Antecedents of Health Information Privacy Concerns - Science Direct

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 63 (2015) 376 – 383

The 5th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare (ICTH 2015)

Antecedents of Health Information Privacy Concerns Tatiana Ermakovaa, Benjamin Fabianb, Stefan Kelkelb, Theresa Wolffb, Rüdiger Zarnekowa,* a

Department of Information and Communication Management, Technical University of Berlin, Straße des 17. Juni 135, 10623 Berlin, Germany b Institute of Information Systems, Humboldt-Universität zu Berlin, Spandauer Straße 1, 10178 Berlin, Germany

Abstract Due to demographic changes, health information technologies comprising electronic health records (EHR), electronic medical records (EMR), personal health records (PHR), remote patient monitoring (RPM) and other healthcare related websites are gaining significant relevance. They constitute a great opportunity for efficiency gains and further benefits. One of the major barriers to their successful adoption involves individual health information privacy concerns. In order to understand their nature and better mitigate them, this narrative literature survey deals with the antecedents of these concerns. In particular, this study identifies type of information, health status, recipient of information, knowledge of health information technology, experience of privacy invasions, age, gender, and education as highly important characteristics. © by by Elsevier B.V.B.V. This is an open access article under the CC BY-NC-ND license © 2015 2014The TheAuthors. Authors.Published Published Elsevier (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the Program Chairs. Peer-review under responsibility of the Program Chairs Keywords: Health Information Privacy Concerns; Antecedents; Factors

1. Introduction Severe shifts in the demographic structure of the world’s population are leading to an increasing demand for healthcare services in the presence of a considerably smaller number of people to finance them. For example, in 2005, 19 percent of the German population were aged 65 or above, while 61 percent belonged to the working

* Corresponding author. Tel.: +49-30-31427301; fax: +49-30-31478702. E-mail addresses: [email protected] (T. Ermakova), [email protected] (B. Fabian), [email protected] (S. Kelkel), [email protected] (T. Wolff), [email protected] (R. Zarnekow)

1877-0509 © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the Program Chairs doi:10.1016/j.procs.2015.08.356

