• 沒有找到結果。

The Differing Privacy Concerns Regarding Exchanging Electronic Medical Records of Internet Users in Taiwan

N/A
N/A
Protected

Academic year: 2021

Share "The Differing Privacy Concerns Regarding Exchanging Electronic Medical Records of Internet Users in Taiwan"

Copied!
11
0
0

加載中.... (立即查看全文)

全文

(1)

ORIGINAL PAPER

The Differing Privacy Concerns Regarding Exchanging

Electronic Medical Records of Internet Users in Taiwan

Hsin-Ginn Hwang&Hwai-En Han&Kuang-Ming Kuo&

Chung-Feng Liu

Received: 31 January 2012 / Accepted: 27 March 2012 / Published online: 20 April 2012 # Springer Science+Business Media, LLC 2012

Abstract This study explores whether Internet users have different privacy concerns regarding the information contained in electronic medical records (EMRs) according to gender, age, occupation, education, and EMR awareness. Based on the Concern for Information Privacy (CFIP) scale developed by Smith and colleagues in 1996, we conducted an online survey using 15 items in four dimensions, namely, collection, unauthorized access, secondary use, and errors, to investigate Internet users’ concerns regarding the privacy of EMRs under health information exchanges (HIE). We retrieved 213 valid questionnaires. The results indicate that

the respondents had substantial privacy concerns regarding EMRs and their educational level and EMR awareness significantly influenced their privacy concerns regarding unauthorized access and secondary use of EMRs. This study recommends that the Taiwanese government organizes a comprehensive EMR awareness campaign, emphasizing un-authorized access and secondary use of EMRs. Additionally, to cultivate the public’s understanding of EMRs, the gov-ernment should employ various media, especially Internet channels, to promote EMR awareness, thereby enabling the public to accept the concept and use of EMRs. People who are highly educated and have superior EMR awareness should be given a comprehensive explanation of how hos-pitals protect patients’ EMRs from unauthorized access and secondary use to address their concerns. Thus, the public can comprehend, trust, and accept the use of EMRs, reduc-ing their privacy concerns, which should facilitate the future implementation of HIE.

Keywords Concern for information privacy (CFIP) . Electronic medical records (EMRs) . Health information exchange (HIE)

Introduction

Most people desire electronic access to their health infor-mation for themselves and their health care providers [1]. This access is believed to not only improve the quality of care, but also reduce health care costs and improve diagno-sis and treatment [2,3]. Therefore, in addition to digitizing the medical records used by health care providers when caring for patients in hospitals, various stakeholders (e.g., clinicians, patients, and policy makers) anticipate the elec-tronic sharing of information among medical facilities [4].

H.-G. Hwang

Institute of Information Management, National Chiao-Tung University,

Hsin-Chu City, Taiwan, Republic of China e-mail: hghmis@iim.nctu.edu.tw

H.-E. Han

Institute of Information Management, National Chung-Cheng University,

Min-Hsiung, Chia-Yi, Taiwan, Republic of China e-mail: imjonahan@gmail.com

K.-M. Kuo (*)

Department of Healthcare Administration, I-Shou University,

Yanchao District,

Kaohsiung City, Taiwan, Republic of China e-mail: kuangmingkuo@gmail.com K.-M. Kuo

e-mail: kmkuo@isu.edu.tw C.-F. Liu

Department of Information Management, Chia-Nan University of Pharmacy and Science, Jen-Te District,

Tainan City, Taiwan, Republic of China e-mail: fredliu@mail.chna.edu.tw

(2)

Medical records are comparatively more sensitive than other types of information [5, 6]. Thus, people typically have significant concerns regarding the privacy of electronic medical records (EMRs) [1, 7]. Although regulations to ensure the privacy of medical records (e.g., The Health Insurance Portability and Accountability Act, HIPAA) have been proposed and implemented in numerous countries [8,

9], the computerization of personal health information presents inevitable risks to privacy [10, 11]. Because nu-merous electronic health records can be accessed through a single breach, addressing privacy risks is crucial to not only build public trust and avoid embarrassment or discrimina-tion, but to also provide accurate and reliable information to health care providers [12]. However, the study on the secu-rity of medical information has shown that numerous pri-mary health care providers cannot ensure effective information security and privacy [13]. Without privacy assurances, patients face the dilemma of whether they should disclose information to health care providers to en-hance health care or withhold information to avoid inappro-priate use [1]. Furthermore, health information exchanges (HIE) have emerged as a tool that enables the flow of clinical information among medical facilities and the consolidation of diverse clinical information [14]. However, patients’ privacy

concerns regarding EMRs are reinforced under the HIE con-text [1], which further influences their willingness to partici-pate in HIE.

To better cope with these privacy issues, the factors influencing people’s privacy concerns must be understood. Although numerous studies have examined these factors, they primarily focused on the context of marketing [15–18] and online transactions [19–21]. Information priva-cy concerns in the health care context have rarely been explored [7,22]. Among the influential factors, researchers

have the greatest interest in consumer characteristics, such as age, gender, and educational level [23]. However, the results reported in studies regarding the impact of consumer characteristics on privacy concerns remain contradictory and inconclusive [e.g.,15,22–25]. Therefore, the influence of people’s characteristics on their information privacy con-cerns must be examined to enhance our current understand-ing of this issue.

