This article was downloaded by: [University of California, San Diego] On: 03 June 2015, At: 15:28 Publisher: Taylor & Francis Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK
Journal of Health Communication: International Perspectives Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/uhcm20
Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study a
b
b
c
Audie A. Atienza , Christina Zarcadoolas , Wendy Vaughon , Penelope Hughes , Vaishali c
a
Patel , Wen-Ying Sylvia Chou & Joy Pritts
c
a
National Cancer Institute, National Institutes of Health, Rockville, Maryland, USA
b
CUNY School of Public Health at Hunter College, New York, New York, USA
c
Click for updates
Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, Washington, District of Columbia, USA Published online: 14 Apr 2015.
To cite this article: Audie A. Atienza, Christina Zarcadoolas, Wendy Vaughon, Penelope Hughes, Vaishali Patel, WenYing Sylvia Chou & Joy Pritts (2015) Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study, Journal of Health Communication: International Perspectives, 20:6, 673-679, DOI: 10.1080/10810730.2015.1018560 To link to this article: http://dx.doi.org/10.1080/10810730.2015.1018560
PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content. This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http:// www.tandfonline.com/page/terms-and-conditions
Journal of Health Communication, 20:673–679, 2015 ISSN: 1081-0730 print/1087-0415 online DOI: 10.1080/10810730.2015.1018560
Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study AUDIE A. ATIENZA1, CHRISTINA ZARCADOOLAS2, WENDY VAUGHON2, PENELOPE HUGHES3, VAISHALI PATEL3, WEN-YING SYLVIA CHOU1, and JOY PRITTS3 1
National Cancer Institute, National Institutes of Health, Rockville, Maryland, USA CUNY School of Public Health at Hunter College, New York, New York, USA 3 Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, Washington, District of Columbia, USA
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
2
This study examined consumers’ attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race=ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy=security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy=security of using mHealth technologies and the potential benefits. Having control over mHealth privacy=security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy=security both within and between traditional demographic groups. Thus, to address consumers’ concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.
Mobile phones and other portable electronic devices offer unprecedented opportunities to improve the health of the U.S. population and reach traditionally underserved subgroups (e.g., rural communities, low-income groups, ethnic minority populations). Mobile phone use, in particular, has proliferated at an astounding rate. A survey conducted in 2012 reported that 88% of U.S. adults owned a mobile phone, and more than half of mobile phone owners use smart phones (Pew Research Center, 2012a). From 2010 to 2012, the number of U.S. adults who used their phones to access health information nearly doubled (17% to 31%), with increases noted across nearly all demographic categories, including gender, age, ethnicity=race, income, and education levels (Pew Research Center, 2012a). In addition, ethnic minority groups are more likely to own mobile phones and smartphones, and use mobile phones to access health information compared with non-Hispanic Whites. This article not subject to US copyright law.
Address correspondence to Audie A. Atienza, Science of Research and Technology Branch, Behavioral Research Program, Division of Cancer Control and Population Sciences, National Cancer Institute, National Institutes of Health, 9609 Medical Center Drive 3E608, Rockville, MD 20892, USA. E-mail: [email protected]
Along with the proliferation of mobile devices, there has been an exponential proliferation of consumer-facing mobile health (mHealth) technology (e.g., some report that there are currently 40,000 medical applications available for download on smartphones and tablets; Gold, 2012). Surveys further suggest that, in general, preference for communicating about health information with mobile devices is increasing. For example, the Consumer Health Information Corporation (2011) found that 41% of consumers prefer to receive a health-related task reminder through text messaging, 58% expressed interest in using a mobile device application (app) to manage their health, and 49% stated that they want to use an application to keep track of their health. Although the adoption of mHealth technologies geared toward clinical settings has been slower compared with consumer-facing technology (Pew Research Center, 2012a), the development and use of mobile medical devices for patients is beginning to increase rapidly, taking health-care workers by surprise (Boyce, 2012). Federal policies seek to empower individuals to improve their health by increasing access to their health information and engagement with the health care system through technology (U.S. Depart of Health and Human Services, 2011). Recent federal objectives for providers to receive incentives though the Meaningful Use program for the
