|
Article Excerpt
1. Introduction
Electronic medical records (EMRs) allow medical providers to store and exchange medical information using computers rather than paper records. Although EMRs were invented in the 1970s, by 2005 only 41% of U.S. hospitals had adopted a basic EMR system. This is troubling, given estimates that widespread adoption could reduce America's annual health-care bill by $34 billion through higher efficiency and safety (Hillestad et al. 2005). (1) Anecdotal evidence suggests that privacy protection may partially explain this slow pace of diffusion. For example, expensive state-mandated privacy filters may have played a role in the collapse of the Santa Barbara County Care [Health] Data Exchange (SBCCDE) in 2007. (2)
This paper pursues a three-pronged empirical strategy to provide the first quantitative estimates of the effect of state-level privacy protection on hospital EMR adoption. We start by identifying how network effects shape the adoption of EMRs, and how these network effects vary by whether or not states have privacy legislation. We then examine how privacy legislation affects overall adoption. Finally, we present evidence that suggests that privacy legislation primarily reduces demand for EMRs via the suppression of network effects. We discuss these three empirical strategies in turn in the remainder of this introduction.
Network effects may shape the adoption of EMRs because hospitals derive network benefits from EMRs when they can electronically exchange information about patient histories with other health providers. Exchanging EMRs is quicker and more reliable than exchanging paper records by fax, mail, or patient delivery. It is especially useful for patients with chronic conditions who want to see a new specialist who requires access to previous tests. It is also useful for emergency room patients whose records (containing information about previous conditions and allergies) are stored elsewhere. Exchanging EMRs with another hospital can also be profitable. Under the prospective payment system, where Medicare and many state Medicaid programs reimburse hospitals a flat amount per diagnosis group, hospitals have large financial incentives to avoid expensive duplicate tests. Such network benefits may lead to "network effects," where the adoption of EMRs by one hospital depends on the adoption by other hospitals. This paper defines network effects as the economic externality produced from one hospital's adoption decision on the profitability of EMR adoption for other hospitals.
Privacy protection may affect the network benefit of EMRs to hospitals and, by implication, alter how much one hospital's decision to adopt EMRs is affected by another hospital's adoption. The direction of this effect is not clear. Privacy protection could increase the network benefits to hospitals of exchanging information electronically if patients are reassured that their medical information will be treated confidentially, consequently making them more likely to report accurate medical information. On the other hand, privacy protection also makes the electronic exchange of information more expensive, and that could reduce net network benefits. These concerns apply to all records, but are heightened for electronic records, because a major advantage of EMRs over paper records is that they facilitate the dissemination of information.
Measuring such network effects is challenging in any setting. Adoption may be correlated within a local health service area (HSA), even absent network effects, due to common shocks. We exploit variables that affect the preexisting information technology (IT) infrastructure and policy of other hospitals in the local HSA as sources of exogenous variation for the installed base. These instrumental variables (IVs) proxy for whether other local hospitals' adoption is reduced by legacy infrastructure and physician resistance.
The decision to enact privacy legislation may itself be correlated with unobservables that have an influence on the adoption decision, so in our first analysis we seek to identify how local network effects shape adoption for states with and without privacy legislation by running separate regressions for each of these groups. In states without hospital privacy legislation, EMR adoption by one hospital increases the probability of a neighboring hospital's adoption by 7% overall in the cross section using cross-sectional data and by 2% every three years using panel data. In states with hospital privacy protection, there is no measurable effect from one hospital adopting EMRs on another hospital. Privacy protection reduces the net installed base effect, which suggests that the installed base effect is driven by network effects and can be attributed to the exchange of information rather than to other supply-side spillovers, such as learning by doing or agglomeration of technological expertise, that are not directly affected by privacy protection. We provide some validation for the empirical approach using a falsification exercise. We show that although EMR adoption exhibits positive and significant responses to the installed base in states without privacy laws, there are no such effects for a software that has no network benefits.
Having uncovered a mechanism by which privacy protection may affect EMR adoption, we estimate the overall effects of the laws on EMR diffusion. We implement several complementary empirical strategies, using cross-sectional and panel data and two sets of IVs. The panel model includes hospital fixed effects (FEs), and uses compositional shifts in state legislatures to instrument for changes in privacy laws. The cross-sectional strategy uses variation in local tastes for privacy and regulation to separate the effects of the laws from confounding factors such as education levels or tastes for technology. Both sets of IV estimates indicate that state privacy protection (reflecting tastes for privacy) reduces adoption by 24% overall using cross-sectional data and 11% per three-year time period using panel data. We repeat the falsification test and find no evidence that privacy laws inhibit adoption of a placebo technology that privacy laws do not cover. We conclude by presenting some suggestive three-stage least squares (3SLS) estimates that incorporate the panel data and the full set of instruments to estimate direct effects of privacy laws on adoption and effects that are mediated through network considerations and the installed base.