The Taiwanese government has recently promoted the following six dimensions of EMRs: sharing, standards, in-frastructure, applications, legislation, and security (Fig. 1) [26]. Through various strategies, EMRs have been promoted extensively in Taiwan. For example, the Electronic Signatures Act was promulgated in Taiwan to formally regulate the use of paperless signatures in 2001. On April 28, 2004, Article 69 of the Medical Care Act was amended to stipulate that “medical care institutions that record and store medical records electronically are exempt from main-taining a written copy.” This provision is the formal legal basis of EMRs. The Department of Health (DOH) in Taiwan

also promulgated the “Regulations Governing the

Production and Management of Electronic Medical Records in Medical Care Institutions” on November 24, 2005, stipulating that medical institutions may replace tra-ditional written signatures with e-signatures when produc-ing EMRs. Additionally, the DOH relaxed restrictions on the calibration of the “time stamp” in an amendment on August 11, 2009, to allow medical institutions to establish a reliable time-stamp management mechanism themselves. Consequently, obtaining a time stamp from the Healthcare Certification Authority (HCA) of the DOH is no longer required, significantly improving the delivery speed and convenience of e-signatures. Thus, an increasing number of EMR systems are being developed and promoted.

Establish anti-virus and anti-hacker systems in medical information websites Establish nationwide long-term care networks Security Application Legislation Infrastructure Standards

Integrate the public database of medical information websites Establish and promote a drug interaction database Sharing Circulation of Safe EMRs Promote electronic medical records Establish mechanisms for the exchange of medical information Promote medical information standards HL7/DICOM promotion project CDA/LOINC promotion project

Improve the computing power and network speed of medical information websites

Strengthen the functions of the service center of medical information websites Develop telemedicine services Establish emergency service systems Establish norms for health information websites Promote online health and medical services Amend Medical Care Act Promote medical information security and privacy protection policies Promote guidelines for implementing EMRs in medical facilities Security audit

Establish and operate Healthcare Certification Authorization (HCA)

Promote management of national information security classification Fig. 1 Fishbone diagram of

concrete measures in promoting EMRs [26]

(3)

In addition, based on the international Health Level Seven (HL7) standard, the DOH in Taiwan has advocated the development of a localized reference model for defining the format of EMR content. Since the first baseline reference model, that is, the Taiwan electronic medical record tem-plate (TMT), was announced in 2008 [27], individual refer-ence templates are continuously created and publicized on the EMR Standard Management System (the official Web site maintained by DOH). By the end of 2011, 108 EMR reference templates for various types of medical records (e.g., outpatient physician order entry records, admission notes, and children’s physical therapy assessment records) had been proposed on the Web site [28]. According to the reference model, real world inter-hospital EMR exchange mechanisms can be implemented.

After obtaining the preliminary results of EMR promo-tion, the DOH launched a one-year Intellectual Health Service Promotion Plan in 2009, with a total budget of US $15 million [29]. The government anticipates that this proj-ect can establish the preliminary infrastructure required for exchanging EMRs between medical facilities in Taiwan. One subproject involved establishing an Image Exchange Center (IEC) as a platform for exchanging medical images among medical facilities in Taiwan. This development would reduce the costs of repeated radiologic examinations and enable medical facilities to share resources and provide patients with continuous medical care.

During the initial phase of the subproject, high-cost med-ical images, including computed tomography (CT), magnet-ic resonance imaging (MRI), and positron emission tomography (PET) scans, could be exchanged between medical facilities. The exchange of X-ray images using the IEC should be possible in the near future. By the end of 2010, over 100 hospitals had employed the IEC service. Following the positive results for exchanging medical images, the DOH expanded the IEC into an EMR Exchange Center (EEC) in 2011. This EEC enables the exchange of various types of EMRs, including medication notes, admission notes, discharge notes, blood test reports, and X-ray results. From the IEC to the EEC, the ultimate goal of EMR development in Taiwan is to achieve nation-wide exchange and use of electronic health records. However, in addition to the technological challenges, un-derstanding and addressing people’s privacy concerns re-garding the exchange of their EMRs is critical for success.

To explore people’s concerns regarding EMR privacy, we conduct a preliminary investigation of the differing charac-teristics of various Taiwanese groups and their EMR privacy concerns. Specifically, this study examines the influence of Internet users’ age, gender, occupation, educational level, and EMR awareness on their privacy concerns regarding EMRs because, although people typically have greater online privacy concerns [6], they are more likely to seek

health and medical information online [30]. We hope the results of this study can increase our current understanding of EMR privacy concerns to enable both the government and medical facilities to develop superior privacy policies and personal health information collection and usage practices.

Literature review

Privacy, information privacy, and concerns regarding information privacy

In their landmark article The Right to Privacy, Warren and Brandies [31] outlined the need to protect people’s rights.

Privacy refers to a person’s ability to control the access others have to their personal information [32]. Privacy is violated when people cannot control their interaction with social and physical environments [5]. A person’s privacy is determined by the sociopolitical system and economic de-velopment of the society they live in [32]. Privacy concerns are not a recent phenomenon; they frequently emerge when the public perceives a threat from new information technol-ogies that enhance the surveillance, storage, retrieval, and communication of personal information [5]. In addition, numerous health care providers have developed technical standards and organizational and legal frameworks that guarantee the highest level of privacy and security possible [32].

With the rapid development of information technologies, the sharing and transmitting of information has become more convenient. Organizations have greater access and reason to collect personal information; thus, obtaining people’s personal information has become easier. Because a substantial amount of personal information is exchanged, stored, and shared, the public’s concerns regarding the pri-vacy of personal information have increased [23]. For ex-ample, clinical practitioners and medical researchers in Europe frequently share health data with their colleagues in different countries; therefore, protecting personal privacy in this context is extremely challenging but essential [34].