Tatiana Ermakova et al. / Procedia Computer Science 63 (2015) 376 – 383

population; but according to the projections by German Federal Statistical Office for the year 2060, the share of people aged 65+ will increase to 33 percent, while the working population will shrink to 51 percent (Statistisches Bundesamt, 201531). This implies a twice as high ratio of senior citizens to working-age adults. Moreover, as of 2008, healthcare consumption rose remarkably high with proceeding age: The category of persons aged 65 to 84 years consumed already three times as many healthcare services as those 15-64, while the oldest group (85+) even seven times as much (Statistisches Bundesamt, 201531). Due to these changes, health information technologies are expected to gain enormously in importance since they offer an opportunity of efficiencies, improvements and cost reductions in healthcare service delivery (Sullivan, 201032; King et al., 201117; Meingast et al., 200619; Lafky and Horan, 201120; Hwang et al., 201216; Kuo et al., 201318; Swartz, 200533). Some of the relatively recent technologies in this field include Personal Health Records (PHR), Electronic Medical Records (EMR) and Electronic Health Records (EHR) which all deal with health information (e.g., demographics, encounter summaries, medical histories, allergies, intolerances and lab test histories) in an electronic form. PHRs allow individuals to generate and maintain their personal health information as well as to provide access to them for other parties. A PHR can be stored on a smart card, computer software or an Internet portal (Angst et al., 20063). According to the National Alliance for Health Information Technology (2008) 23 , an EMR is “created, gathered, managed and consulted by authorized clinicians and staff within one healthcare organization”. Compared to EMRs, EHRs can be used across multiple healthcare providers. Another new technology in the healthcare sector is the so-called remote patient monitoring (RPM) (Meingast et al., 200619). Here, different types of sensors are used to monitor vital signs of patients at home. These wearable or implantable sensors send information via wireless communication to a local base station within the patients’ home. This station evaluates the information and sends an alarm to a central monitoring station in case of deviations from the normal limits set. The healthcare provider is able to react to the alarm and to initiate appropriate steps to aid the patient. Congestive heart failure, diabetes and dementia are just some of the possible application areas of RPM. While the implementation of these new technologies leads to multiple advancements in the healthcare sector, it also increases the danger of compromising the privacy of individuals, even in spite of the presence of such regulations as the Health Insurance Portability and Accountability Act (HIPAA) (Nass et al., 200922). The data of RPM and PHR, EMR, or EHR is communicated electronically via the Internet and wireless connections; hence, there are threats such as eavesdropping, data theft and misuse (Meingast et al., 200619). These threats could also lead to severe social implications, e.g., in the recent past employers did not hire applicants or even fired employees because of their medical condition, and insurance firms denied life insurances to patients (Appari and Johnson, 20104; Pritts, 200825; Bansal et al. 20107; Laric et al. 200921; Rohm and Milne, 200426). Multiple surveys report about a high level of current concerns for health information privacy. A survey by Bishop et al. (2005)8 revealed that about two thirds of respondents feel concerned about the privacy of their personal health records. According to EKOS Research Associates (2007)10, only 39 percent of respondents stated that they feel their health data is safe and secure. Lafky and Horan’s (2011)20 survey participants even rather expected that “security breaches will happen no matter what” than did not worry about security or believed that their data would be protected. In the study by Perera et al. (2011)24, half of respondents expressed higher worries regarding the security of patient information as the result of its travelling over the Internet. Nearly half of Ancker and colleagues’ (2012)1 study participants believed that health information exchange would worsen their privacy. Meanwhile, a series of studies have investigated individual concerns for health information privacy in the context of online health information technologies and found them essential for a successful implementation of these technologies. Whetstone and Goldsmith (2009)38 found out that individual confidence in the privacy and security of medical records positively influences her or his intent to create a PHR. Bansal et al. (2010)7 showed that privacy concerns have a negative impact on intentions to disclose health information online. Anderson and Agarwal (2011)2 found a negative effect of health information privacy concerns on the willingness to provide access to personal health information. Dinev et al. (2012)9 revealed a negative association between individuals’ health information privacy concerns and attitude towards EHRs, while Angst and Agarwal (2006)3 came to an identical conclusion with respect to their acceptance. Ermakova et al. (2014)12 demonstrated that health information privacy concerns result in a lower level of willingness to allow medical workers share their medical data in cloud computing environments. Bansal and Davenport (2010)6 revealed that in the presence of privacy concerns (except with respect to secondary use) trust gets more important compared to financial discounts in the choice of healthcare related websites. Kuo et

