Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care quality benefits EHRs provide.


Introduction
Electronic health records (EHRs) are now an omnipresent feature throughout the health care system, having been adopted by the majority of hospitals and physicians [1][2][3][4]. Moreover, new technologies such as health information exchange enable sharing of health records with other health care entities, and personal health records (PHRs) enable patient access to their health records [3]. As a result of this digitization, patients are more likely than ever to have their personal health information (PHI)-demographic information, medical history, and test and laboratory results-stored in an electronic format. In addition, a great deal of financial and other demographic data are collected and stored in a digital format for reimbursement purposes.
The growth in health information technology (HIT) use throughout the health care industry has aimed to improve care quality, as well as the efficiency of the health care system [5,6]. Health information technology can provide clinicians with more complete patient records at the point of care, enabling better clinical decision making, facilitating improved care coordination, and insuring patient safety as people move throughout the health care system [7]. HIT can also serve as a tool to enable better patient-provider communication, for example through secure messaging, leading to more patient-centered care [8,9]. Despite these potential benefits, recent high-profile, EHR security breaches reported in the media [10,11] make patients wary of this shift to the digital format [12,13]. Patients are concerned about the privacy of their information and its security as it is stored and transferred across the health care system [14][15][16]. These concerns can manifest themselves in a range of behaviors that can undermine the potential of the technology to facilitate improved care. In particular, Agaku et al found that patients deliberately withheld PHI from their provider due to concerns over the security of their EHR systems [17]. However, it is possible that quality perceptions can mediate this relationship. Campos-Castillo et al found that patients reporting higher quality of care experiences had a lower likelihood of withholding PHI out of privacy and security concerns [18]. However, due to limitations of the specific iteration of the dataset used by both authors, the study by Campos-Castillo et al did not include privacy and security concern items, and the study by Agaku et al did not include quality perceptions. Thus, while these 2 studies provide a foundation for understanding how patient concerns can manifest themselves in adverse behaviors, they examined different factors that taken together might result in different PHI withholding behaviors.
The purpose of this study was to build on the aforementioned 2 studies and advance the understanding of the factors that contribute to PHI withholding behavior. Moreover, this study examined changes in the influence of privacy and security concerns on PHI withholding behavior between 2 time points. As more new technologies facilitate data sharing across the health care system, it is essential to understand the factors that lead to patient mistrust of the health care system and to observe changes in this dynamic over time. Looking at an expanded set of factors that contribute to PHI withholding behaviors can help practitioners understand the relative strength of these factors in consumers' minds. Such information can help providers and health care professionals respond to and mitigate patient privacy and security concerns in a manner that preserves the trust necessary to allow for high-fidelity PHI disclosure.

Sample
We created a pooled cross-section using data from both the 2011 and 2014 Health Information National Trends Survey (HINTS). The survey is administered as repeat cross-sections by the National Cancer Institute to a national sample of noninstitutionalized adults and gathers information regarding attitudes and perceptions about health information access and use [19]. HINTS maintains a core set of questions asked in each wave of the survey, but specific topic modules are included in separate cycles. Such is the case at-hand. The questions of interest were included only in the 2011 and 2014 surveys, restricting our research to these 2 cross-sections.
Both years of the survey were mail based. HINTS employed a stratified probability sample of the US adult, civilian, noninstitutionalized population. Addresses were randomly selected from the US Postal Service's list of residential addresses, and then an adult within a selected household was chosen to respond to the survey using the next birthday method. The next birthday method asked for the adult in the household who would next have a birthday to complete the survey and was used to eliminate bias associated with the household member most likely to receive mail. A prepaid incentive was sent at the first mailing, and multiple follow-ups were sent to recipients in order to maximize the response rate. For household with a Hispanic last name, a Spanish version of the questionnaire was delivered in addition to the English version. The total number of respondents in the 2011 and 2014 surveys were 3959 and 3677, respectively. Taking into account survey design and weighting issues, the HINTS response rates were 36.67% (3959/10796) in 2011 and 34.44% (3677/10676) in 2014. Both survey iterations yielded samples that allowed for population-level inferences after adjustment. All respondents with complete responses for all variables of interest were included in the analytic sample.

