SUPPORTING STATEMENT
Attitudes toward Electronic Health Information Exchange and Associated Privacy and Security Aspects
Version July 1, 2010
The Office of the National Coordinator for Health Information Technology (ONC)
Table of contents
1. Circumstances Making the Collection of Information Necessary - 3 -
2. Purpose and Use of Information Collection - 3 -
3. Use of Improved Information Technology and Burden Reduction - 4 -
4. Efforts to Identify Duplication and Use of Similar Information - 5 -
5. Impact on Small Businesses or Other Small Entities - 6 -
6. Consequences of Collecting the Information Less Frequently - 6 -
7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5 - 6 -
8. Comments in Response to Federal Register Notice/Outside Consultations - 6 -
9. Explanation of any Payments/Gifts to Respondents - 6 -
10. Assurance of Confidentiality Provided to Respondents - 7 -
11. Questions of a Sensitive Nature - 7 -
12. Estimates of Annualized Burden Hours and Costs - 7 -
13. Estimates of Annualized Respondent Capital and Maintenance Costs - 8 -
14. Annualized Cost to the Government - 8 -
15. Explanation for Program Changes or Adjustments - 9 -
16. Time Schedule, Publication and Analysis Plans - 9 -
17. Reason(s) Display of OMB Expiration Date is Inappropriate - 9 -
B. Collections of Information Employing Statistical Methods - 9 -
1. Respondent universe and sampling methods - 9 -
2. Information Collection Procedures - 12 -
The Office of the National Coordinator for Health Information Technology (ONC) serves as the Secretary’s principal advisor on the development, application, and use of health information technology (health IT). ONC was originally created under Executive Order (EO) 13335, but has since been codified in law by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009. The HITECH Act builds on EO13335 and establishes additional purposes for the ONC and duties for the National Coordinator. Chief among these new HITECH Act responsibilities are to: promote the development of a nationwide health IT infrastructure that allows for electronic use and exchange of information; coordinate health IT policy; and update the Federal Health IT Strategic Plan to meet the objectives specified in the HITECH Act. Meeting certain objectives such as “methods to foster the public understanding of health information technology” will require additional information from the public at large to determine what education is needed and what types of communication techniques will be most effective.
Electronic health information exchange promises an array of potential benefits for individuals and the U.S. health care system through improved health care quality, safety, and efficiency. At the same time, this environment also poses new challenges and opportunities for protecting health information. Health information technology and electronic health information exchange may also provide individuals with new, more effective methods to engage with their health care providers and affect how their health information may be exchanged. Based on findings from a comprehensive literature review, little is known about individuals’ attitudes toward electronic health information exchange and the extent to which they are interested in determining by whom and how their health information is exchanged. The proposed information collection, entitled “Attitudes toward Electronic Health Information Exchange and Associated Privacy and Security Aspects” conducted under the Health Information Security and Privacy Collaboration contract will permit us to better understand individuals’ attitudes toward electronic health information exchange and its associated privacy and security aspects as well as inform policy and programmatic objectives.
The purpose of the proposed information collection is to better understand the privacy and security concerns, tradeoffs, and priorities individuals have with respect to electronic health information exchange. The information collected will consist of responses to a series of questions that ask a representative sample of individuals about who should have access to their health information through electronic health information exchange and for what purposes they believe their health information should be electronically exchanged. Questions will also seek to ascertain individuals’ privacy and security priorities, the level of involvement (responsibility) they expect or want to have with respect to determining how their health information is electronically exchanged, and the tradeoffs they may be willing to consider. The information will be analyzed and published on http://healthit.hhs.gov in a report that meets all requirements for Section 508 compliance and the findings will be the subject of a web conference that will be open to the public.
The purpose of this information collection is to broaden ONC’s understanding of individuals’ attitudes toward and beliefs about electronic health information exchange and privacy and security. Between 2006 and 2009, ONC, in partnership with AHRQ, supported the Health Information Security and Privacy Collaboration (HISPC). In HISPC’s third and final phase, approximately 40 governor-endorsed state and territorial teams worked in “multi-state collaboratives” to build on their prior work and to develop common, replicable solutions to identified privacy and security challenges. This third phase of the project produced a wealth of resources for other states and territories to use to educate stakeholders and to get a head start on tackling the many policy issues related to the privacy and security of electronic health information exchange. Within a few months of the completion of HISPC’s third phase, the HITECH Act was passed and ONC assumed more responsibility related to coordinating health information technology and privacy and security policy.
The impetus for initiating this information collection was to assess the impact of the HISPC work over its four year existence and the impact its network of stakeholders had on communities and stakeholders at the state-level in raising general awareness about privacy and security issues related to electronic health information exchange. However, when the HITECH Act passed, we reevaluated whether this information collection could serve additional purposes. Accordingly, we expanded the role of this information collection from being solely focused on assessing the impact of the HISPC to one that would serve a broader purpose – gaining an early understanding of individuals’ attitudes towards electronic health information exchange and privacy and security with the development and assessment of some initial metrics that could potentially be used to measure the impact of future ONC HITECH Act related activities affect individuals’ attitudes related to privacy and security.
