In an attempt to reduce costs and improve quality, digital health records are permeating health systems all over the world. Internet-based access to them creates new opportunities for access and sharing – while at the same time causing nightmares to many patients: medical data floating around freely within the clouds, unprotected from strangers, being abused to target and discriminate people without their knowledge?
Individuals often have little knowledge about the actual risks, and single instances of breaches are exaggerated in the media. Key to successful adoption of Internet-based health records is, however, how much a patient places trust in the technology: trust that data will be properly secured from inadvertent leakage, and trust that it will not be accessed by unauthorised strangers.
Situated in this context, my own research has taken a closer look at the structural and institutional factors influencing patient trust in Internet-based health records. Utilising a survey and interviews, the research has looked specifically at Germany – a very suitable environment for this question given its wide range of actors in the health system, and often being referred to as a “hard-line privacy country”. Germany has struggled for years with the introduction of smart cards linked to centralised Electronic Health Records, not only changing its design features over several iterations, but also battling negative press coverage about data security.
The first element to patient trust is the “who”: that is, does it make a difference whether the health record is maintained by either a medical or a non-medical entity, and whether the entity is public or private? I found that patients clearly expressed a higher trust in medical operators, evidence of a certain “halo effect” surrounding medical professionals and organisations driven by patient faith in their good intentions. This overrode the concern that medical operators might be less adept at securing the data than (for example) most non-medical IT firms.
The distinction between public and private operators is much more blurry in patients’ perception. However, there was a sense among the interviewees that a stronger concern about misuse was related to a preference for public entities who would “not intentionally give data to others”, while data theft concerns resulted in a preference for private operators – as opposed to public institutions who might just “shrug their shoulders and finger-point at subordinate levels”.
Equally important to “who” is managing the data may be the “how”: that is, is the patient’s ability to access and control their health-record content perceived as trust enhancing? While the general finding of this research is that having the opportunity to both access and control their records helps to build patient trust, an often overlooked (and discomforting) factor is that easy access for the patient may also mean easy access for the rest of the family. In the words of one interviewee: “For example, you have Alzheimer’s disease or dementia. You don’t want everyone around you to know. They will say ‘show us your health record online’, and then talk to doctors about you – just going over your head.” Nevertheless, for most people I surveyed, having access and control of records was perceived as trust enhancing.
A striking survey finding, however, is how greater access and control of records can be less trust-enhancing for those with lower Internet experience, confidence, and breadth of use. This reinforces the importance of legal regulations and security audits ensuring a general level of protection – even if the patient chooses not to be (or cannot be) directly involved in the management of their data. Interestingly, the research also uncovered what is known as the certainty trough: not only are those with low online affinity highly suspicious of Internet-based health records – the experts are as well! The more different activities a user engaged in, the higher the suspicion of Internet-based health records. This confirms the notion that with more knowledge and more intense engagement with the Internet, we tend to become more aware of the risks – and lose trust in the technology and what the protections might actually be worth.
Finally, it is clear that the “who” and the “how” are interrelated: a low degree of trust goes hand in hand with a desire for control. For a generally less trustworthy operator, access to records is not sufficient to inspire patient trust. While access improves knowledge and may allow for legal steps to change what is stored online, few people make use of this possibility; only direct control of what is stored online helps to compensate for a general suspicion about the operator. It is noteworthy here that there is a discrepancy between how much importance people place on having control, and how much they actually use it, but in the end, trust is a subjective concept that doesn’t necessarily reflect actual privacy and security.
The results of this research provide valuable insights for the further development of Internet-based health records. In short: to gain patient trust, the operator should ideally be of a medical nature and should allow the patients to get involved in how their health records are maintained. Moreover, policy initiatives designed to increase the Internet and health literacy of the public are crucial in reaching all parts of the population, as is an underlying legal and regulatory framework within which any Internet-based health record should be embedded.
This article has been cross-posted on the Policy & Internet Blog. It is based on my Master’s thesis “Patient Trust in Internet-based Health Records: An Analysis Across Operator Types and Levels of Patient Involvement in Germany”, which has been awarded the Oxford Internet Institute’s MSc thesis prize in 2011, and has been published in the peer-reviewed journal Policy & Internet (Rauer, 2012).