An equitable approach to enhancing the privacy of consumer information on My Health Record in Australia

To assess patients' desire for granular level privacy control over which personal health information should be shared, with whom, and for what purpose; and whether these preferences vary based on sensitivity of health information.

Background Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Methods Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. Results In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Conclusions Patient and public worries about the security risks associated with integrated EHRs highlight the need for intensive public awareness and engagement initiatives, together with the establishment of trustworthy security and privacy mechanisms for health information sharing. Electronic supplementary material The online version of this article (doi:10.1186/s12911-015-0202-2) contains supplementary material, which is available to authorized users.

On July 1, 2012 Australia launched a personally controlled electronic health record (PCEHR) designed around the needs of consumers. Using a distributed model and leveraging key component national eHealth infrastructure, the PCEHR is designed to enable sharing of any health information about a patient with them and any other health practitioner involved in their care to whom the patient allows access. This paper discusses the consumer-facing part of the program.