Our results suggest there is a trade-off between EMR adoption and privacy protection. We do not, however, quantify the overall benefits of either EMR adoption or privacy protection. For example, the overall benefit of privacy protection might be positive if other spillovers, such as a reduction in medical identity theft, outweigh the costs of delayed EMR adoption.
Although we study just one technology and one type of regulation, our results illuminate the broader debate about the potential implications of privacy protection for speedy adoption of other interactive technologies. In many cases, policy makers have enacted privacy protection without careful quantification of the potential costs in terms of inhibiting technology diffusion. For example, Utah's House of Representatives passed the first-ever radio-frequency identification (RFID) privacy bill in 2004, designed to prevent retailers from matching RFID data with consumers' personal information. In the discussion of the bill, little attention was paid to how this might hinder the diffusion of RFID. This debate has grown in importance with the increase in the number of interactive technologies that allow companies and individuals to exchange information online, such as e-wallets and online supplier electronic data interchange (EDI) systems. Our results support work by economic scholars such Posner (1981) and Varian (1997), which suggests that there are efficiency costs to privacy protection.
Our paper is organized as follows. Section 1.1 discusses more broadly how our research contributes to the health and IT literature. Section 2 sets out our conceptual model, whereas [section]2.1 discusses the legal context of state variation in privacy protection. Section 3 describes the data. Section 4 studies how network effects shape the adoption of EMRs, and how these network effects differ for states with and without privacy legislation. Identification in this analysis arises from variation in the number of adopters within a local HSA. Instrumental variables are used because there may be unobserved demandside shocks within a local HSA that have an influence on all adopters. Section 5 examines how passing privacy legislation influences adoption, without studying how it affects the network benefits of adoption. Here identification arises from variation in legislation within a state over time, and again we instrument the law because demand for privacy protection may be correlated with propensity to adopt EMRs. Section 6 combines these two types of estimation and exploits variation in policy and local adopters to see whether the privacy legislation reduces demand for EMRs primarily through decreasing the network benefit. Section 7 concludes the paper.
1.1. Literature Review
Our findings are directly relevant for a growing literature that studies the diffusion of health-care IT. The primary motivation of this literature is to identify impediments to the diffusion of IT among health-care providers in the United States. For example, Borzekowski (2002) investigates how cost-saving incentives created by the U.S. health-care finance system affected the adoption of health-care information systems over time. Reflecting the national policy importance of EMRs, there have been multiple studies that examine correlates of its diffusion. Simon et al. (2007) evaluate the role of practice size in the diffusion of EMRs in doctors' offices in Massachusetts. Kazley and Ozcan (2007) emphasize the importance of both a hospital's organizational (size, ownership, system affiliation, public payer mix, teaching status, financial resources) and environmental characteristics (competition, rurality, per capita income, change in unemployment rate) for EMR adoption. Angst et al. (2008) investigate the role of "celebrity status" and spatial proximity in the diffusion of EMRs, taking a mimetic adoption perspective. Miller and Tucker (2009) investigate whether the risk of an electronic "paper trail" in medical malpractice cases inhibits adoption of EMRs. Vetter (2009) discusses the legal issues that have been hampering the development of open-source technologies for health IT. This paper is the first empirical investigation of the role of privacy protection in the diffusion of health-care IT and the implications this has for the network effects and network benefits of the technology. This empirical evidence is valuable given the legal issues surrounding optimal privacy policy for a new national-level EMR system (Hoffman and Podgurski 2008).
This emphasis on privacy protection contributes more broadly to the literature on interorganizational IT. There is a growing literature that studies the role of network effects in technology adoption by organization, such as the theoretical model of buyer and supply networks by Riggins et al. (1994), the empirical study of the role of network externalities in electronic banking adoption by banks by Kauffman et al. (2000), the study of the adoption of automated clearing house technology by banks by Gowrisankaran and Stavins (2004), and the study of the role of network externalities in EDI adoption by firms by Chwelos et al. (2001). However, this is, to the best of the authors' knowledge, the first paper to examine how network effects, and consequently technology adoption decisions, are affected by privacy protection. These results highlight the importance of regulation and the regulatory environment for network industries, a factor often omitted in studies of IT adoption.
A consistent theme of this literature on network effects in the diffusion of IT has been overcoming the challenge of identifying causal network effects when there are unobservable differences in tastes and institutions across networks, which could also explain correlated adoption decisions. To overcome this challenge, previous works such as those of Tucker (2008), Rysman (2004), and Gowrisankaran and Stavins (2004) have focused on finding...
|
