Impact of health disclosure laws on health information exchanges.

Health information exchanges (HIEs) are expected to facilitate data sharing between healthcare entities, thereby improving the efficiency and quality of care. Privacy concerns have been consistently cited as one of the primary challenges to HIE formation and success. Currently, it is unclear how privacy laws - in particular, legislation restricting the disclosure of health records - have shaped the development of HIEs. This preliminary study explores the landscape of state-level health privacy legislation and examines the impact of variations in such privacy and confidentiality laws on the progress of HIEs. We found that states with stronger privacy laws, limiting the disclosure of health information, had significantly more HIEs exchanging data and had fewer failed HIEs. We suggest that this counterintuitive finding may be explained by the more subtle benefits of such laws, such as increased confidence and trust of participants in an exchange. Other key contributors to this work are Alessandro Acquisti, Rahul Telang, and Julia Adler-Milstein.

[1]  Robin C. Meili,et al.  Can electronic medical record systems transform health care? Potential health benefits, savings, and costs. , 2005, Health affairs.

[2]  Alessandro Acquisti,et al.  Do Data Breaches Disclosure Laws Reduce Identity Theft? , 2010, WEIS.

[3]  D. Brailer Interoperability: the key to the future health care system. , 2005, Health affairs.

[4]  eHealth Initiative Migrating Toward Meaningful Use: the State of Health Information Exchange , 2009 .

[5]  D. McGraw,et al.  Privacy as an enabler, not an impediment: building trust into health information exchange. , 2009, Health affairs.

[6]  Pamela Sankar,et al.  Patient perspectives of medical confidentiality: a review of the literature. , 2003, Journal of general internal medicine.

[7]  Andrew P. McAfee,et al.  The state of regional health information organizations: current activities and financing. , 2007, Health affairs.

[8]  Clement McDonald,et al.  Protecting patients in health information exchange: a defense of the HIPAA privacy rule. , 2009, Health affairs.

[9]  Lynda Palmer,et al.  Do Not Call , 2010 .

[10]  Anders Holm,et al.  Probit Models with Binary Endogenous Regressors , 2006 .

[11]  David C. Chan,et al.  Improving safety and eliminating redundant tests: cutting costs in U.S. hospitals. , 2009, Health affairs.

[12]  Catherine Tucker,et al.  Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records , 2009, Manag. Sci..

[13]  eHealth Initiative The State of Health Information Exchange in 2010: Connecting the Nation to Achieve Meaningful Use , 2010 .

[14]  Ritu Agarwal,et al.  An Empirical Examination of the Importance of Defining the PHR for Research and for Practice , 2006 .

[15]  Peter B. Seddon,et al.  A Comprehensive Framework for Classifying the Benefits of ERP Systems , 2000 .

[16]  Ramayya Krishnan,et al.  On privacy-preserving access to distributed heterogeneous healthcare information , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[17]  E. Duflo,et al.  How Much Should We Trust Differences-in-Differences Estimates? , 2001 .

[18]  D. Bates,et al.  Patients’ Attitudes Toward Electronic Health Information Exchange: Qualitative Study , 2009, Journal of medical Internet research.

[19]  Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network. , 2009, Health affairs.

[20]  Corey M. Angst Protect My Privacy or Support the Common-Good? Ethical Questions About Electronic Health Information Exchanges , 2009 .

[21]  R. Ness Influence of the HIPAA Privacy Rule on health research. , 2007, JAMA.

[22]  Alison Rein,et al.  Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis , 2010 .

[23]  Linda F. Samson,et al.  Barriers of HIPAA Regulation to Implementation of Health Services Research , 2006, Journal of Medical Systems.

[24]  Steven R. Simon,et al.  Physician attitudes toward health information exchange: results of a statewide survey. , 2010, Journal of the American Medical Informatics Association : JAMIA.

[25]  J. Angrist,et al.  Digitized by the Internet Archive in 2011 with Funding from Estimation of Limited-dependent Variable Models with Dummy Endogenous Regressors: Simple Strategies for Empirical Practice , 2011 .

[26]  G. Annas HIPAA regulations - a new era of medical-record privacy? , 2003, The New England journal of medicine.

[27]  David Gefen,et al.  The Impact of Personal Dispositions on Privacy and Trust in Disclosing Health Information Online , 2007, AMCIS.

[28]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[29]  J. Heckman Dummy Endogenous Variables in a Simultaneous Equation System , 1977 .

[30]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[31]  P. Squire,et al.  Measuring State Legislative Professionalism: The Squire Index Revisited , 2007, State Politics & Policy Quarterly.

[32]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[33]  Eric C. Pan,et al.  The value of health care information exchange and interoperability. , 2005, Health affairs.

[34]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.