Do data security measures, privacy regulations, and communication standards impact the interoperability of patient health information? A cross-country investigation

Utkarsh Shrivastava; Jiahe Song; Bernard T Han; Doug Dietzman

doi:10.1016/j.ijmedinf.2021.104401

Do data security measures, privacy regulations, and communication standards impact the interoperability of patient health information? A cross-country investigation

Int J Med Inform. 2021 Apr:148:104401. doi: 10.1016/j.ijmedinf.2021.104401. Epub 2021 Jan 27.

Authors

Utkarsh Shrivastava¹, Jiahe Song², Bernard T Han², Doug Dietzman³

Affiliations

¹ Department of Business Information Systems, Western Michigan University, Kalamazoo, USA. Electronic address: utkarsh.shrivastava@wmich.edu.
² Department of Business Information Systems, Western Michigan University, Kalamazoo, USA.
³ Michigan Health Information Network, Grand Rapids, MI, USA.

PMID: 33571743
DOI: 10.1016/j.ijmedinf.2021.104401

Abstract

Background: The lack of interoperability is one of the biggest obstacles to the complete digitalization of patient health information in electronic medical records (EMR). The high volume of data breaches has put pressure on care providers to adopt data protection measures to remain compliant with legal requirements. Extreme data protection measures can impede information flow, but they also instill confidence in secure information sharing. This study investigates how the adoption of security measures, privacy regulations, and communication standards has impacted patient health information interoperability at technical (TI), semantic (SI), and organizational (OI) levels within the hospitals.

Methods: The study utilizes a quasi-experimental research design to probe the relationships of interest. Secondary data from a survey of randomly selected 773 hospitals conducted by the European Commission in over 30 countries in Europe is used to understand the relationships. The study counters selection bias and accounts for systematic differences in adopting treatments of interest in the hospitals using the propensity score-based approaches for the observational data.

Results: The empirical models that account for selection bias explain more observational data variations than those that did not. Access control measures on workstations are linked to 44 % lesser odds of experiencing TI problems. However, hospitals with regional and organizational level privacy regulations have 85 % and 76 % higher odds of experiencing SI and OI problems, respectively. On the other hand, hospitals with a single hospital-wide EMR are 53 % and 43 % less likely to experience TI and SI problems, respectively, in comparison to those with multiple EMR systems.

Conclusion: The study highlights the differential impacts of data protection measures on the hospitals' three key types of interoperability problems (i.e., TI, SI, and OI). Homogenous EMR systems type and substantial investment in technology are critical to supporting health information interoperability within the hospitals. The study findings inform policy considerations for improving specific aspects of health information's interoperability while preserving patient data privacy and security.

Keywords: Communication standards; Data security; Electronic medical record; Interoperability; Privacy regulations; Quasi-experiment.

MeSH terms

Communication
Computer Security
Electronic Health Records
Europe
Health Information Interoperability*
Humans
Privacy*