377

378


al. (2013)18 confirmed the influence of concern for health information privacy (CFIP) (Smith et al., 199629)(except with respect to unauthorized access) on information privacy-protective responses (IPPR) (Son and Kim, 200830) such as patients’ refusal to provide their personal information to medical facilities, fabrication of patients’ personal information to medical facilities, asking for the removal of patients’ personal information, negative word-of-mouth messages to their friends, complaints submitted directly to medical facilities, complaints submitted indirectly to third-party organizations. The work presented in this paper was performed to support the TRESOR research project (TRESOR, 201536) which involves healthcare experts. This paper explores related work published up to year 2014 regarding the antecedents of privacy concerns from the perspective of individuals. The provided insights should assist other researchers in the field of privacy of health data as well as healthcare practitioners meeting decisions regarding the design and implementation of modern healthcare information technologies. The paper is structured as follows: The method section shortly explains how the present research was conducted. This is followed by an analysis of all relevant antecedents of health information privacy concerns. Finally, a conclusion is given. 2. Method In the present research, we followed the literature review approach (Webster & Watson, 200237). The databases selected for literature acquisition were Google Scholar, Science Direct, Springer Link, and Emerald. The articles were searched independently at the end of the year 2013 and in the middle of the year 2014. In the first search round, “value of privacy AND health data OR health information” and “health data OR health information AND privacy concerns” were used as search items for every database and the search was limited to articles published since 2009. After screening the abstracts, we retrieved 15 relevant articles from Google Scholar, 5 from Science Direct and 4 from Springer Link. We identified 7 further publications through backward search and 3 additional ones through related research. In the second round, we searched for “health information privacy concerns” or “health data privacy concerns”, both in combination with “antecedents”, “factors”, “determinants” or “consequences”. After studying the abstracts, we retrieved 22 potentially worthwhile articles from Google Scholar, 32 from Science Direct, 5 from Springer Link, and 6 from Emerald. After thoroughly examining the retrieved articles, we eliminated 13 articles from the first sample and 32 from the second one. While combining the samples in the next step, we identified 15 duplicates. Finally, we conducted the backward search process which resulted in further 16 highly relevant articles. Out of this total of 55 relevant sources, we describe only a meaningful sample in the present work. 3. Antecedents 3.1. Type of Information Rohm and Milne (2002)26 showed that consumers are more likely to be concerned if organizations purchased a list of their personal medical history compared to a list of general information such as an address or purchase history of products. Zulman et al. (2011)41 also report that individual preferences about sharing electronic health information vary based on the type of information being shared. King et al. (2011)17 further showed that privacy concerns vary for specific items of health records. In particular, they revealed that items about which people are most concerned include sexually transmitted diseases, abortion, infertility, family medical history/genetic disorders, drug/alcohol incidents, mental illness, list of previous operations/procedures/dates and current medications. Lower levels of privacy concerns are stated for such items of health records as date of birth, native language, religion, sexual orientation, blood group, blood pressure status, allergies, diabetes status, and cancers. In line with these findings, Terry et al. (2008)35 found different privacy concerns in groups of patients built with respect to such variables as joint surgery (hip/knee) and surgery type (primary or revision). Laric et al. (2009)21 similarly related people’s concern for privacy of healthcare information to the kind of disease, although depending on gender, age, race and insurance.


379

In addition, patients were shown to be more comfortable with the use of anonymized health data, i.e., where obvious identifiers have been removed, than with the use of fully identifiable data (Whiddett et al., 200639; Perera et al., 201124), as well as with the use of data which does not appear to them to be sensitive (Bansal et al., 20075, 20107). 3.2. Health Status In the context of healthcare websites, Bansal and Davenport (2010)6 found empirical evidence that perceived poor health status positively moderates the association between health information privacy concerns (in terms of unauthorized secondary use) and preference of trust over the discount. Further, Bansal et al. (2010)7 found that perceived poor health status positively influences health information sensitivity and thus in turn is positively associated with privacy concerns. Laric et al. (2009)21 also observed significantly higher concerns for health information privacy under more poor health conditions. This can be attributed to a much higher potential harm from a misuse of more sensitive medical information. Lafky and Horan (2011)20 stated that people are afraid of identity theft and potential discrimination as consequences of misusing their health status. Teixeira et al. (2011)34 reported that while nearly all (96%) HIV-infected patients feel discriminated some of the time or more, almost half of them complain about that feeling even most or all of the time. According to Pritts (2008)25, Appari and Johnson (2010)4, Bansal et al. (2010)7, Laric et al. (2009)21, and Rohm and Milne (2004)26, individuals were refused employment, fired or denied life insurance based on their genetic constitution and/or medical condition. However, the study by Wilkowska and Ziefle (2012)40 provided somewhat contradictory evidence. Here, healthy persons attached a higher level of importance to the confidentiality, anonymity, intimacy, and invisibility of their Ehealth usage and measurement-results to outsiders, as well as a non-stigmatizing device design, compared to persons with poor health. Consistent with these findings, Lafky and Horan (2011)20 argue that individuals with disabilities and chronic illnesses raise less concern for information privacy than healthy ones. It seems that people with bad health conditions appear to be primarily concerned about getting healthier than preserving privacy: Previous research reports that patients generally support sharing medical records. In the survey by Teixeira et al. (2011)34, a majority of HIV-patients were willing to share their health data with all medical workers involved in their care. Perera et al. (2011)24 state that most of their survey participants even supported computerized data sharing. 3.3. Recipient of Information Anderson and Agarwal (2011)2 found that the requesting stakeholder moderates the relationship between concerns and willingness to provide health information. As follows from the study by Lafky and Horan (2011)20, people are afraid that their health status would be exposed to strangers, employers, researchers, or associates (e.g., family or friends). The list of the most undesirable outsiders by Perera et al. (2011)24 involved private insurance companies, pharmaceutical companies, the government, and universities, or researchers based in hospitals. Consistently, Rohm and Milne (2004)26 argued that medical information is the type of information which people particularly do not want direct marketers to collect and use. Further related explorations can be found in the works by Whiddett et al. (2006)39, Zulman et al. (2011)41, and Teixera et al. (2011)34. 3.4. Knowledge of Health Information Technology Angst et al. (2006)3 tested the influence of knowledge on CFIP and found that respondents with a more extensive understanding of health information technology were less concerned in all four dimensions. Similarly, Hwang et al. (2012)16 investigated and confirmed the existence of an impact of EMR awareness on privacy concerns regarding secondary use and unauthorized access. Ancker et al. (2012)1 indicated that patients develop positive opinions after visiting a doctor using an EHR, although arguing that the direction of causality could also be the other way around. However, they found no relationship between experience with a physician using an EHR and privacy concerns.

