The impacts of multiple privacy regulations and national security infrastructure on health information exchange: a study of hospitals across Europe
| Date | 12 March 2024 |
| Pages | 225-243 |
| DOI | https://doi.org/10.1108/DPRG-07-2023-0105 |
| Published date | 12 March 2024 |
| Subject Matter | Information & knowledge management,Information management & governance,Information policy |
| Author | Utkarsh Shrivastava,Bernard Han,Ying Zhou,Muhammad Razi |
The impacts of multiple privacy regulations
and national security infrastructure on
health information exchange: a study of
hospitals across Europe
Utkarsh Shrivastava, Bernard Han, Ying Zhou and Muhammad Razi
Abstract
Purpose –Sharing patient health information (PHI) among hospitals has been much slower than the
adoption of health record systems. This paper aims to investigate if privacy regulation (PR) or security
measures (SMs) influence hospitals’ use of health information exchange (HIE) to share PHI with other
providers (e.g. physicians, labs, hospitals). The study specifically focuses on how multiple PRs can
impedeand a strong national security infrastructure(NSI) can support HIE.
Design/methodology/approach –The study uses secondary data from a multi-nationaland multi-hospital
survey administered by theEuropean Union. The multi-level structure of the cross-sectional panel data is used
to test the influence of both hospital-level (e.g. PR) and national-le vel variables (e.g. NSI) on HIE. A total of nine
types of HIE, three types of PRs, nine SMs and other relevant control varia bles are considered. This study uses
a two-level random intercept generalized linear model to test the hypot hesis proposed in the study.
Findings –The study findsthat national-level PRs (NLPR) have thestrongest positive influence on HIE in
comparison to regional (RLPR) and hospital-level (HLPR) PRs. Moreover,the study finds evidence that
the presence of RLPR and HLPR,on average, decreasesthe positive impact of NLPR by 264%. The SMs
also have a significantand positive impact on HIE. Adoptionof an additional SM can increase theodds of
engaging in a certain type of HIE between 21% and 61%. On the other hand, a strong NSI can also
amplifythe positive impact of SM on certain types of HIE.
Originality/value –This study extends priorresearch on the role of PRs in enabling HIE by considering
the complexities brought up by adopting multiple PRs. NLPRs have the strongest impact on HIE in
comparison to RLPRs or HLPRs. Moreover, public infrastructure initiatives such as those related to
securecommunications can also complementSMs adopted by the providers by encouragingHIE.
Keywords European Union, Information management, Privacy, Legislation, Data security,
Medical informatics
Paper type Research paper
1. Introduction
It was a widely shared belief that health information technology (HIT) could be leveraged to
achieve the “triple aim” (i.e. lower costs, improved health and better care) of health reform
(Berwick et al., 2008;Sheikh et al.,2015). To further capitalize on the investment in HIT,
health information exchange (HIE) is used to transfer and share electronically available
patient health information (PHI) across multiple service providers to support medical
treatment and care coordination(Walker et al., 2005;Kuperman, 2011;Kho et al., 2015).
Though many nations have implemented multiple health-care initiatives over the world,
electronic health records (EHR) adoption has increased (Vest, 2012;Adler-Milstein and Jha,
2017), but HIE use is either declining (Furukawa et al.,2014;Adler-Milstein et al.,2016)or
Utkarsh Shrivastava and
Bernard Han are both
based at the Haworth
College of Business,
Western Michigan
University, Kalamazoo,
Michigan, USA.
Ying Zhou is based at the
Architecture and Urban-
Rural Planning College,
Sichuan Agricultural
University, Sichuan, P.R.
China. Muhammad Razi is
based at the Haworth
College of Business,
Western Michigan
University, Kalamazoo,
Michigan, USA.
Received 30 July 2023
Revised 15 October 2023
1 December 2023
Accepted 23 December 2023
Declaration of competing
interest: The authors report no
declarations of interest.
