Comparison of knowledge, attitudes, and trust for the use of personal health information in clinical research
As interest in the use of electronic medical record data for clinical research has increased, the protection of personal health information has become increasingly important. The Privacy Rule, established by the Health Insurance Portability and Accountability Act in 1996, proposed the concept of Protected Health Information (PHI) to restrict the use of personal health information from clinical settings. Because researchers and patients are not familiar with PHI despite its importance, our study aimed to find out the effect of the different knowledge, attitudes and levels of trust regarding personal health information on the use of them for clinical research. We collected 267 paper and online surveys from three groups: a clinical researcher group (n = 113), a non-clinical researcher group (n = 72) and a patient group (n = 82). The collected data were analyzed using one-way ANOVA depending on the three groups. We calculated the percentages of correct answers and incorrect answers to 40 questions related to PHI to determine the level of knowledge. Although the three groups had significantly different knowledge of PHI (p < 0.01), all three groups correctly understood that social security numbers and bank account numbers were Protected Health Information. In contrast, all three of the groups misunderstood that the physician’s name, discharge date, and admission date were not non-PHI items. In addition, the three groups had significantly different attitudes and levels of trust regarding the use of PHI for clinical research (p < 0.05); however, all of the groups had favorable attitudes toward using and disclosing medical data in clinical research. Interestingly, although the three groups strongly agreed regarding the protection of the confidentiality of PHI, the patient groups trusted that hospitals would maintain a high level of PHI protection. The attitude toward using health information for clinical research was found to be favorable, but all of the groups were confused regarding date items. These results indicate that more education about PHI is required to protect identifiable health information. In particular, researcher groups, including both clinical and non-clinical researchers, must completely understand the protection of personal information to gain trust from patient groups.
KeywordsElectronic Medical Record Protected Health Information HIPAA Privacy Rule
This study was supported by a grant of the Korea Health technology R&D Project, Ministry of Health & Welfare, Republic of Korea (A112022).
Conflict of interest
We declare that we have no conflicts of interest.
- 3.Bélanger F, Crossler RE (2011) Privacy in the digital age: a review of information privacy research in information systems. MIS Quar 35(4):1017–1042Google Scholar
- 4.Brownstein JS, Murphy SN, Goldfine AB, Grant RW, Sordo M, Gainer V, Colecchi JA, Dubey A, Nathan DM, Glaser JP, Kohane IS (2010) Rapid identification of myocardial infarction risk associated with diabetes medications using electronic medical records. Diabetes Care 33(3):526–531CrossRefGoogle Scholar
- 6.Choi IY, Lee JY, Choy S, Kim SK (2007) Comparison of the perception on health information privacy protection for electronic health record among patients, healthcare providers and administration groups. J Korean Soc Med Inform 13(03):197–205Google Scholar
- 8.Crawford AG, Cote C, Couto J, Daskiran M, Gunnarsson C, Haas K, Haas S, Nigam SC, Schuette R (2010) Prevalence of obesity, type II diabetes mellitus, hyperlipidemia, and hypertension in the United States: findings from the GE centricity electronic medical record database. Popul Health Manag 13(3):151–161CrossRefGoogle Scholar
- 12.Kuo KM, Ma CC, Alexander JW (2013) How do patients respond to violation of their information privacy?. The Health Inform Manag J. 1–13 see doi: 10.12826/18333575.2013.0011.Ma
- 14.Lee SM (2008) The medical treatment information and medical treatment information protection. Kookmin Law ReviewGoogle Scholar
- 15.Leestma R (2003) Implementing technological safeguards to ensure patient privacy. Caring: Natl Assoc Home Care Mag 22(2):16–18Google Scholar
- 17.Longstaff D (2005) Contentious crop: harvesting information from electronic health records, Australian National University: Australian Primary Health Care Research InstituteGoogle Scholar
- 18.Meingast M, Roosta T, Sastry S (2006) Security and privacy issues with health care information technology. Engineering in medicine and biology society, 2006. EMBS ’06. 28th Annual International Conference of the IEEE. 5453–5458Google Scholar
- 21.O’Connor K (1994) Confidentiality, privacy and security concerns in the modern healthcare environment. Aust Comput J 26(3):70–74Google Scholar
- 22.Office of the Federal Privacy Commissioner, Australian Government. Getting in on the Act: the Review of the Private Sector Provisions of the Privacy Act 1988, 2005Google Scholar
- 24.Privacy Protection Act, Article 10465 (March 29, 2011)Google Scholar
- 27.Terry NP (2009) What’s wrong with health privacy. J Health Biomed Law 5:1–32Google Scholar