380


3.5. Experience of Privacy Invasions Bansal et al. (2010)7 hypothesized and confirmed that the perception of previous privacy invasion increases privacy concerns. A survey by Bishop et al. (2005)8 revealed that only one fourth of the respondents were aware of specific privacy invasions. But of those, two thirds reported increased concerns regarding health information technology, even though some of the reported breaches were related to other topics. Bansal et al. (2010)7 also argued that privacy violations often spread out over contexts and raise concerns in other scenarios as well. 3.6. Age The demographic variable age provides very mixed results. There are studies that found no effects of age (Ermakova et al., 201412; Hwang et al., 201216). Other studies found age effects just for subgroups (Terry et al., 200735) or non-linear associations (King et al., 201117). The remaining investigations observed a positive relationship between age and concerns (EKOS Research Associates, 200710; Laric et al., 200921). King et al. (2011)17 found a statistically significant relationship between age and health information privacy concerns. In their study, respondents aged 18–19 and 60+ had less privacy concerns (51% and 53%) compared to middle-age groups (20–34, 35–44 and 45–59) (71–77%). Laric et al. (2009)21 investigated age effects for different classes of maladies and found that respondents aged 45+ had more concerns than younger ones. The EKOS Research Associates (2007)10 observed that concerns rise consistently with age. 3.7. Gender Wilkowska and Ziefle (2012)40 discovered that women strive for more anonymity and intimacy than men, although the gender effect diminishes in older people group. Similarly, Laric et al. (2009)21 found statistically significant effects based on gender. In particular, they showed that U.S. females are more concerned with respect to HIV testing, sexually transmitted diseases, substance abuse, eating disorders and depression, whereas Canadian women had a higher concern for privacy regarding plastic surgery procedures, both in comparison to their male compatriots. Terry et al. (2008)21 also presented gender dependent associations of different factors with concerns about privacy: While the role of pre-surgery concern was confirmed for both female and male groups, for women, individuals receiving knee replacement were less concerned about their privacy than those receiving hip replacement. Furthermore, individuals receiving revision joint replacement surgery were less concerned than those receiving primary joint replacement surgery. Dinev et al. (2012)10, Ermakova et al. (2014)12, Ancker et al. (2012)1, and Hwang et al. (2012)16 found no statistical significant impact of gender on health information privacy concerns. 3.8. Education King et al. (2011)17 concluded that education also plays a role in the formation of health information privacy concerns. In their study, respondents with a post-graduate degree were less privacy concerned (30%) compared to other education groups, while those who had a technical or commercial degree were more privacy concerned (71%) than other education groups. Hwang et al. (2012)16 generally stated that a higher level of education increases health information privacy concerns regarding unauthorized access and secondary use, while EKOS Research Associates (2007)10 argued that concerns about personal health information decline with a higher educational level. 3.9. Other Characteristics and Factors There is some evidence that a lower income leads to increased concerns (EKOS Research Associates, 200710). As income is highly correlated with education, this would be reasonable to suggest. However, Ancker et al. (2012)1 found no income-related effects on health information privacy concerns in their study. King et al. (2011)17 observed that there are less concerns in the group of unemployed people (60%) than among respondents in other employment groups (66–74%), although the statistical significance of the relationship between