Information privacy refers to the rights that people, groups, or institutions have to determine when, how, and to what extent their information is communicated to others [32]. In other words, information privacy refers to people’s

ability to control how their personal information is acquired and used [33, 35]. In the field of marketing, information privacy concerns have been cited as a barrier to consumers’ adoption of e-commerce [18], their purchasing behavior [20], and their willingness to disclose personal information online [23]. Similarly, information privacy regarding EMRs may become a barrier to HIE promotion. Specifically, the data processed by e-health care systems are patients'

(4)

sensitive health data, which are directly related to their personal privacy. Therefore, privacy protection is crucial for e-health care systems [36]. Although most professionals understand the need for confidentiality, an in-depth knowl-edge and responsibility to protect privacy is lacking [37]. Thus, this study explores information privacy issues related to the collection, storage, use, and transmission of EMRs in the HIE context.

Prior CFIP research

Smith et al. [38] developed and validated an instrument that identifies and measures the primary dimensions of people’s information privacy concerns. The result was a parsimoni-ous 15-item instrument that contains four dimensions of the Concern for Information Privacy (CFIP) scale: collection, secondary use, unauthorized access, and errors. This instru-ment suggests that people with substantial information pri-vacy concerns perceive that (1) excessive data is collected; (2) personal information is used for undisclosed purposes; (3) personal information is not sufficiently protected from unauthorized access; and (4) most of the data is inaccurate [38]. Stewart and Segars [39] further verified these four dimensions. Thus, the four dimensions identified by Smith et al. [38] appear to provide a complete framework for information privacy concerns and have been widely cited [18,21,39,40].

Demographics and CFIP

Through a review of literature, we found that numerous factors can influence people’s privacy concerns. For example, Phelps et al. [16] argued that consumers’ privacy concerns were

determined by four factors: (1) the type of personal informa-tion requested; (2) the informainforma-tion control offered; (3) the potential consequences and benefits offered in the exchange; and (4) consumer characteristics. Among these influencing factors, researchers are most interested in consumer character-istics, such as age, gender, and educational level [23].

Concerning age, the results of previous study indicate that a person’s age can affect their privacy concerns [23]. For exam-ple, young people naturally take more risks [41]. Additionally, they have fewer privacy concerns because they are young, generally less wealthy, and have not yet established a reputa-tion; therefore, they have less to lose [15]. Laric et al. [22] investigated public opinions regarding the privacy of medical information in the U.S. and Canada. Their results indicate that in the U.S., older people are more concerned with the privacy of medical information, whereas the age of the Canadian respondents did not affect their level of concern. Phelps et al. [42] conducted a direct marketing shopping study and confirmed that age is not related to information privacy con-cerns. Milne and Culnan [43] examined whether people read

the privacy protection policies of companies, and found that age was positively correlated with whether a person read privacy protection policies. The results reported by Janda and Fair [44] also indicated that age was positively correlated with the privacy concerns regarding the Internet.

Regarding gender, several studies [25,45] have reported gender differences in online privacy concerns and subse-quent privacy protection behavior. Generally, women per-ceive more online risk and report more privacy concerns compared to men. The results reported by Fogel and Nehmad [25] indicated that women were more concerned with information privacy compared to men; women were also relatively unwilling to discuss their personal informa-tion on the Internet. However, although men had a greater interest in the Internet and superior computer skills com-pared to women, gender was not related to information privacy concerns [24]. Janda and Fair [44] believed that women and men differed significantly regarding their Internet privacy concerns and found that women had greater Internet privacy concerns compared to men. Chen et al. [24] found that gender was not correlated with the information privacy concerns of people without online shopping experi-ence. Laric et al. [22] also confirmed that no significant relationship existed between gender and medical informa-tion privacy concerns. The direct marketing shopping inves-tigation conducted by Phelps et al. [42] also revealed that gender was not related to information privacy concerns. Milne and Culnan [43] explored whether people read the privacy protection policies of companies and found that men seldom read these policies.

Regarding educational level, a person’s education is gen-erally considered to be positively correlated to their economic status [15]. In other words, the more education people receive, the greater the likelihood of them becoming economically successful. Therefore, educated people may place greater emphasis on privacy protection. A well-educated person may be well informed regarding privacy issues and better under-stand the circumstances. However, greater comprehension of information privacy may affect people’s privacy concerns [15]. For example, an investigation into direct marketing shopping conducted by Phelps et al. [42] indicated that edu-cational levels and information privacy concerns were not related. Milne and Culnan [43] explored whether people read the privacy protection policies of companies and found that people’s educational level was negatively correlated with their reading of privacy protection policies.

Thus, a review of related studies indicates that our under-standing of the relationship between information privacy con-cerns and demographics remains inconclusive. Additionally, because of the specialization of the health care industry, this study further explores the impact of occupations and EMR awareness on information privacy concerns. These two fea-tures were seldom discussed in previous studies. We believe

(5)

that these features exist only in the health care industry and require further clarification, particularly regarding EMRs.

Materials and methods Questionnaires

This study references the CFIP scale developed by Smith et al. [38] and proposes indicators for measuring Internet users’ privacy concerns under the HIE context. These indi-cators comprise 15 items in the following four dimensions: collection (four items), unauthorized access (three items), secondary use (four items), and errors (four items). To enhance the reliability and validity of the indicators, this study modified the content of the items regarding EMR exchange and obtained a preliminary version of the indica-tors. Three experts, that is, one physician, one doctoral scholar in the medical information field, and one doctoral scholar in the information management field, were invited to review the indicators and adapt the meaning of the items in the four dimensions. Next, five people, that is, one person with a senior high school diploma, one person with a bach-elor’s degree, one person with a master degree, one retired person, and one housewife, were invited to undergo a test. Based on the suggestions obtained following the pre-test, we modified and completed the final version of the indicators. The content of the 15 items is shown in Table1.

Participants and procedures

Because users’ perceptions of various privacy features are not understood [43], this study can be considered exploratory in nature. Cooper and Schindler [46] contended that convenience sampling is a useful approach during the early stages of exploratory study. Thus, this study employed a convenience sampling approach to conduct the survey. The questionnaires were presented on a Web site. Previous study [47] has

Table 1 Indicators for concerns regarding health information exchange Dimension Item

Collection It bothers me when medical facilities ask me for personal information.

I sometimes think for a while when medical facilities ask me to provide personal information. It bothers me to give personal information to so many medical facilities.

It bothers me that medical facilities collect too much personal information.

Unauthorized Access Medical facilities should devote more time and efforts to preventing the unauthorized access of patients’ personal information.

Medical facilities should prevent unauthorized people from accessing patients’ personal information without considering the cost.

Medical facilities should take more measures to ensure that unauthorized people can not use their computer to access patients’ personal information.

Secondary Use Medical facilities should never use patients’ personal information for purposes other than medical care, unless it has been authorized by the patient.

Medical facilities should not use the personal information provided by patients for any purpose other than those required for medical care.

Medical facilities should never sell patients’ personal information to other institutions.

Medical facilities should not share patients’ personal information with other institutions unless it has been authorized by the patient.

Error Medical facilities should repeatedly check the accuracy of patients’ personal information without considering cost. Medical facilities should use more procedures to ensure the accuracy of patients’ personal information.

Medical facilities should have a more comprehensive procedure to correct for errors in patients’ personal information. Medical facilities should devote more time and manpower to verify the accuracy of patients’ personal information.

Table 2 Profiles of survey respondents

Type Sub-type Frequency (%)

Gender Male 108 (50.7%) Female 105 (49.3%) Age <30 97 (45.5%) 30–39 27 (12.7%) 40–49 45 (21.1%) >050 44 (20.7%) Educational Level

High School or under 24 (11.3%) College/University 122 (57.3%) Master or above 67 (31.5%) Occupations Healthcare 33 (15.5%) Non-Healthcare 180 (84.5%) EMR Awareness

Have not heard 34 (16.0%) Have heard, but not understand 76 (35.7%)

(6)

recommended that the survey participants should be familiar with the research context. Therefore, this study sent e-mails inviting members of an academic association related to health care information management, such as EMRs, to complete a questionnaire on the Web site. To prevent duplicate responses, the online survey stored the respondents’ IP address and multiple responses from the same IP address were excluded. Additionally, members were encouraged to forward the survey e-mail to people interested in privacy issues related to EMRs. Because the respondents of this study partici-pated online, the research population was difficult to confirm. In other words, the response rate was not easily calculated.

The questionnaire used for this study comprised three sections. In the first section (cover page), the purpose of the survey and a definition of EMRs and HIE were provided. The second section regarded respondents’ basic information, in-cluding their age, gender, educational level, occupation, and awareness of EMRs. The third section contained indicators of HIE concerns (15 items). The respondents were instructed to use a five-point Likert scale to evaluate each item (1 for strongly disagree and 5 for strongly agree).

Results

Descriptive statistics

This study collected 221 questionnaires. Of which, 8 invalid questionnaires, either incomplete or from the same IP ad-dress, were excluded; the final analysis included 213 cases. The demographic background of the survey respondents is shown in Table2. The results in Table 2 indicate that the respondents differed regarding gender, age, educational level, occupation, and EMR awareness.

Table 3shows the descriptive statistics of the constructs, including the four dimensions and 15 items. Using the five-point Likert scale, item mean values that exceed 3 indicate that people have information privacy concerns. The mean value of the collection item was 3.54, which indicates that people have some concerns regarding hospitals collecting their personal information. Nevertheless, the mean values of the three other dimensions, which all exceeded 4, indicate that people are extremely concerned about secondary uses, unauthorized ac-cess, and errors regarding their EMRs. Generally, people have serious privacy concerns regarding their EMRs.

Table 3 Factor loading, mean, S.D., Cronbach’s alpha of the privacy concerns items

S.D. is standard deviation

Dimension Items Loadings Mean S.D. Cronbach’s Alpha Collection (Mean03.54 SD00.787) Col1 0.831 3.24 0.997 0.840

Col2 0.786 3.75 0.863 Col3 0.834 3.54 0.954 Col4 0.836 3.62 1.010 Unauthorized Access (Mean04.39 SD00.620) UA1 0.833 4.43 0.747 0.693

UA2 0.741 4.21 0.945 UA3 0.818 4.54 0.640 Secondary Use (Mean04.60 SD00.502) SU1 0.887 4.64 0.578 0.839

SU2 0.858 4.59 0.650 SU3 0.814 4.81 0.478 SU4 0.751 4.60 0.677 Errors (Mean04.09 SD00.806) ER1 0.750 3.98 0.961 0.854

ER2 0.904 4.35 0.716 ER3 0.868 4.38 0.783 ER4 0.850 4.20 0.840

Table 4 t-test for HIE privacy concern between gender (N0213) M, Male; F, Female Dimension Gender M (N0108) F (N0105) t p-value Mean SD Mean SD Collection 3.48 0.861 3.60 0.702 −1.034 0.302 Unauthorized Access 4.36 0.694 4.43 0.535 −0.793 0.429 Secondary Use 4.57 0.577 4.64 0.410 −1.054 0.293 Errors 4.08 0.831 4.10 0.785 −0.150 0.881

(7)

Reliability and validity

Regarding the respondent analysis, Cronbach’s α for the four dimension variables all exceeded 0.7, except for the variable “unauthorized access” (0.693). Because of the exploratory na-ture of this study, a Cronbach’s α higher than 0.5 indicates sufficient reliability [48]. Subsequently, to determine whether the question items possessed sufficient discriminant validity and convergent validity, we employed factor analysis. We found that the factor loading value for all items exceeded 0.7 (Table3), indicating that the questionnaire had satisfactory validity [49].

Demographic characteristics and HIE information privacy concerns

To explore the impact of people’s demographic characteristics on their information privacy concerns, t-test, analysis of var-iance (ANOVA), and Scheffe’s post-hoc techniques were employed to determine whether the respondents’ age, gender, occupation, educational level, and EMR awareness cause differences in their information privacy concerns.

Effect of gender, age, and occupations

The t-test and ANOVA results indicated that people’s EMR privacy concerns in the four dimensions, that is, collection, unauthorized access, secondary use, and errors, were similar regardless of their gender, age, and occupation. (Tables4,5, and6)

Effect of educational level

The ANOVA results show that people with different educa-tional levels have varying concerns regarding unauthorized access and secondary uses of their EMRs. Results of the Scheffe’s post-hoc analysis indicated that people with a master degree have more concerns regarding the secondary use and unauthorized access of their EMRs compared to people who had only a high school (or lower) education. Additionally, people with a college degree showed more concern regarding unauthorized access compared to people with a high school (or lower) education. (Table7)

Effect of EMR awareness

The ANOVA results indicate that people’s awareness of EMRs affect their privacy concerns regarding unauthorized access and secondary use; however, it has no effect on EMR collection and errors (Table8). Furthermore, the results of Scheffe’s post-hoc analysis showed that people who had heard of or understood EMRs had greater concerns regard-ing secondary use and unauthorized access (Table8).

Discussion, conclusion, and implications Discussion

The results of this study indicate that gender is not signifi-cantly correlated with privacy concerns regarding EMRs, which is consistent with that reported by previous studies [15,22,42]. In the health care environment, people provide

Table 5 Differences in HIE

pri-vacy concern on age (N0213) Dimension Mean F p-value

A(<30) B(30–39) C(40–49) D(>050)

Collection 3.51 4.36 4.56 4.04 0.645 0.587

Unauthorized Access 3.41 4.44 4.65 4.33 0.883 0.451

Secondary Use 3.67 4.51 4.67 4.06 0.614 0.607

Errors 3.53 4.32 4.59 4.09 0.978 0.404

Table 6 t-test for HIE privacy concern between occupations (N0213)

Dimension Occupations

Healthcare (N033) Non-Healthcare (N0180) t p-value

Mean SD Mean SD

Collection 3.59 0.770 3.53 0.792 −0.414 0.608

Unauthorized Access 4.44 0.518 4.39 0.638 −0.504 0.615 Secondary Use 4.72 0.331 4.58 0.525 −1.446 0.150

(8)

comprehensive information to medical personnel to obtain superior health care. However, the results indicate that, regardless of gender, people expect their personal health information to be sufficiently protected by the hospital. For example, men typically want to protect medical infor-mation related to sexual dysfunction and women wish to prevent others from viewing medical records detailing breast augmentations and abortions. Thus, both women and men value the privacy of their health information. This explains why gender does not significantly affect people’s privacy concerns regarding health information.

Regarding age, the results of this study indicate that age is not significantly correlated with information privacy con-cerns related to EMRs, which supports the results of previ-ous studies [22,42]. Regarding health care, medical records are extremely important for physicians when diagnosing or treating patients. Personal health information is a vital ref-erence. To obtain superior health care services, patients of varying ages should provide physicians with comprehensive information. However, they should be concerned with how medical personnel protect and use their EMRs. This may explain why age does not have a significant effect on people’s information privacy concerns regarding EMRs.

Regarding educational level, the results of this study show that people’s educational level was significantly cor-related with their information privacy concerns regarding EMRs, which agrees with the results of previous studies [15,

43]. The post-hoc analysis of this study indicates that highly educated respondents are more concerned with the privacy of the information in EMRs, particularly regarding unautho-rized access and secondary use. To further develop EMRs, multiple dimensions, including laws and regulations, oper-ational mechanisms, and information and communication technologies must also be considered.

However, the results of this study confirm that occupa-tion is not significantly correlated with people’s informaoccupa-tion privacy concerns regarding EMRs. This result is consistent

with that reported by previous studies [15, 43]. Since the National Health Insurance program was implemented in Taiwan in 1995, people know they must bring their IC cards when visiting hospitals or clinics and that physicians use computers when determining treatment. Most people in Taiwan have a certain awareness of EMRs; thus, occupation does not influence people’s privacy concerns regarding EMRs.

Finally, the results revealed that a significant correla-tion exists between EMR awareness and people’s infor-mation privacy concerns regarding EMRs. The post-hoc analysis results also indicate that people have greater privacy concerns regarding EMRs when they are more familiar with EMRs, particularly regarding unauthorized access and secondary use. People with a greater understanding of EMRs better understand the risks and challenges of ex-changing EMRs and have greater EMR privacy concerns, especially regarding unauthorized access and secondary use of EMRs.