Measures
For the dependent variable, the HINTS survey asked whether the respondent had "ever kept information from (their) health care provider because (they) were concerned about the privacy and security of (their) medical record" (yes, no). This variable was used as the outcome variable for all analyses.
For our independent variables of interest, we closely followed the variable construction of related research [17,18]. Using data from the 2011 HINTS, Agaku et al evaluated the relationship between 4 indicators of privacy and security concerns and withholding behavior [17]. These 4 questions were also asked in the 2014 HINTS, making comparability possible between years. The 4 related questions about privacy and security concerns were as follows: do respondents have concerns about unauthorized access to their medical information when it is transferred electronically between providers; do respondents have concerns about unauthorized access to their medical information when it is faxed between health care providers; do they feel confident that safeguards are in place to protect their medical information from unauthorized access; and do they feel confident that they had a say in the collection, use, and sharing of their medical information. Respondents could answer each of these 4 questions in 3 levels: not at all concerned or confident, somewhat concerned or confident, or very concerned or confident. We tested differences in our model using all 3 levels and compared the results to using only 2 levels (not at all vs at least somewhat) and found no differences. Thus, for the purposes of simplicity, we dichotomized these variables.
Using the 2011 and 2012 HINTS surveys, Campos-Castillo et al identified a suppressor relationship between the perception that a provider had an EHR ("As far as you know, do any of your doctors or other health care providers maintain your medical information in a computerized system?") and perceived global quality of care rating on withholding behavior [18]. This suppressor relationship occurred when 1 variable, the suppressor (eg, global quality of care rating), had a positive association with a covariate of interest (eg, perception of EHR use), but a negative relationship with the outcome variable (eg, withholding behavior). Accounting for the suppressor could reveal associations between the covariate and the outcome that might not have been detectable without controlling for the suppressor. Thus, we also included the perception that a provider had an EHR (yes, no) and perceived global quality of care rating as key independent variables of interest. The HINTS asked respondents who had a nonemergency department visit in the last 12 months to rate their perception of the quality of care they received using a Likert scale (poor, fair, good, very good, excellent). For comparability to the study by Campos-Castillo et al, the quality of care variable was left as a continuous variable and coded so that higher values indicated better care.
For comparability to the study by Campos-Castillo et al, our control variables aligned with their model [18]. The control variables captured respondents' sociodemographic characteristics, health status, and health care utilization and preferences. Sociodemographic characteristics included race or ethnicity (white, black, Latino, other), gender (male, female), categorical age in years (18-35, 35-49, 50-64, 65-74, 75 or older), education level (less than high school, high-school, some college, college, graduate), annual category of household income (<US $20,000, US $20,000-$34,999, US $35,000-$49,999, US $50,000-$74,999, >US $75,000), an indicator for living in a rural area (defined as a nonmetro county), home-ownership status (homeowner, not homeowner), marital status (married, not married), any health insurance coverage (yes, no), immigration status (born in United States, immigrant), and employment status (employed, not employed). Items about patient health status included a self-rated general health measure (poor, fair, good, very good, excellent), an anxiety and depression index (none, mild, moderate, severe), and self-care self-efficacy (not confident, a little confident, somewhat confident, very confident, completely confident). Health care utilization and preferences included the number of nonemergency room visits in the year prior to the survey (1, 2-4, 5-9, 10 or more), regular health care provider (yes, no), perceived importance of personal health record access (not at all important, somewhat important, very important), and perceived importance that providers share data electronically (not at all important, somewhat important, very important).