381

employment and privacy concerns is marginal (p=0.055). In the study by Ancker et al. (2012)1, the employment status did not play a significant role. King et al. (2011)17 also showed that the difference in health information privacy concerns is significant across places of birth. Samsuri et al. (2013)27 further argue that the perspectives of western countries differ from those of Asian countries including India, Thailand, Japan, China and Malaysia. Laric et al. (2009)21 found that minorities generally depict higher concern levels than the majority (white population) in some ailment groups. For example, in the United States, Black Americans are more concerned about standard physical examinations and follow up visits to a general practitioner. Bishop et al. (2005)8 inferred that ethnic minorities are more concerned about their health privacy as they might have a lower education and income. It is also argued that these findings reflect the fact that minorities – especially in the U.S. – have a lower degree of access to the healthcare system (Laric et al., 200921). Ermakova et al. (2014)12 investigated the influence of three different trust categories, i.e., trust in privacypreserving regulatory mechanisms, trust in privacy-preserving technological mechanisms and trust in cloud providers in healthcare, on healthcare information privacy concerns. They found a negative influence for each of them. Dinev et al. (2012)9 showed a positive effect of those three components on trust in EHR which leads to reduced privacy concerns. Dinev et al. (2012) 9 also investigated and confirmed perceived control as an antecedent to information privacy concerns. Bansal et al. (2010)7 examined the influence of the big five traits, i.e., extroversion, agreeableness, conscientiousness, emotion instability and intellect (Goldberg, 199015), on information sensitivity which in turn impacts health information privacy concerns. Conscientiousness and extroversion had no significant effects. For agreeableness and intellect, the effects were as hypothesized, but only at a marginally significant level. For emotional instability the authors found highly significant effects. 4. Conclusion, Limitations and Further Research Demographic challenges related to the significant aging of the world’s population could heavily influence the healthcare system. Modern health information technologies offer an opportunity to properly address these problems. However, their adoption rates could be too low due to health information privacy concerns. In order to help healthcare practitioners to cope with these concerns and provide support for further research, this work attempts to understand their nature. Among distinct antecedents, we explore type of information, health status, recipient of information, knowledge of health information technology, experience of privacy invasions, age, gender, education, and further determinants. Our findings can serve as an important building block in security and privacy requirements engineering (Fabian et al., 201013) for healthcare information technologies, such as cloud computing in healthcare (Ermakova et al., 201311) and corresponding privacy-enhancing technologies (Fabian et al., 201514). One of the limitations of this literature review lies in the difficulty to compare the influence of the antecedents across different studies due to several reasons. First, every cited study just copes with a few factors. Second, the examinations also vary according to their methodology and their healthcare context. Third, it should also be taken into consideration that the samples used across the studies provide not enough comparability, which could have led to different or even contradictory findings. For example, Laric et al. (2009)21 conducted the study both in the United States and Canada. For the U.S. sample, they found significant age effects for most of the maladies included in the study design, implying that respondents aged 45+ have more concerns than younger ones. For the Canadian sample, they found fewer differences. The reasons for different results can be searched not only in the cultures of these countries but also in the sample sizes: The Canadian sample (n=45) is much smaller than the US sample (n=225). There are some indications that a culture could also have an impact as well. The most cited studies were conducted in North America, while European and Asian examinations are rare. Other limitations of the insights provided in this study might have resulted from the choice of databases and search items for literature acquisition. Additional literature can be potentially found with PubMed (Shultz, 200728). Future research efforts should be directed to exploring health information privacy concerns in the cultural dimension. Many different and contradictory results reported in this work are further to be verified. As most studies operationalized health status as a self-rated concept or following a scenario-based approach, it could enhance validity when using samples with healthy and unhealthy people determined by medical workers since self-ratings could be biased.