Conclusion and implications

This study investigated the differences between Internet users’ characteristics and HIE information (i.e., EMRs) pri-vacy concerns. The results show that people’s educational level and EMR awareness are positively correlated with their concerns regarding unauthorized access and secondary use of their EMRs. However, this study did not identify a significant correlation between people’s gender, age, and occupation and their privacy concerns regarding EMRs. The results of this study indicate that highly educated people have greater information privacy concerns related to EMRs, particularly the unauthorized access and secondary use of their personal health information. Additionally, people who are familiar with EMRs have greater information privacy concerns related to EMRs, especially concerning unautho-rized access and secondary use. The implications of these

Table 7 Differences in HIE pri-vacy concern means on educa-tional level (N0213)

A: High School or under; B: College/University; C: Master or above

A(N034) B(N076) C(N0103) F p-value Scheffe test

Collection 3.50 3.55 3.55 0.049 0.953

Unauthorized Access 4.09 4.39 4.50 5.749 0.004 C>A Secondary Use 4.29 4.61 4.69 8.871 0.000 C>A, B>A

Errors 3.85 4.09 4.17 1.993 1.39

Table 8 Differences in HIE pri-vacy concern on EMR aware-ness (N0213)

A: Have not heard; B: Have heard, but not understand; C: Understand

A(N034) B(N076) C(N0103) F p-value Scheffe test

Collection 3.50 3.55 3.55 0.049 0.953

Unauthorized Access 4.09 4.39 4.50 5.749 0.004 C>A Secondary Use 4.29 4.61 4.69 8.871 0.000 C>A, B>A

(9)

findings for practitioners and academics are discussed below.

Managerial implications

Overall, the results of this study show that Internet users have a relatively significant privacy concerns regarding EMRs. Therefore, we recommend that the government employs various types of media (such as TV, radio, news-papers, and leaflets) [50], particularly those of Internet channels (e.g., e-mails, blogs, and virtual communities) [51, 52], to promote EMR awareness, increase Internet users’ understanding of EMRs, and reduce their privacy concerns. We also suggest that medical facilities promote patient awareness and develop an EMR system according to regulations that is subsequently audited and certified by the government. Additionally, to reduce Internet users’ concerns regarding unauthorized access of their EMRs, medical fa-cilities should develop an information security management mechanism that adheres to international standards. The DOH in Taiwan has provided medical institutions with tangible incentives for passing the information security cer-tification of ISO27001. Taiwanese laws mandate that med-ical facilities do not share or exchange patients’ EMRs with external units or use EMRs for any other purpose without the patient’s written consent. If Internet users’ concerns regarding secondary use of their EMRs can be reduced, they can gradually accept the implementation of EMRs.

Regarding highly educated people and people with great-er EMR knowledge, we recommend that the govgreat-ernment and medical facilities provide a comprehensive explanation of EMRs. A detailed introduction of EMRs should include the techniques, potential risks, and measures implemented to protect EMRs from unauthorized access and incorrect application. This should enhance Internet users’ understand-ing of EMRs, thereby increasunderstand-ing their trust and reducunderstand-ing their privacy concerns regarding EMRs. Generally, highly educated people are believed to possess greater social influ-ence [53,54]. Thus, once they understand and accept EMRs and trust that medical facilities provide adequate EMR pri-vacy protection, they can act as advocates of EMRs. These people can use their social influence to promote EMRs, which benefits the implementation of EMRs and HIE in the future.

Theoretical implications

Previous studies emphasized the relationship between people’s demographics and information privacy concerns [e.g.,15,24,44,55] in several contexts. However, minimal research has been conducted on the health care context, that is, people’s information privacy concerns regarding EMRs. This lack of attention to the relationship in the health care

context is problematic because it can significantly influence the promotion of EMRs in the future.

For this study, we conducted a preliminary investigation of Internet users’ privacy concerns regarding EMRs. We found that Internet users place substantial importance on the unauthorized access and secondary use of their EMRs. Thus, the results of this study can provide a foundation for an in-depth understanding of how people’s information con-cerns regarding EMRs can be reduced. Additionally, we hope that future privacy studies examine the crucial role information privacy concerns have in shaping people’s atti-tudes toward EMRs.

Contributions

Regarding practical contribution, this study empirically in-vestigated the relationship between people’s demographics and their privacy concerns regarding EMRs. The results show that people’s educational level and EMR awareness is corre-lated with their information privacy concerns regarding EMRs. Thus, governments and medical facilities should focus on these findings and develop superior EMR privacy protec-tion policies to reduce people’s informaprotec-tion privacy concerns. From a theoretical perspective, this study contributes to CFIP literature by further exploring the relationship between Internet users’ characteristics and information privacy con-cerns. Furthermore, this study empirically validated the ap-propriateness of employing the CFIP instrument in a health care context. Additionally, because the number of medical facilities adopting EMRs has risen, demographic studies on patients’ view of information privacy have become increas-ingly essential. This study fills this research gap.

Limitations and future research

One limitation of this study was that the participants were recruited using an online questionnaire in a relatively limit-ed time, which may affect the representativeness of the results. Thus, more diverse participants should be included in future investigations. For example, obtaining participants from health care settings who are more likely to be candi-dates of EMR use may provide interesting insights in future studies. Additionally, the participants’ responses to the online self-report questionnaire may have been influenced by their perception of the questionnaire items, resulting in common method bias. Therefore, researchers should consider using in-depth interviews and case study methods in the future. Finally, this study only included participants who had Internet experience; future studies should examine a sample that offers greater generalizability to a wider demographic.