We believe that this information collection will help ONC to develop metrics and measurement techniques related to privacy and security that will be a valuable first step in a larger plan to gain an understanding of individuals’ attitudes towards electronic health information exchange and privacy and security over time. We are aware that in the future, a more comprehensive survey approach is needed – one that includes a sampling methodology that allows analysis of subgroups, a survey instrument that is translated into multiple languages and that can be used year after year. However, for the purposes of this information collection, the resources available required ONC to narrow its focus to English speaking, non-institutionalized adults rather than pursuing additional survey instruments translated into different languages. We recognize that this specific target population provides a somewhat limited data set but, nonetheless, we believe that such data will be useful and valuable and will also help ONC focus more directly on certain questions for a subsequent information collection.
All interviews will be conducted over the telephone, using computer-assisted telephone interviewing (CATI) software. The use of CATI will reduce respondent burden, reduce coding errors, and increase efficiency and data quality. The CATI program involves a computer-based sample management and reporting system that incorporates sample information, creates an automatic record of all dialings, tracks the outcome of each interviewing attempt, documents sources of ineligibility, records the reasons for refusals, and locates mid-questionnaire termination.
The CATI system also includes the actual interview program (including the question text, response options, interviewer instructions, and interviewer probes). The CATI’s data quality and control program includes skip patterns, rotations, range checks and other on-line consistency checks and procedures during the interview, assuring that only relevant and applicable questions are asked of each respondent. Data collection and data entry occur simultaneously with the CATI data entry system. The quality of the data is also improved because the CATI system automatically detects errors and ensures that there is no variation in the order in which questions are asked. Data can be extracted and analyzed using existing statistical packages directly from the system, which significantly decreases the amount of time required to process, analyze, and report the data.
An extensive review of the relevant literature has been conducted to ensure that the proposed data collection does not duplicate past efforts. Our contractor conducted a comprehensive review of the peer-reviewed and grey literature to understand current attitudes toward the access to and control of individual health information. Online searches were conducted using a series of Google searches for new surveys and other types of data collection at 2-month intervals for the period between January of 2008 and July 2009 and again at the end of December 2009. Examples of search terms used can be found in Attachment A. The full bibliography can be found in Attachment B.
The Google searches identified 32 articles which were reviewed. We retained articles that described the results of data collections performed between 1999 and 2009. This decision was based on the dramatic changes that have taken place in the Health IT landscape during that period and the lack of relevant work conducted prior to 1999. We also eliminated surveys that were not conducted with the general population (e.g., provider surveys). The critical review identified 16 surveys that had been conducted over the past 10 years which had some relevance for the planned research purposes.
In addition to the Google searches, we also conducted a thorough search for relevant journal articles reporting the findings of surveys of privacy and security of personal health information on July 2, 2009. The search produced 485 records from the PubMed database, 55 records from the Web of Science database, and 39 records from the CINAHL database. Of the 579 records found to match the search strategy, 558 were unique records. Their citations and abstracts (when available) were imported into an application called EndNote®. The research team performed the initial review of the records and eliminated those articles that did not report findings of a qualitative or quantitative data collection conducted with individuals. This narrowed the results to 79 records which were reviewed for topic relevance. Records deemed irrelevant were eliminated and the rest of the records were obtained for review. Twenty-seven full length articles were requested, six of which were for review for inclusion in the analysis and 21 articles were obtained as potential reference material. Upon receiving and reviewing the 6 full articles, the team once again reviewed the articles using the criteria for inclusion. Two of the articles were eliminated: one did not pertain to a specific survey/questionnaire and one was not relevant to privacy and security. The remaining four articles were included in our analysis making a total of 20 surveys that were subject to the review and analysis.
None of the 20 reports of surveys reviewed included questions that were specifically targeted at learning about individuals’ attitudes toward electronic health information exchange and associated privacy and security aspects.
No information will be collected from small businesses or other small entities.
The survey is a one-time request for individual respondents. The likelihood is extremely small (less than one in a million) that respondents will be included in more than one randomly selected sampling pool.
This request is consistent with the general information collection guidelines of 5 CFR 1320.5(d)(2). No special circumstances apply.
As required by 5 CFR 1320.8(d), notice was published in the Federal Register on October 28, 2010 Page 55554-55555 for 60 days.
ONC
received one comment as follows: “Question 27 creates an
expectation that it may be possible to set permissions on segments of
an electronic medical record across an HIE. At this time such
capabilities do not exist. It might be more accurate to phrase this
question more like question 28 and say something like "If it
were possible to use electronic privacy settings to set permissions
for some portions of your health record…”
Response: The former question 27 has been revised taking into consideration this comment and it is now current question number 33 and is posed as a hypothetical.
Outside Consultations
HHS and OMB expect project sponsors to discuss their plans early in the development process with other HHS agencies working in related program areas. HHS and OMB strongly encourage agencies to collaborate among themselves and with other HHS components to meet mutual and related data needs.