382


References 1. Ancker, J, Silver, M, Miller, M, Kaushal, R. Consumer Experience with and Attitude toward Health Information Technology: A Nationwide Survey. American Medical Informatics Association 2012; 1: 152–156. 2. Anderson, C, Agarwal, R. The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information. Information Systems Research 2011; 22(3): 469-490. 3. Angst, C, Agarwal, R, Downing, J. An Empirical Examination of the Importance of Defining PHR for Research and for Practice. Robert H. Smith School Research Paper No. RHS-06-011; 2006. 4. Appari, A, Johnson, ME. Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 2010; 6(4): 279-314. 5. Bansal, G, Zahedi, F, Gefen, D. The Impact of Personal Dispositions on Privacy and Trust in Disclosing Health Information Online. Proceedings of the 13th Americas Conference on Information Systems; 2007. 6. Bansal, G, Davenport, R. Moderating Role of Perceived Health Status on Privacy Concern Factors and Intentions to Transact with High versus Low Trustworthy Health Websites. Proceedings of the 5th MWAIS (Midwest Association for Information) Conference; 2010. 7. Bansal, G, Zahedi, F, Gefen, D. The Impact of Personal Dispositions on Information Sensitivity, Privacy Concern and Trust in Disclosing Health Information Online. Decision Support Systems 2010; 49(2): 138-150. 8. Bishop, L, Holmes, B, Kelley, C. National Consumer Health Privacy Survey 2005. Forrester Research, Inc. http://www.chcf.org/publications/2005/11/national-consumer-health-privacy-survey-2005; 2005. 9. Dinev, T, Albano, V, Xu, H, D’Atri, A, Hart, P. Individual’s Attitudes towards Electronic Health Records – a Privacy Calculus Perspective. Annals of Information Systems 2012. 10. EKOS Research Associates. Electronic Health Information and Privacy Survey: What Canadians Think 2007. https://www.infowayinforoute.ca/en/component/edocman/resources/reports/privacy/14-ekos-survey-on-electronic-health-information-and-privacy-full; 2007. 11. Ermakova, T, Fabian, B, Zarnekow, R. Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios. Proceedings of the 19th Americas Conference on Information Systems; 2013. 12. Ermakova, T, Fabian, B, Zarnekow, R. Acceptance of Health Clouds – a Privacy Calculus Perspective. Proceedings of the 22nd European Conference on Information Systems; 2014. 13. Fabian, B, Gürses, S, Heisel, M, Santen, T, Schmidt, HA. Comparison of Security Requirements Engineering Methods. Requirements Engineering Journal 2010; 15(1): 7-40. 14. Fabian, B, Ermakova, T, Junghanns, P. Collaborative and Secure Sharing of Healthcare Data in Multi-Clouds. Information Systems 2015; 48(March): 132-150. 15. Goldberg, L. An Alternative Description of Personality: The Big-Five Factor Structure. Journal of Personality and Social Psychology 1990; 59(6): 1216-1229. 16. Hwang, H, Han, H, Kuo, K, Liu, C. The Differing Privacy Concerns Regarding Exchanging Electronic Medical Records of Internet Users in Taiwan. Journal of Medical Systems 2012; 36(6): 3783-3793. 17. King, T, Brankovic, L, Gillard, P. Perspectives of Australian Adults about Protecting the Privacy of their Health Information in Statistical Databases. International Journal of Medical Informatics 2011; 81: 279-289. 18. Kuo, K.-M, Ma, C-C, Alexander, J. How do Patients Respond to Violation of their Information Privacy. Health Information Management Journal 2013; 43(2): 23-33. 19. Meingast, M, Roosta, T, Sastry, S. Security and Privacy Issues with Health Care Information Technology. Proceedings of the Engineering in Medicine and Biology Society Conference (EMBS'06); 2006: 5453-5458. 20. Lafky, D, Horan, T. Personal Health Records: Consumer Attitudes toward Privacy and Security of their Personal Health Information. Health Informatics Journal 2011; 17(1): 63-71. 21. Laric, M, Pitta, D, Katsanis, L. Consumer Concerns for Healthcare Information Privacy: A Comparison of US and Canadian Perspectives. Research in Healthcare Financial Management 2009; 12(1): 93-111. 22. Nass, S, Levit, L, Gostin, L. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health through Research. Institute of Medicine. Washington: National Academies Press; 2009. 23. National Alliance for Health Information Technology. Report to the Office of the National Coordinator for Health Information Technology on Defining Key Health Information Technology Terms. https://www.nachc.com/client/Key%20HIT%20Terms%20Definitions%20Final_April_2008.pdf ; 2008. 24. Perera, G, Holbrook, A, Thabane, L, Foster, G, & Willison, DJ. Views on Health Information Sharing and Privacy from Primary Care Practices Using Electronic Medical Records. International Journal of Medical Informatics 2011; 80(2):94-101. 25. Pritts, JL. The Importance and Value of Protecting the Privacy of Health Information: Roles of HIPAA Privacy Rule and the common rule in Health Research. Institute of Medicine. https://panoptykon.org/sites/default/files/prittsprivacyfinaldraftweb.pdf; 2008. 26. Rohm, A, Milne, G. Just What the Doctor Ordered. The Role of Information Sensitivity and Trust in Reducing Medical Privacy Concern. Journal of Business Research 2004; 57: 1000-1011. 27. Samsuri, S, Ismail, Z, Ahmad, R. Protecting Personal Medical Information: Asian Perspectives. International Journal of Computer and Communication Engineering 2013; 2(4). 28. Shultz, M. Comparing Test Searches in PubMed and Google Scholar. Journal of the Medical Library Association 2007; 95(4): 442–445. 29. Smith, H, Milberg, S, Burke, S. Information Privacy: Measuring Individuals’ Concerns about Organizational Practices. MIS Quarterly 1996; 20(2): 167-196.