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
674
A. A. Atienza et al.
adoption and use of electronic health records include encouraging the use of secure email to communicate with patients regarding relevant health information, and enabling patients to electronically view, download, and transmit their health information (U.S. Depart of Health and Human Services, 2012). With suggestions of mobile devices being integrated in the not too distant future with electronic health records (Kharrazi et al., 2012), the federal incentives that encourage electronic health record use could spur even greater adoption of mHealth technology. The rise of mHealth technology has prompted discussions of privacy=security issues related to using these devices. Privacy relates to having control over who is able to access, use, or share one’s information, whereas security refers to the tools or technology used to prevent unauthorized access, use, or sharing (National Committee on Vital and Health Statistics, 2009). Concerns and preferences about the use of mobile technology have recently been discussed in stakeholder interviews (Whittaker, 2012), surveys of general consumers (Pew Research Center, 2012b; Proudfoot et al., 2010), and research among patient groups (e.g., people with asthma [Baptist et al., 2011]; people with HIV=AIDS [Tran & Houston, 2012]). Some have proposed that attitudes about privacy and security are determined by situation, context, and expectations for information flow—who gets what information for what purpose (Ackerman & Mainwaring, 2005; Nissenbaum, 2010). However, research has primarily asked general questions about mHealth privacy and security. Few studies have examined more specific concerns and preferences individuals may have regarding the use of mobile
technology, particularly in the clinical setting, and limited attention has been given to situational or contextual factors. This exploratory mixed-methods study examined consumers’ attitudes and perceptions regarding the use of mobile technology in health care to communicate health information. We conducted focus groups in 2012 among geographically, ethnically, and socioeconomically diverse groups in the United States. This article primarily aimed to describe the privacy and security perceptions, attitudes, and concerns of consumers about the use of mHealth technology in health care.
Method Twenty-four focus groups with 256 participants were conducted in five U.S. states (California, Georgia, Illinois, New York, and Texas). These areas were selected for geographic diversity. This study aimed to elicit perspectives of consumers representing a variety of ages, educational levels, and areas of population density. To reach this diverse body of consumers, we collaborated with local community-based organizations. We identified organizations representing well-known, trusted entities in the community that served the targeted consumer groups, were capable of assisting in recruiting and scheduling the focus groups, and could host the groups in their facility (see Table 1). We provided the community-based organizations with a screening guide, which they used to recruit and select participants. Inclusion criteria included the following: adults between 18 and 74 years of age who were current owners and users of cell phones or smartphones with texting capability and
Table 1. Community-Based Organizations and Focus Group Locations Community-based organization Health Coalition of Amarillo Rural Area Parenting Program Services Ravenswood Community Services
Focus group location
Purpose
Plainview, TX Hereford, TX Seguin, TX
. Develop and support the collaboration of area health providers in the
Chicago, IL
. Provides resources for neighbors in need and creates outreach opportunities . Provides neighbors with basics of food and daily supplies, health screenings
provision of health services . Assists families in achieving knowledge and proper techniques to raise their
children in a safe and healthy environment
and information, and life skills education Latino Commission on AIDS New York, NY Union Settlement Association New York, NY (Harlem) New Jerusalem Baptist Church New York, NY (Jamaica) Vietnamese Voluntary San Jose, CA Foundation Central CA Center for HHS, CA State University
Fresno, CA
Community Health Care, Inc. Irwinton, GA
. Dedicated to fighting the spread of HIV=AIDS in the Latino community . Expands opportunities for low-income families and individuals by providing
culturally relevant services ranging from early childhood and youth development to community support for adults and seniors . Dedicated to fellowship, with an emphasis on family and acceptance of people everywhere . Assists refugees, former refugees and immigrants, and low-income ethnic families to become productive members of their communities and to value multicultural diversity . Addresses high-priority needs in the region . Provides administrative and grant development support for various ancillary units and developing projects . Commitment to providing quality primary health care services to patients . Provides leadership and services necessary to improve the health status of all community members
675
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
