Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study

Chrysanthi Papoutsi; Julie E Reed; Cicely Marston; Ruth Lewis; Azeem Majeed; Derek Bell

doi:10.1186/s12911-015-0202-2

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study

BMC Med Inform Decis Mak. 2015 Oct 14:15:86. doi: 10.1186/s12911-015-0202-2.

Authors

Chrysanthi Papoutsi^{1

2}, Julie E Reed¹, Cicely Marston³, Ruth Lewis^{3

4}, Azeem Majeed⁵, Derek Bell⁶

Affiliations

¹ NIHR CLAHRC Northwest London, Imperial College London, Chelsea & Westminster Hospital NHS Foundation Trust, London, UK.
² Department of Primary Care Health Sciences, University of Oxford, Oxford, UK.
³ Department of Social and Environmental Health Research, London School of Hygiene and Tropical Medicine, London, UK.
⁴ Department of Sociology, University of the Pacific, Stockton, CA, USA.
⁵ Department of Primary Care & Public Health, Imperial College London, London, UK.
⁶ NIHR CLAHRC Northwest London, Imperial College London, Chelsea & Westminster Hospital NHS Foundation Trust, London, UK. d.bell@imperial.ac.uk.

Abstract

Background: Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK.

Methods: Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically.

Results: In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision.

Conclusions: Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing.

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Adult
Aged
Computer Security / standards*
Electronic Health Records / standards*
Female
Health Care Surveys
Humans
London
Male
Middle Aged
National Health Programs / standards*
Privacy*
Qualitative Research
Young Adult

Grants and funding

086124/Z/08/Z/Wellcome Trust/United Kingdom