No outside consultations are required.
Respondents will not receive any gifts or payments.
Responses by individuals will be kept private to the extent allowed by law under Section 934(c) of the Public Health Service Act, 42 USC 299c-3(c). They will be told the purposes for which the information is collected and that, in accordance with this statute, any identifiable information about them will not be used or disclosed for any other purpose. Please see Attachment C, the telephone screener and consent script.
All materials including the verbal consent script will be reviewed and approved by the RTI IRB prior to contacting any sample members. The Office for Human Research Protections (OHRP) has granted a Federalwide Assurance (FWA #3331 effective until March 5, 2012) to RTI that grants us the right to review and approve studies independently. In turn, OHRP has the right to audit our IRB records or any study's procedures at any time to assure that RTI is in compliance with the federal regulations regarding research with human subjects.
Information that can directly identify the respondent, such as name and/or social security number will not be collected.
The project team will impose several security measures to ensure protection of confidential information collected from project participants. All computers have Pointsec software installed, are password protected, and access to shared drives is limited to staff who have signed data confidentiality agreements. No information will be collected in paper form.
Two questions are included that may be considered sensitive: Questions 16 and 17. Regarding questions 16 and 17, there is some evidence that patients engage in “privacy protective behaviors” when they are concerned about the privacy of their health information (Goldman, 1998). Privacy protective behaviors include behaviors such as withholding information from a health care provider, avoiding going to the doctor, paying cash for an office visit, asking a doctor to enter a different diagnosis, or avoiding treatment altogether. This is an issue that we need to better understand but there are no recent data that shed light on this issue.
The questionnaire content can be seen in Attachment D.
Exhibit 1 shows the estimated annualized burden for the proposed project.
A sample of 25,415 telephone numbers will be drawn and called for screening using Random Digit Dialing (RDD). We expect that 22,845 phone numbers will be screened out of the study and the screening will take on average 2 minutes per case. We expect to screen and interview 2,570 individuals and that each screener will take 2 minutes and each survey will take an average of 18 minutes.
Exhibit 1. Estimated Annual Respondent Burden
Type of Respondent |
Number of Responses |
Number of Responses per Respondent |
Average Burden per Response (in hours) |
Total Burden Hours |
Non-Participating Household (Screened) |
22,845 |
1 |
2/60 |
761 |
Eligible Household (Completes Survey) |
2,570 |
1 |
20/60 |
857 |
Total |
1618 |
Exhibit 2 shows the estimated annualized cost to respondents based on the amount of time required from individuals who were reached by telephone and the average hourly wage obtained from the 2009 U.S. Bureau of Labor Statistics. It is estimated that it will take up to 2 minutes to determine whether a household is eligible and to complete informed consent. For those who agree to participate, it is estimated that the total time required will be approximately 20 minutes, on average, including screening and informed consent.
Exhibit 2. Estimated Annualized Cost to Respondents
Type of Respondent |
Total Burden Hours |
|
|
Average Hourly Wage Rate* (in dollars) |
Total Respondent Cost |
Non-Participating Household (Screened) |
761 |
|
|
$18.53 |
$14,101.33 |
Participating Household (Completes Survey) |
857 |
|
|
$18.53 |
$15,880.21 |
Total |
$29,981.54 |
*The average hourly earnings for those in private, non-farm positions is $ 18.53 (http://data.bls.gov/PDQ/servlet/SurveyOutputServlet?request_action=wh&graph_name=CE_cesbref3).
There are no capital or maintenance costs to respondents.
The annualized projected total cost to the Federal Government is $415,209. Total cost for management and administration is $20,770. The cost for survey development and testing is $62,281. The cost for sampling and analysis is $64,648. The cost for data collection is $244,974. The cost for editing, reporting, web conference presentation, and conversion of materials for 508 compliance is $22,536.
This is a new collection of information.
Time Schedule
Below is the time schedule including all major deliverables and target deadlines.
Task Description |
Date |
Data Collection |
12 weeks following OMB clearance |
Data Analysis |
16 weeks following OMB clearance |
Draft Final Report |
17 weeks following OMB Clearance |
Comments Received |
18 weeks following OMB Clearance |
Revised Final Report |
19 weeks following OMB Clearance |
Web Seminar |
19 weeks following OMB Clearance |
508 Compliant pdf or html |
20 weeks following OMB Clearance |
Analysis Plan
The contractor will perform quantitative analysis of the survey data including any open-ended responses. They will provide crosstabs and report descriptive statistics for each question based on demographic variables including gender, age, race, and internet usage. RTI will conduct and report results from significance tests where warranted. Data will be reported at the most granular level possible given the sample sizes.
ONC does not seek this exemption.
File Type | application/msword |
File Title | OMB Clearance Application |
Author | hamlin-ben |
Last Modified By | DHHS |
File Modified | 2010-07-07 |
File Created | 2010-07-07 |