mHealth, Privacy, Security, and Mixed Methods who were able to communicate in English or Spanish. The number of focus groups held in a rural or urban setting was evenly balanced at 12 each. Focus groups were also diverse with respect to age and education levels: 8 groups of each age range (18–33 years, 34–56 years, and 57–74 years); 6 higher educational level groups, and 18 lower educational level groups. Because approximately 12% of U.S. residents 5 years of age and older speak Spanish at home (U.S. Census Bureau, 2009), to ensure a representative sample of Spanish speakers, 25% of the groups (6 out of the 24) were conducted in Spanish; the rest were conducted in English. All research activities had received institutional review board approval and followed approved institutional review board guidelines. After providing consent, participants completed a pre–focus group questionnaire (see supplemental Appendix available online). The questionnaire, which is based on research with low literacy and underserved populations (Zarcadoolas et al., 2013), included basic demographic questions (age, race=ethnicity, education, and family income) as well as questions regarding general health status and mobile device privacy and security concerns. The technology questions aimed to identify the amount of computer and Internet experience people had. The questionnaire was anonymous, so focus group remarks made by individuals could not be directly linked with the questionnaire data. Each focus group was led by an experienced moderator who was a native of the language of the group, with a trained note taker present in each group. The focus groups were audiotaped and transcribed. On average, the moderated portion of each focus group session lasted 90 min. Upon completion of the focus group, participants each received US$50 as compensation for their time and travel, which is consistent and within the range of current norms of compensating focus group participants (Dhanireddy et al., 2012; Lindstrom et al., 2012; U.S. Department of Agriculture FNS, 2012; Walker, Ahern, Le, & Delbanco, 2009). All 24 focus group discussions were notated in quick notes—notes made by note takers and moderators immediately after a focus group. Data analysts listened to the audio recordings multiple times and examined the written transcripts to develop a coding guide. Because of the large number of English-language focus groups (n ¼ 18), the qualitative software program Dedoose (SocioCultural Research Consultants, LLC) was used to assist in the analysis of verbally transcribed discussions. Dedoose is a commercially available rich Internet application that facilitates the analysis of large qualitative or mixed-methods data sets. The six Spanish-language focus groups were coded manually. With respect to coding major topics and subtopics, four trained coders (two English=two Spanish) independently listened to the English language audio and read the transcript of one group until agreement on codes exceeded 80%. This coding was a process of sorting, organizing, and indexing the data (Borkan, 1999). We analyzed all data=utterances using the grounded theory method and axial coding (Addison, 1999; Creswell, 1998). We examined our emerging
theories about content, returning to the data looking for evidence, incidents, and events that supported or refuted the questions, and so verified our understanding of the data (Creswell, 1998). We considered each instance of similar content as an incident. The incidents were compared with other incidents to develop concepts. Themes were derived by clustering or consolidating concepts on the basis of frequency, saliency, and intensity (Glaser & Strauss, 1967) and immersion=crystallization (Borkan, 1999). Once the coding guide (a listing of codes and examples) for English was complete, the primary coder coded all 18 focus groups and the secondary coder coded one third of the groups. The coding guide was updated as necessary. With the Spanish-language groups, once the coding guide was established, both coders independently coded all six focus groups, meeting frequently to resolve any discrepancies in interpretation.
Findings Pre–Focus Group Survey Findings One quarter of participants identified themselves as non-Hispanic White, 31% Hispanic, 21% Black=African American, 9% Asian=Pacific Islander, 3% American Indian or other ethnicity, and 11% did not report this information. Of participants, 61% owned a smart phone and 62% stated that they had used a mobile phone app. More than half of participants (59%) had accessed the Internet using a mobile phone=smart phone, and 75% sent a text message every day or almost every day. With respect to all messages, 41% of participants reported being concerned=very concerned about sending or receiving messages on their mobile phone or device, and 46% had limited the types of messages sent by mobile phone because of privacy=security concerns. Of participants, 18% used an online personal health record, and 77% previously used the Internet to search for health information. Focus Group Findings Focus group participants were asked to discuss privacy and security of personal health information transmitted through mobile device in two general contexts: (a) the use of mobile devices in their lives and (b) issues related to health information flow with providers. In addition to privacy and security issues, participants in the focus groups also discussed preferences for personal interactions with providers, the desire to be able to ask clarifying questions, and concerns about not understanding health information if sent electronically. Three major themes regarding privacy and security emerged from the focus groups: . Tradeoffs: what consumers are willing=not willing to
exchange relative to privacy and security concerns. . Control: desire to have a final say in what personal infor-
mation is exchanged, with whom, and in what format. . Trust: level of trust in technology, health care providers,
and other entities influencing consumer behavior regarding the use of mHealth.