Analyses
Weighted, but unadjusted t tests or chi-squares were used to compare sample characteristics across the 2 years. Our analytic approach was designed to test the association of the independent variables of interest with withholding behavior in each year independently, as well as to test whether the relationship of the variables on withholding behavior changed between 2011 and 2014. To accomplish these tests, the 2 cross-sections were pooled together and a single fully interacted multivariate logit model, with each independent variable interacting with year, was estimated. This interacted model was solved to determine the adjusted odds ratios (OR) and confidence intervals (CI) within each year. The significance of the interaction term was used to evaluate the relative differences between years for each parameter. All results were weighted to yield US population-level inferences using a standard weighting approach developed for the HINTS dataset [20]. All analyses were conducted using Stata 14 (StataCorp LP) [21].

Results
Overall, 2217 respondents from 2011 had complete information and were included in the analytic sample, and 2176 respondents from 2014 were included. Demographic characteristics in each year are displayed in Table 1, along with the results from a chi-square test to show any differences between years.
The dependent variable of interest for this study was whether the respondent had ever withheld any PHI from a medical provider out of privacy or security concerns. No difference in the level of this behavior was observed between years: in 2011, 14.79% (328/2217) of respondents reported this behavior, whereas in 2014, 14.93% (325/2176) of respondents reported withholding information from their provider out of privacy concerns ( Table 2). Comparison of the rates of additional variables of interest between 2011 and 2014, including attitudes concerning privacy and security, quality perceptions, and health care utilization, are presented in Table 2.
To test the hypothesis that the relationship between the withholding behavior and the attitudinal variables and quality perceptions was unchanged between years, the 2 cross-sections of data were pooled and a fully interacted multivariate model predicting withholding behavior was estimated and solved for each different level of year. The interaction terms allowed for testing the relative differences of each parameter between the 2 years (see Table 3 for adjusted ORs; see Multimedia Appendix 1 for average marginal effects). This analysis revealed no changes between 2011 and 2014 in the association of privacy and security attitudes on withholding behavior. No effect of concerns regarding unauthorized access to electronic medical information on withholding behavior in either year was observed, and no difference in this effect between years was found. While concerns about unauthorized access to faxed medical information on withholding behavior was found to be significant in both 2011 and 2014, no difference in this effect was found between years. Respondent confidence that safeguards were in place to protect their medical information was not related to withholding behavior in either year, and again no difference was found between years. Lastly, there was no effect on respondent confidence that they had some control over their medical information on withholding behavior in either year, and no difference was found between the 2 years.
The perception of greater quality of care was found to significantly lower the odds of withholding behavior in both 2011 and 2014, but no difference was observed between years. Provider having an EHR was not found to be related to withholding behavior in either 2011 or 2014, and no difference was observed between years.