DOI 10.1108/DPRG-07-2023-0105 VOL. 26 NO. 3 2024, pp. 225-243, ©Emerald Publishing Limited, ISSN 2398-5038 jDIGITAL POLICY, REGULATION AND GOVERNANCE jPAGE 225
stagnant (Holmgren et al.,2017;Atasoy et al.,2019). Over the past two decades, many
studies have investigated factors affecting hospitals’ HIE use (Vest, 2010;Vest et al.,2011;
Yeager et al.,2014;Rudin et al.,2014). Privacy and security risks have been pointed out as
either a major barrier (Dimitropoulos and Rizk, 2009;Greenberg et al.,2009;Weiser, 2009;
Mukhopadhyay et al.,2019)oranenabler(McGraw et al.,2009) to impede or build trust into
HIE use. As of today, research findings on the real impacts of patient privacy and security
regulations on HIE are not consistent (Adjerid et al.,2016;Mello et al.,2018;Esmaeilzadeh,
2020a;Esmaeilzadeh, 2020b) and still not well understood (Shen et al.,2019). These
unsettled research findings lead to our first question:
Q1. Doprivacy regulations (PRs) facilitate or impedeHIE?
Patient data privacy has taken center stage in health care due to increasing cybercrimes
and avenues for PHI theft (Woody, 2002;Theodos and Sittig, 2020). Therefore, hospitals
must comply with PRs formulated by various agenciesat different levels, including national,
regional and hospital levels. A recent study by Lenert and McSwain (2020) pointed out that
HIE under COVID-19 becomes very challenging and difficult because patient information
must go through many disjointed care processes, which makes the current PRs antiquated.
Furthermore, the tangle of federal and state laws creates complexity, and the risks of
financial penalties hinder international collaborations in health-care research (Bradford
et al., 2020). Therefore, this study aims to find empirical evidence addressing the second
question:
Q2. Canadopting multiple PRs impede HIE?
The data privacy requirements of some regulations encourage hospitals to adopt technical
safeguards (i.e. security measures [SMs]) such as firewalls, data encryption, backup data
solutions, etc., to protect PHI. The challenges to determining which patient data points
come under the purview of PRs and should be legally safeguarded persist (Paltiel et al.,
2023). On the other hand, extensive use of SMs is also considered a barrier to information
exchange (Agrawal and Johnson, 2007). However, in today’s digital environment, where
PHI is invaluable to rogue elements of society, the presence of SMs in the hospitals should
influence the perception of patients and providers in HIE in at least two ways. First, the SMs
would help alleviate patients’ concerns about data misuse and encourage them to consent
to HIE (Esmaeilzadeh and Mirzaei, 2019). Second, SMs could improve providers’
confidence in HIE by reducing the odds of datatheft and, in turn, the associated legal costs
(Shen et al.,2019). Hence, the study’s third question is as follows:
Q3. Dodata SMs facilitate or impede HIE?
Information security is a collaborative effort bet ween participating entities, especially during H IE.
The data security risks and attack vectors are shared between entitiesparticipating in HIE (Huang
et al.,2014
). A secure communications infrastructure reduces the risk of compromising PHI
during HIE (Abdulnabi et al.,2017). The presence of an established national security infrastructure
(NSI), including secure internet servers for commu nications, has facilitated the growth of the
financial technology industry, which also involves sharing protected information (Haddad and
Hornuf, 2019). Therefore, the study’s fourth and final research question is as follows:
Q4. Dosecure national communication infrastructurefacilitate HIE?
The study aims to answer the above research questions using the out comes of a survey of
more than 1,350 hospitals across 31 countries in Europe (SMART, 2014). The study findings
are used to develop recommendations for hospitals and national gove rnments to facilitate HIE.
2. Background and hypotheses
Using HIE, EHR systems that store PHI can contribute to efficient and better-quality care
(Walker et al.,2005). As mentioned earlier, many studies have been conducted to explore
PAGE 226 jDIGITAL POLICY, REGULATION AND GOVERNANCE jVOL. 26 NO. 3 2024
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeStart Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting
Start Your Free Trial of vLex and Vincent AI, Your Precision-Engineered Legal Assistant
-
Access comprehensive legal content with no limitations across vLex's unparalleled global legal database
-
Build stronger arguments with verified citations and CERT citator that tracks case history and precedential strength
-
Transform your legal research from hours to minutes with Vincent AI's intelligent search and analysis capabilities
-
Elevate your practice by focusing your expertise where it matters most while Vincent handles the heavy lifting