(10)

References

1. McGraw, D., Dempsey, J. X., Harris, L., Goldman J., Privacy as an enabler, not an impediment: Building trust into health information exchange. Health Aff. 28:416–427, 2009.

2. McDonald, C., Protecting patients in health information exchange: A defense of the HIPAA privacy rule. Health Aff. 28:447–449, 2009.

3. Miller, A. R., Tucker, C. E., Can health care information technology save babies? J Polit Econ 119:289–324, 2011.

4. Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D. W., Middleton, B., The value of health care information exchange and interoperability. Health Aff. w5.10, 2005.

5. Culnan, M. J., How did they get my name—an exploratory inves-tigation of consumer attitudes toward secondary information use. MIS Quart. 17:341–361, 1993.

6. Sheehan, K. B., Hoy, M. G., Dimensions of privacy concern among online consumers. J Public Policy Mark 19:62–73, 2000. 7. Perera, G., Holbrook, A., Thabane, L., Foster, G., Willison, D. J.,

Views on health information sharing and privacy from primary care practices using electronic medical records. Int J Med Inform 80:94–101, 2011.

8. Council of Europe, Committee of Ministers 1997. Recommendation No. R (97) 5 on the Protection of Medical Data. Available at:http:// www1.umn.edu/humanrts//instree/coerecr97-5.html (Last accessed Oct 25, 2011).

9. Congress of the United States of America 1996. Health Insurance Portability and Accountability Act. Available at:http://aspe.hhs.gov/ admnsimp/pl104191.htm(Last accessed Oct 25, 2011).

10. Chung, K., Chung, D., Joo, Y., Overview of administrative sim-plification provisions of HIPAA. J Med Syst 30(1):51–55, 2006. 11. Rindfleisch, T. C., Privacy, information technology, and health

care. Commun ACM 40:92–100, 1997.

12. Goldman, J., Protecting privacy to improve health care. Health Aff. 17:47–60, 1998.

13. Williams, P. A., Is the biggest security threat to medical informa-tion simply a lack of understanding? Stud Health Technol Inform 168:179–87, 2011.

14. De Brantes, F., Emery, D. W., Overhage, J. M., Glaser, J., Marchibroda, J., The Potential of HIEs as Infomediaries. Journal of Healthcare Information Management 21: 69–75, 2007. 15. Chen, J., Yue, Z., Heath, R., An exploratory Investigation of the

relationships between consumer characteristics and information privacy. Marketing Management Journal 11: 73–81, 2001. 16. Phelps, J. E., D’Souza, G., Nowak, G. J., Antecedents and

con-sequences of consumer privacy concerns: An empirical investiga-tion. J Interact Mark 15:2–17, 2001.

17. Xu, H., Luo, X., Carroll, J. M., Rosson, M. B., The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing. Decis Support Syst 51:42–52, 2011. 18. Zorotheos, A., Kafeza, E., Users’ perceptions on privacy and their intention to transact online: a study on Greek internet users. Direct Marketing 3:139–153, 2009.

19. Dinev, T., Bellotto, M., Hart, P., Russo, V., Serra, I., Colautti, C., Privacy calculus model in e-commerce—a study of Italy and the United States. Eur J Inform Syst 15:389–402, 2006.

20. Tsai, J. Y., Egelman, S., Cranor, L., Acquisti, A., The effect of online privacy information on purchasing behavior: An experi-mental study. Inform Syst Res 22:254–268, 2011.

21. Van Slyke, C., Shim, J. T., Johnson, R., Jiang, J. J., Concern for information privacy and online consumer purchasing. Journal of the Association for Information Systems 7:415–44, 2006. 22. Laric, M. V., Pitta, D. A., Katsanis, L. P., Consumer concerns for

healthcare information privacy: a comparison of US and Canadian perspectives. Research in Healthcare Financial Management 2009.

23. Li, H., Sarathy, R., Xu, H., The role of affect and cognition on online consumers’ decision to disclose personal information to unfamiliar online vendors. Decis Support Syst 51: 434–445, 2011. 24. Chen, K., Alan, I., Rea, J., Protecting personal information online: A survey of user privacy concerns and control techniques. J Comput Inf Syst 44:85–92, 2004.

25. Fogel, J., Nehmad, E., Internet social network communities: Risk taking, trust, and privacy concerns. Comput Human Behav 25:153–160, 2009.

26. Department of Health 2003. Online Health Services Promotion Plan- 2003 Result Report. Available at: http:// w w w. do h . go v. t w / C H T 2 00 6 / D M / D M 2 _p 0 1. a sp x? c l a s s_ no025&now_fod_list_no09009&level_no02&doc_no041589. (Last accessed Oct 25, 2011)

27. Department of Health 2008. Developing a patient-centered inter-hospital EMR exchange environment. Available at: http:// emrstd.doh.gov.tw/strdoc/DocLib/Forms/AllItems.aspx. (Last accessed March 5, 2012).

28. Department of Health 2012. EMR Standard Management System. Available at:http://emr.doh.gov.tw/exProjects.aspx. (Last accessed March 5, 2012).