Tatiana Ermakova et al. / Procedia Computer Science 63 (2015) 376 – 383 30. Son, J-Y, Kim, S. Internet Users’ Information Privacy-Protective Responses: A Taxonomy and a Nomological Model. MIS Quarterly 2008; 32(3): 503-529. 31. Statistisches Bundesamt. www.destatis.de; 2015. 32. Sullivan, M. Playing Catch-up in Health Care Technology. Journal of Healthcare Compliance 2010; 12(3): 25-30. 33. Swartz, N. Electronic Health Records Could Save $81 Billion. Information Management Journal 2005; 39(6). 34. Teixeira, PA, Gordon, P, Camhi, E, Bakken, S. HIV Patients’ Willingness to Share Personal Health Information Electronically. Patient Education and Counseling 2011; 84(2): e9-e12. 35. Terry, A, Chesworth, B, Stolee, P, Bourne, R, Speechley, M. Joint Replacement Recipients´ Post-Surgery Views about Health Information Privacy and Registry Participation. Health Policy 2008; 85: 293-304. 36. TRESOR. http://www.cloud-tresor.com/; 2015. 37. Webster, J, Watson, RT. Analyzing the Past to Prepare for the Future: Writing a Literature Review. MIS Quarterly 2002; 26(2): xiii-xxiii. 38. Whetstone, M, Goldsmith, R. Factors Influencing Intention to Use Personal Health Records. International Journal of Pharmaceutical and Healthcare Marketing 2009; 3(1): 8-25. 39. Whiddett, R, Hunter, I, Engelbrecht, J, Handy, J. Patients’ Attitudes towards Sharing their Health Information. International Journal of Medical Informatics 2005; 75: 530-541. 40. Wilkowska, W, Ziefle, M. Privacy and Data Security in e-Health: Requirements from the User’s Perspective. Health Informatics Journal 2012; 18: 191. 41. Zulman, DM, Nazi, KM, Turvey, CL, Wagner, TH, Woods, SS, An, LC. Patient Interest in Sharing Personal Health Record Information. Annals of Internal Medicine 2011; 155(12): 805-811.

383