In Germany, patients with statutory health insurance have had the option of using an electronic health record since January 2021. However, not many people have been taking advantage of it so far. Researchers at Ruhr University Bochum, Leibniz University Hannover and CISPA – Helmholtz Center for Information Security have conducted an interview study to show that there are many misunderstandings about the digital infrastructure on which the records are based – for example, about who can view which data. Most importantly, people express skepticism about the role of health insurance companies.
Professor Karola Marky and PhD student Rebecca Panskus of Ruhr University Bochum, Germany, presented their findings at the Symposium on Usable Privacy and Security in the US on 8 August 2023. They collaborated for the research with Professor Sascha Fahl of Leibniz University Hannover and CISPA, and Max Ninow from Hannover University.
“As far as the digital infrastructure of electronic health records is concerned, there is ample room for improvement,” is the conclusion Karola Marky draws from the study. “For example, health insurance companies shouldn’t be providing the apps used by policyholders to authorize access to their data. Plus, we need to educate people on the issue – rather than relying solely on family doctors and pharmacies to do all the work.”
Poor understanding of the digital infrastructure
In the first step of the study, the researchers asked 21 people with statutory health insurance to draw a picture of what they imagined the digital infrastructure behind the patient records to look like. They were given the following scenario to guide them: imagine you go to the doctor and want to grant them access to your patient file. What do you think the data flow would look like?
The respondents were given a set of printed icons they could use. They depicted, for example, a doctor, a smartphone, the health insurance company or a hospital. The set also included icons of facilities that aren’t part of the digital infrastructure. The participants selected the icons they thought were relevant and sketched in the links between the selected elements by hand. At the same time, they were interviewed about their choices. None of the 21 subjects guessed the structure as it actually is. Moreover, no two individuals came up with anything like the same image.
The study revealed some misconceptions. For example, people assumed that all doctors’ offices could automatically view the data in their records. In reality, however, the patients have to authorize access for doctors on an individual basis – via an app or using their health insurance card and a PIN.
Critical view of the role of health insurance companies
In the next step, the participants were presented with the actual digital infrastructure and asked which of its features they rated as positive and which as negative. Criticism was mainly directed at the role of the health insurance companies. A total of 85 health insurance companies currently provide their policyholders with apps that they can use to grant doctors’ offices access or to edit their records, for example by deleting entries.
“There are legal regulations governing which data health insurance companies are allowed to view,” explains Karola Marky. However, the fact that health insurance companies provide the apps suggests to many policyholders that the insurance companies can view more data with digital records than they can with non-digital records. The researchers didn’t establish in this study whether this is actually the case. Still: “From a security perspective, it would be better to offer a single open-source app that all policyholders across Germany can use,” points out Marky. “That would make people trust the app more, ensure a consistent security standard and reduce maintenance requirements.”
The researchers also argue that there should be multiple options for accessing the file, for example via desktop applications, in order to make sure that people without a smartphone can use the services as well.
The ability to delete records – both a curse and a blessing
The fact that policyholders can delete entries from their records prompted mixed feelings among the respondents. On the one hand, they appreciated having control over their own data. On the other hand, they also saw potential for abuse: for example, someone could have the same medication prescribed by two doctors and delete the relevant information. For this reason, the German Medical Association already recommends that doctors’ offices with access to electronic health records should automatically store a copy of the files locally.
Finally, the research team suggests that the electronic health record should be easily accessible in the event of a medical emergency, as patients themselves may not be able to provide access at that time.
Original publication
Rebecca Panskus, Max Ninow, Sascha Fahl, Karola Marky: Privacy mental models of electronic health records: A German case study, Symposium on Usable Privacy and Security, Anaheim, USA, 2023, Download Paper
Press contact
Prof. Dr. Karola Marky
Digital Sovereignty Lab
Faculty of Computer Science
Ruhr University Bochum
Germany
Phone: +49 234 32 20696
Email: karola.marky(at)ruhr-uni-bochum.de
Rebecca Panskus
Digital Sovereignty Lab
Faculty of Computer Science
Ruhr University Bochum
Germany
Phone: +49 234 32 29586
Email: rebecca.panskus(at)ruhr-uni-bochum.de
Christina Scholten
Marketing und Public Relations CASA Cluster of Excellence
Ruhr University Bochum
Germany
Phone: +49 234 32 29274
Email: christina.scholten(at)ruhr-uni-bochum.de
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.