29. Department of Health 2011. Enhanced Intellectual Health Service Plan. Taipei: Department of Health. Available at:http:// www.cto.doh.gov.tw/sso/index_c_1.html. (Last accessed Oct 25, 2011) 30. Hesse, B. W., Nelson, D. E., Kreps, G. L., Croyle, R. T., Arora, N. K., Rimer, B. K., Viswanath, K., Trust and sources of health information: The impact of the internet and its implications for health care providers: Findings from the first health information national trends survey. Arch Intern Med 165:2618–2624, 2005. 31. Warren, S. D., Brandeis, L. D., The right to privacy. Harv Law Rev

4:193–220, 1890.

32. Westin, A. F., Science, privacy and freedom: Issues and proposals for the 1970’s. Part I—the impact of surveillance on privacy. Columbia Law Rev 66:1003–1050, 1966.

33. Culnan, M. J., Bies, R. J., Consumer privacy: Balancing economic and justice considerations. J Soc Issues 59:323–342, 2003. 34. Boussi, R. H., Solomonides, T., Casassa, M. M., Shiu, S.,

Rahmouni, M., A model-driven privacy compliance decision sup-port for medical data sharing in Europe. Methods Inf Med 50:326– 36, 2011.

35. Stone, E. F., Gueutal, H. G., Gardner, D. G., McClure, S., A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. J Appl Psychol 68:459–468, 1983.

36. Huang, C., Lee, H., Lee, D. H., A privacy-strengthened scheme for E-healthcare monitoring system. J Med Syst. Sep 10, 2011. 37. Adeleke, I. T., Adekanye, A. O., Adefemi, S. A., Onawola, K. A.,

Okuku, A. G., Sheshi, E. U., James-Adeniran, J. A., Francis, M., Elegbe, T.R., Ayeni, A. M., Tume, A. A., Knowledge, attitudes and practice of confidentiality of patients’ health records among health care professionals at Federal Medical Centre, Bida. Niger J Med 20:228–35, 2011.

38. Smith, H. J., Milburg, S. J., Burke, S. J., Information privacy: Measuring individuals’ concerns about organizational practices. MIS Quart 20:167–196, 1996.

39. Stewart, K. A., Segars, A. H., An empirical examination of the concern for information privacy instrument. Inform Syst Res 13:36–49, 2002.

40. Zhou, T., The impact of privacy concern on user adoption of location-based services. Ind Manage Data Syst 111:212–226, 2011. 41. Ji, P., Lieber, P. S., Am I safe? Exploring relationships between

primary territories and online privacy. Journal of Internet Commerce 9:3–22, 2010.

42. Phelps, J., Nowak, G., Ferrell, E., Privacy concerns and consumer willingness to provide personal information. J Public Policy Mark 19:27–41, 2000.

(11)

43. Milne, G. R., Culnan, M. J., Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. J Interact Mark 18:15–29, 2004.

44. Janda, S., Fair, L. L., Exploring consumer concerns related to the internet. Journal of Internet Commerce 3:1–21, 2004.

45. Sheehan, K. B., An investigation of gender differences in on line privacy concerns and resultant behaviors. J Interact Mark 13:24– 38, 1999.

46. Cooper, D. R., Schindler, P. S., Business research methods (Seventh edition). Irwin/McGraw-Hill: New York, 2001: 192.

47. Angst, C. M., Agarwal, R., Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quart 33:339–370, 2009.

48. Nunnally, J. C., Psychometric theory (First edition). McGraw-Hill: New York, 1967:226

49. Straub, D., Boudreau, M. C., Gefen, D., Validation guidelines for IS positivist research, Communications of the Association for Information Systems 14:380–426, 2004.

50. Tee, E. S., Development and promotion of Malaysian dietary guidelines. Asia Pac J Clin Nutr 20:455–461, 2011.

51. Bonfadelli, H., The internet and knowledge gaps: A theoretical and empirical investigation. Eur J Commun 17:65–84, 2002. 52. Howard, P. E. N., Rainie, L., Jones, S., Days and nights on the

internet-the impact of a diffusing technology. Am Behav Sci 45:382–404, 2001.

53. Hollingshead, A. B., Four factor index of social status. Yale J Sociol 8: 21–52, 2011.

54. Meyer, J. W., The effects of education as an institution. Am Journal Sociol 83:55–77, 1977.

55. Hoy, M. G., Milne, G., Gender differences in privacy-related measures for young adult facebook users. Journal of Interactive Advertising 10:28–45, 2010.

數據

Table 1 Indicators for concerns regarding health information exchange Dimension Item
Table 3 Factor loading, mean, S.D., Cronbach ’s alpha of the privacy concerns items
Table 6 t-test for HIE privacy concern between occupations (N0213)
Table 8 Differences in HIE pri- pri-vacy concern on EMR  aware-ness (N0213)

參考文獻

相關文件

In the third quarter of 2002, the Census and Statistics Department conducted an establishment survey (5) on business aspirations and training needs, upon Hong Kong’s

 Create and present information and ideas for the purpose of sharing and exchanging by using information from different sources, in view of the needs of the audience. 

 Create and present information and ideas for the purpose of sharing and exchanging by using information from different sources, in view of the needs of the audience. 

Instead of categorizing triggers by the functionality of their associated services [13], we categorize by the types of information they may leak, and iden- tified three types

In Section 4, we give an overview on how to express task-based specifications in conceptual graphs, and how to model the university timetabling by using TBCG.. We also discuss

Security and privacy related literatures [19] focused on methods of preserving and protecting privacy of RFID tags; the RFID reader collision avoidance and hidden terminal

The share of India &amp; Taiwan in the World economy and discussed how world export-import market is increasing year by year.. The data shows us that the business between these

Based on the observations and data collection of the case project in the past three years, the critical management issues for the implementation of