Privacy Regulation Can Improve Technology Adoption in Health Care When Combined With Incentives-CMU News - Carnegie Mellon University

Thursday, March 3, 2016

Privacy Regulation Can Improve Technology Adoption in Health Care When Combined With Incentives

By Abby Simmons / 412-268-4290 /

Stethoscope and Keyboard

Health information exchanges (HIEs) provide information technology solutions that allow patients’ electronic medical records to be shared among otherwise disconnected health care organizations. HIE efforts seek to improve efficiency and quality of care, but they have raised substantial concerns associated with the privacy of patients’ data.

To date, 25 states and the District of Columbia have enacted legislation to incentivize HIE efforts (most often by providing funding), address patient privacy concerns, or both. Often, privacy regulation is seen as an obstacle to technological innovation and the adoption of new services.

In a study forthcoming in the INFORMS journal Management Science, however, researchers from the University of Notre Dame, Carnegie Mellon University and the University of Michigan find that among states with HIE laws, only those that combined incentives with privacy requirements for patient consent saw a net increase in HIEs that were actively exchanging information (operational HIEs).

“Conventional wisdom suggests that increased privacy regulation impedes technological innovation. We provide evidence that this is not always the case,” said Idris Adjerid, assistant professor of management at the Mendoza College of Business at the University of Notre Dame.

“To understand the impact of privacy regulation on innovation, we must not treat regulation coarsely, as a binary, yes/no variable. Our findings show that privacy regulatory interventions can take many forms, and produce a nuanced array of effects on technological adoption,” said Alessandro Acquisti, professor of information technology and public policy at CMU’s H. John Heinz III College.

The researchers analyzed semi-annual data from 2004 to 2009 to compare the probability of a health care market having a HIE in the planning or operational stages with different legislative approaches to offering incentives and patient privacy protections.

“Two of the most significant barriers to planning and operating a health information exchange are cost and patient privacy,” said Julia Adler-Milstein, assistant professor of information and health management and policy at the University of Michigan’s School of Information and School of Public Health.

“States that offer incentives to alleviate some of the financial burden of building the technical and administrative infrastructure of a HIE and require that patients opt-in to the exchange of their personal data are encountering the most success,” said Rahul Telang, professor of information systems at CMU’s Heinz College.

During the period studied, a number of states passed legislation that provided the optimal provisions for HIE growth — incentives combined with patient consent. Of all attempts to incentivize HIE efforts, only those coupled with privacy regulation including consent requirements resulted in a net-gain in HIE efforts: health care markets in these states saw an 11 percent net-increase in the propensity of having an operational HIE.

States that offered incentives without any privacy regulation saw no measureable gain in the propensity of a health care market to have an HIE in the planning or operational stages. HIE efforts were negatively affected when states enacted privacy regulation without providing incentives for their creation.

“We also found that health information exchanges in states that offered incentives and required patient consent reported fewer challenges from patient privacy concerns than those in states with other legislative approaches,” said Rema Padman, professor of management science and health care informatics at CMU’s Heinz College.

The results suggest that privacy regulation can act as an enabler for incentives aimed at subsidizing the deployment of technologies that may be privacy-sensitive.