Consumers Are Ready to Accept the Transition to Online and Electronic Records If They Can Be Assured of the Security Measures

Prajesh Chhanabhai, BSc, MSc, HINZ, ACM NZ Chapter; Alec Holt BSc, DipSci, MCom (Otago), MNZRS, PhD (Otago)

In This Article


The issues of privacy and security have been a major concern of consumers worldwide. These issues have limited the progress of EHRs and their uptake by consumers. As described earlier, previous studies[3,9,10,16] have shown that the health consumer believes that EHRs pose a problem when it comes to keeping their health information private and confidential. Ryan and Boustead[22] and Hunter[23] showed, in their smaller studies, that the New Zealand health consumers have voiced similar concerns. The results from this study indicate similar opinions from a larger sample group. As well as being concerned about the privacy and security of their medical records, the participants' greatest fear was that their information might be accessed by unauthorized people. Westin[9] reported that in July 2004 it was found that 66% of the American public showed concern about the privacy and security of their health information on electronic systems. A report by the California Healthcare Foundation, which was published in November 2005, indicated that 67% of participants surveyed were concerned about the privacy and security of their health information.[24] This study also confirmed this, with 73% of the participants showing concern about the privacy and security of their health information. These findings illustrate that there is an identifiable concern within the health consumer population. The findings from this study showed a greater percentage of people who were concerned about the privacy and security of their health information compared with the findings of the American studies. This may be because of the smaller sample size of this study. However, the numbers showed that the concerns surrounding security and privacy have to be addressed to ensure that the health consumer is comfortable with the transition toward EHRs.

The biggest concern raised was about hackers. Overall, 79% of the participants of this study believed that hackers would pose a big problem for EHRs, whereas 61% of the participants who preferred the paper medium chose that medium because of their concern about hackers. Cyber Dialogue reported in the year 2000 that 59% of American health consumers were concerned about hackers,[25] whereas in 2005 an increased percentage of 62% was reported.[9] This fear of hackers and of unauthorized access may be due to the media hype that surrounds such intrusions when they do occur. Health consumers only need to tune in to their local news channels or read the newspaper to learn of privacy breaches and cases of hackers stealing health information. When individuals learn of such incidences, they are further alarmed, as they are already fearful that their information is not adequately protected. Also, such situations strengthen the convictions of those who believe that it is not possible to provide sufficient assurances of privacy and security of electronic health information.[26] This study did not address the impact of the media on the perceptions of electronic security, but an early hypothesis for a further study may indicate that there is a strong relationship between the two. The fear that individuals have about the possibility of their information being accessed by unauthorized people, such as hackers, employers, and insurance companies, will be heightened when they hear of any incidents when the security of an electronic system has been compromised.[27] Despite the large percentage of people fearing hackers, the general finding in studies is that hackers are in fact only responsible for less than 20% of improper releases of medical information. The higher number of inappropriate access occurs due to "insiders" or inadequate personnel or operational policies. In this regard, it is important that the consumers are educated as to where the potential threats do come from and how they can be alleviated and monitored.

This study also showed that there is only a small difference between participants who believe that paper-based records are more secure than EHRs and those who do not believe so. From the comments given, it can be inferred that if EHRs have the security mechanisms that were mentioned in the survey, the health consumer would perceive them as being safer. This was a surprising result. Although it was hypothesized that the paper record would be perceived as being more secure, it was believed that the difference between those who did perceive this and those who did not would be larger. The small difference and the comments indicate that the participants in this study perceived that the security mechanisms are strong enough to solve the security problem. This may indicate that if health consumers know about the security mechanisms and have some understanding of how they work, their perceptions of security will be increased.

Participants answered that they believed that all the advantages of an EHR would be beneficial to the health system. This was backed up by a number of comments saying that "the advantages far outweigh the disadvantages of an electronic health record." This indicates that the health consumer does understand that the EHR will provide a number of benefits that are not found with the paper record. Also, if assured about security mechanisms, participants tended to comment: "If I can be assured that the security mechanisms are implemented correctly, then I will say EHRs are safe, but until then I cannot and will not say that." This was found by Donohue,[27] who reported that 60% of health consumers would be willing to go down the electronic route if their privacy and confidentiality can be ensured through stringent security measures.

The results have shown that EHRs do have an area that needs to be addressed before such records can be accepted by the health consumer. User acceptance of technology is important in any field, and more so in the health sector. The push toward consumer health informatics and the increased influence of information technology (IT) in the health sector are 2 reasons why the user acceptance is very important for the EHR system to be successful. This fits in with the model suggested by Venkatesh and colleagues.[28] Health consumers' reactions to EHRs will improve once the consumers have actually used the electronic system. In order to be persuaded to use the technology, the health consumer needs to be assured that the technology is secure in every manner, from its physical operation to the way that it handles information. Figure 3 illustrates this model adapted to fit the EHR scenario.

Figure 3.

User acceptance model of electronic health records. Adapted from Venkatesh and colleagues'[28] basic concept underlying user acceptance model.

Venkatesh and colleagues[28] have also reported on the Unified Theory of Acceptance and Use of Technology (UTAUT) model. The study looked at a number of variables and factors that may affect an individual's intentions of using technology. Social anxiety was one of the variables measured and was found to be not significant in the uptake of technology.

However, this model was not tested in the health sector, and as indicated by the results, social anxiety, in the form of concerns about security and privacy, is an influencing factor in the uptake of technology by the health consumer. Thus, a model that is independent of other sectors needs to be investigated specifically for the health sector (Figure 3). The model indicates that each consumer has an inherent reaction when introduced to the idea of using an EHR. This reaction will then stimulate them to either plan how they intend to use the EHR, or in some cases the initial reaction will lead to an immediate actual use of the EHR. The actual use of the EHR will then affect the initial reaction of new users of an EHR system. This will then help in identifying the areas that need to be addressed from initial reaction, actual reaction, to intention for use vs actual use of an EHR. All will have an impact on the final perception of the consumer.

Once an understanding can be reached as to why the health consumer is averse to the use of EHRs, proper measures can be implemented to alleviate the fears and increase the health consumer's acceptance of EHRs. These fears may result from cultural differences, including ethnic backgrounds, lack of understanding technology, or simply from a feeling that health information is too confidential to be shared with a wider community.

This study has highlighted the fact that security, privacy, and confidentiality are the major concerns connected to health information. These concerns are further heightened when a traditional paper-based record is transferred to the electronic medium. They become the major barrier to the health consumer's acceptance of the move to the EHR system. If the system is not accepted by the health consumer, it will not serve the purpose for which it has been established.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: