES HEALTH RECORDS AND AN EMR PROGRAM

Conducted For:

PROGRAM ON INFORMATION TECHNOLOGY, HEALTH RECORDS AND PRIVACY CENTER FOR SOCIAL & LEGAL RESEARCH

TOPLINE RESULTS

DATASHEETED QUESTIONNAIRE

Study No. 23283

Field Period: February 8 – 13, 2005

Sample: 1,012 adults aged 18 or over

Methodology

Harris Interactive conducted this survey by telephone within the United States between February 8 and 13, 2005 among a nationwide cross section of 1,012 adults (ages 18 and over). Figures for age, sex, race, education, number of adults, number of voice/telephone lines in the household, region and size of place were weighted where necessary to align them with their actual proportions in the population.

In theory, with a probability sample of this size, one can say with 95 percent certainty that the results for the total sample have a sampling error precision of plus or minus 3 percentage points of what they would be if the entire U.S. adult population had been polled with complete accuracy. Statistical precision for the smaller samples is plus or minus 5 percentage points. Unfortunately, there are several other possible sources of error in all polls or surveys that are probably more serious than theoretical calculations of sampling error. They include refusals to be interviewed (nonresponse), question wording and question order, interviewer bias, weighting by demographic control data and screening (e.g., for likely voters). It is impossible to quantify the errors that may result from these factors.

Notes on reading the results

The percentage of respondents has been included for each item. An asterisk (*) signifies a value of less than one-half percent. A dash represents a value of zero. Percentages may not always add up to 100% because of computer rounding or the acceptance of multiple answers from respondents answering that question.

© 2005 Harris Interactive, Inc.

SECTION 650: HEALTH PRIVACY QUESTIONS [WESTIN]

BASE: ALL RESPONDENTS

Q650 [1] In the past three years, do you believe that [Insert each item] has disclosed your personal medical information in a way that you felt was improper, or not?

Yes % No % Not Sure (v) Decline to answer (v)

1 A doctor who has treated you or a family member 5 94 1 *

2 A clinic or hospital that treated you or a family member 8 91 1 *

3 Your employer or a family member?s employer 5 94 1 *

4 A health insurance company 8 90 1 *

5 A public health agency 5 93 2 *

NET 14%

BASE: ALL RESPONDENTS

Q655 [2] Since 2000, a Federal Health Privacy Regulation (called the HIPAA Rule) has required all health care organizations to give patients a privacy notice explaining how the organization will collect and use the patient’s health information, how it will keep theinformation secure, how patients can get access to their own health records, correct any errors, and control most disclosures of their information to people outside the health care system. Have you ever received one of these HIPAA health privacy notices?

1 Yes 67 %

2 No 32 %

8 Not sure (v) 1

9 Decline to answer (v) –

BASE: HAVE RECEIVED HIPAA PRIVACY NOTICES (Q655/1)

Q670 [3] Based on your experiences and what you may have heard, how much has this federal privacy regulation and the Privacy

Notices affected your confidence that your personal medical information is being handled today in what you feel is a proper way? Has it increased your confidence???

1 A Great Deal 23%

2 Somewhat 44%

3 Not Very Much 13%

4 Not At All 18%

8 Not sure (v) 1%

9 Decline to answer (v) *

BASE: ALL RESPONDENTS

Q675 [4] The Federal Government has called for medical and health-care organizations to work with technology firms to create a nationwide system of patient Electronic Medical Records over the next few years. The goal is to improve the effectiveness of patient care, lessen medical errors, and reduce the high costs of paper handling. Have you read or heard anything about this program?

1 Yes 29%

2 No 71%

8 Not sure (v) –

9 Decline to answer (v) –

BASE: ALL RESPONDENTS

Q685 [6] Here are some things that some people have said might happen under such a patient Electronic Medical Record system. How concerned are you that (READ EACH ITEM) ? very concerned, somewhat concerned, not very concerned, or not concerned at all?

Very Concerned Somewhat Concerned Not Concerned Not Very- Concerned Not Sure Decline to Answer at all

1 Computerization could increase rather than decrease medical errors 29 36 22 13 1 –

2 Sensitive personal medical-record information might be leaked because of weak data security 38 32 16 13 1 –

3 There could be more sharing of your medical information without your knowledge 42 27 18 13 * –

4 Some people will not disclose sensitive but necessary information doctors and other health care providers, because of worries that it will go into computerized records 29 36 20 13 1 –

5 Strong enough data security will not be installed in the new computer system 34 35 18 12 1 *

6 The existing federal health privacy rules protecting patient information will be reduced in the name of efficiency 28 34 23 14 1 *

Privacy Concerns Segmentation

High 56%

Moderate 16%

Low 14%

Very Low 14%

BASE: ALL RESPONDENTS

Q690 [7] Supporters of the new patient Electronic Medical Record system say that strong privacy and data security regulations will be applied. Critics worry that these will not be applied or will not be sufficient. Overall, do you feel that the expected benefits TO PATIENTS AND SOCIETY of this patient Electronic Medical Record system outweigh potential risks to privacy, or do you feel that the privacy risks outweigh the expected benefits? [PROGRAMMER NOTE: ROTATE THE EXPECTED BENEFITS OUTWEIGH POTENTIAL RISKS AND PRIVACY RISKS OUTWEIGH EXPECTED BENEFITS]

1 Benefits outweigh risks to privacy 48%

2 Privacy risks outweigh the expected benefits 47%

8 Not sure (v) 4%

9 Decline to answer (v) 1%

BASE: ALL RESPONDENTS

Q695 [8] Since most adults now use computers, the new patient Electronic Medical Record system could arrange ways for consumers to track their own personal information in the new system and exercise the privacy rights they were promised. How important do you think it is that such individual consumer tools be incorporated in the new patient Electronic Medical Record System from the start? Is it…?

1 Very Important 45%

2 Somewhat Important 37%

3 Not Very Important 11%

4 Not Important at all 6%

8 Not sure (v) 1%

9 Decline to answer (v) *