Privacy and Efficacy of Electronic Health Records (EHRs): A Triangulation Study in Ontario, Canada

Abstract

Patient health information kept in an Electronic Health Record (EHR) aggregates a patient's data across a specially designed health information network to produce a holistic view of their medical care. EHR systems are associated with inherent risks such as data is in electronic forms, sent across a network, accessed at multiple locations and viewed by people who may not have any relationship with the patient. Service providers traditionally controlled the access to their patient's information but are now transferred to and controlled by the EHR system. The literature shows that patients have concerns about unauthorized access to their private and sensitive health information, unlawful secondary use of this information and possible digital errors. They are also concerned about exposure resulting in social embarrassment or loss of insurance benefits. This thesis addresses the research question: "What are stakeholder's attitudes and the perceived risks surrounding the sharing of private and sensitive health and personal information with healthcare providers and potentially having the information distributed across the health system?" In answering this question, the author framed the research in the context of the EHR system and identified Payers Patients and Providers (3Ps) as groups that interact to influence attitudes and concerns towards privacy. The author deploys a mixed methodology by using triangulation with quantitative, qualitative data collection, across time and location. The recognized "Concerns For Information Privacy" (CFIP) model to ground the topics for surveying patient's attitude towards EHR was used. Key findings include: (a) Patients have genuine privacy concerns. (b) Service providers have similar privacy concerns about their private notes and observations to be inputted and made available in an EHR system. (c) Both groups may exercise countermeasures to protect their private information in the EHR system. (d) Payers consider patients as secondary stakeholders in the EHR system even though the patient is the legal owner and has control of their medical information. (e) Payers believe that technology protection of privacy is sufficient but many breaches are caused by humans and protection cannot prevent these events from occurring. (f) Countermeasures reduce the efficacy of the EHR that should be a patient-centric system for the benefits of patients. The contribution of this research is a triangulation study that produces strong validation of the collected data and hence provides findings from a critical realist perspective in the understanding the underlying forces resulting in privacy concerns for patients and healthcare providers.

Date of Award	1 Aug 2019
Original language	English
Awarding Institution	The University of Manchester
Supervisor	Benson (Supervisor)