Principal Findings
Public perception of the safety of their medical records is critical to not only encouraging full disclosure to their health care provider, but also supporting adoption and use of electronic modes of health communication made available by new technologies. Distrust can lead to withholding of information from providers and undermine the delivery of high-quality, efficient care. The aim of our analysis was to determine the factors that contribute to this withholding behavior, and how the effect of these factors may be shifting over time. In short, we found that the association between patient concerns and withholding information from a provider remained unchanged between 2011 and 2014.
Earlier work using 2011 HINTS data found that respondents with concerns about both faxed and electronic data, and lack of confidence that safeguards were in place to protect medical information, were more likely to withhold information from their provider [17]. Our model included a more extensive set of control variables, as well as indicators of quality and provider EHR use, and found no such relationships to exist in either 2011 or 2014. This discordance between the 2 analyses suggests that patient concerns over the safety of their medical information may not be adversely related to their disclosure of PHI to their providers. Alternatively, other factors beyond general privacy and security concerns may lead to withholding behaviors, such as lack of trust, stigma, or concerns about insurance rates [22][23][24].
In contrast to the lack of replicability of the earlier findings regarding the relationship between security and privacy concerns, and withholding behavior, our analysis did observe findings similar to those of Campos-Castillo et al regarding the association between quality and withholding behavior [18]. The original work did not include the privacy and security questions used in this analysis, but did include an identical set of covariates. Nonetheless, Campos-Castillo et al found that perceptions of greater quality of care reduced the odds of PHI withholding behavior [18]. This relationship was observed in our study in both 2011 and 2014, effectively reinforcing the earlier work of Campos-Castillo et al [18]. Interestingly, no difference was observed in the correlation between quality and withholding behavior between years. This latter finding suggests that despite the rise in ubiquity of EHRs alongside more public privacy breaches, high perceived quality of care may still trump any concerns that contribute to withholding behavior.
Related to this issue, our study did observe an increase in perceived EHR use between 2011 and 2014. Despite similar findings regarding quality perceptions between our study and the study by Campos-Castillo et al, our work found no relationship between perceived provider EHR use and withholding behavior, while their study did find the presence of such relationship [18]. To be specific, the study by Campos-Castillo et al found that quality acted as a suppressor variable that moderated the relationship between perceived EHR use and patient withholding behavior [18]. The variables regarding attitudes about EHR and privacy and security may be acting as confounders in the relationship, which would explain the significance in the earlier study but not this one.
Overall, our analysis suggests that in spite of the existence of security and privacy concerns, focusing resources on the delivery of high-quality care may be an effective strategy to foster patient trust. Patients may perceive quality as an indicator of a provider's carefulness with their medical information. Quality may also help to build the patient-provider relationship [25,26]. Alternatively, the notion of privacy is evolving as more and more personal information is held on the Internet [27,28]. It may be possible that given the increasing digitization of personal information, the US population is willing to accept greater amounts of privacy risks of their personal data as a trade-off for greater convenience or better quality of care. This is a ripe area for future research, as the field of health services research should consider the role that changes in collective ideas of privacy may be playing in how patients relate to the health care system.

Limitations
Our analysis faced 3 important limitations. First, the administration of HINTS combined with the weighting technique allowed for the survey to be nationally representative. However, selection bias might have remained that limited the generalizability of the sample. Furthermore, our dependent variable (withholding behavior) could be related to survey response, and respondents with complete answers to all questions might systematically differ from nonrespondents. Related to this issue, because the HINTS survey was administered to only noninstitutionalized individuals, the findings regarding withholding behavior might be biased toward the outpatient environment. Continued monitoring of the factors that contribute to patient withholding with future iterations of HINTS can help to assess the impact of this bias and evaluate the true relationship between the variables of interest and the outcome.
Second, all information in HINTS was self-reported, potentially resulting in unreliable responses. This concern was particularly relevant to the withholding behavior question that was subject to social desirability bias [29]. Third, while our analysis did compare data from 2 different years, the cross-sectional nature of HINTS made the determination of causal inference challenging. Specifically, HINTS asked whether a person had ever withheld information from their provider, leaving open the possibility that withholding behavior preceded concerns about privacy and security, or quality perceptions. This issue was further complicated by the ordering of the questions in both cycles of the HINTS survey used in this study, where the question about perception of quality of care preceded the questions about perceived EHR use and withholding behavior. Furthermore, the frame of reference for the quality of care question was "…in the past 12 months," while for EHR use or withholding behavior question, the frame of reference was undefined or "ever." As a result, the responses to these questions might have drawn on different experiences, and might not necessarily reference the same encounter with the health care system. Thus, our findings regarding quality of care might be biased away from the null, and our study results should be interpreted with these measurement limitations in mind. However, despite the inability to detect causality, the national representativeness of HINTS makes it useful to identify macro trends at the individual variable level. Future studies that examine the effect of privacy and security concerns on patient withholding behavior may take a more micro approach, potentially using in-depth interviews to better understand how these concerns may manifest themselves and to identify specific omitted factors.

Conclusions
Monitoring and assessing how technological advances may be related to patient behavior is critical to insure high-quality care and patient safety. In contrast to previous findings, the analysis presented in this study suggested minimal effects of privacy and security concerns on PHI withholding behavior, and that this relationship was constant over time. Similarly, the relationship between quality perceptions and withholding behavior was also constant over time, yet negatively correlated