676
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
Tradeoffs Participants frequently considered the tradeoffs between their privacy=security concerns and potential benefits of mHealth technologies. While most participants expressed a keen interest in protecting their privacy or security, many participants were also willing to exchange privacy and security if they viewed the use of mHealth technology to be more convenient or perceived certain benefits (to oneself or others): Help maintaining our bodies, our system that we align with every day. That’s the tradeoff. And, see, again, I just don’t feel that the private and security risk is really that great when you really, really stop and think about it. It really isn’t that great. So personally I’d think the tradeoff is to my benefit. (New York, 57–74) Para evitar el viaje a la clı´nica . . . Tres horas ahı´ esperando para que me llamen, para decirme dos palabras [To avoid the trip to the clinic . . . Three hours there waiting to call me to say two words]. (NYC [Spanish], 57–74)
Many consumers gauged their level of concern over privacy=security in the context of the perceived sensitivity of information being communicated. Thus, a subtheme with tradeoffs also emerged whereby participants were more concerned about exchanging sensitive or possibly stigmatizing information. For example, although participants expressed little concern over receiving general health tips or reminders over a mobile device to get information ‘‘sooner,’’ many expressed more concerns about sending or receiving certain types of lab=test results, diagnostic information (particularly ‘‘bad news’’ or potentially stigmatized diagnoses), and=or personal pictures over a mobile device: Like with something really extreme, like if you were getting an HIV test, you know, I certainly would not want that to pop up on my phone, you know, or something that’s very stigmatized. You know, but pretty much anything else, the sooner I can get the results, you know. (Chicago, 18–33)
In another example, participants were asked whether they would be okay with sending certain types of test results, such as blood sugar readings, to their doctor over their mobile device. Some participants were willing to electronically send these results because the information was not so personal: Depending on there are some things that you want people to know, there are some things you don’t want people to know, like some people are dying of cancer. They don’t want their family to know, that’s information that they don’t want to let out there. It’s between him and the doctor, you know, that’s where you go in to go see your doctor. But other information, like . . . your blood pressure, all that stuff, I wouldn’t mind giving it on the phone just as a way of saving the trip, going over there and wasting gas, or, you know—sitting there and thinking, we scheduled for another day . . . when you could be working or doing something else. (San Jose, 18–33)
A. A. Atienza et al. When the moderator asked this participant whether it would be okay to communicate information that was ‘‘not too personal,’’ the participant agreed the convenience of mobile outweighed privacy concerns. Thus, perceptions and attitudes about the privacy and security of using mobile technology were highly contextualized rather than viewed in absolute terms. The sensitivity of the health information being transmitted affected whether participants would use mHealth technology; individuals may readily engage in using mHealth technology if the information is less sensitive, but may be less likely to if the information is considered too personal or stigmatizing. Control Focus group participants expressed a desire to ‘‘control’’ who receives or views their personal health information, transmitted using mobile devices. Particularly with sensitive health information, participants expressed some concerns about their ability to control the technology and information in two different areas: controlling the actual handling and use of technology in one’s own personal space (i.e., proximal space), and controlling who sees or has access to the information once the information is transmitted from the mobile device (i.e., cyberspace). With respect to proximal space and control over the mobile device, many participants wished to have control of when and where they accessed their health information; for example, being able to control the time and location of incoming texts, and expressed concerns about others inadvertently or intentionally seeing personal information on their mobile devices: One thing about that, though, is like I’m not totally comfortable with using it like —I might surf the Internet on the train, but I’m not going to necessarily go to my health record on the train. Most of the places where I’d be comfortable using it are places where I have access to a computer. (Chicago, 34–56) A text message seems more open to the public. I can hand my phone off to someone real quick and just say, ok, check this out . . . I don’t know. It doesn’t make me feel safe. (Fresno, 18–33)
With respect to control of information in cyberspace (i.e., once information has left the device), responses were mixed. Some expressed concerns over who has access to or uses their information. Others expressed resignation over the consumer’s inability to control information once it was sent: That’s why I guess I’m not worried about what I send across, for the fact that I know everything—all our information about you is stored somewhere there now. If any hacker really wanted it bad enough, they could find it now. So it’s out of our hands, basically. (Georgia, 57–74)
Trust Participants were not universally comfortable transmitting health information using mobile devices with all entities. For some individuals, a trusting relationship with one’s
677
mHealth, Privacy, Security, and Mixed Methods
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
health care provider was an important factor in considering the use of mHealth technology, despite concerns of privacy= security. One participant said, ‘‘I think because all the doctors I go to I’ve known a long time, so I guess I feel a sense of trust there.’’ Another participant mentioned that she would use m-Health technology ‘‘if the doctor requires it.’’ In contrast, participants were less trusting of what insurance companies, Internet companies, or other businesses would do with their personal health information: It’s your own confidentiality with your personal information. I mean, I don’t want people to randomly hold on to my health care information just because they can, like Internet companies. Like, why do you need my information? Why are you holding on to it? Why is stored in a random place where a random person could see it? (Fresno, 18–33)
Demographic Versus Technology Mindset Segmentation There was diversity in attitudes and concerns regarding mHealth privacy=security both within and between traditional demographic groups (e.g., age groups, race=ethnic groups, and urban=rural location). For example, a range in the salience and levels of concern about privacy=security was expressed among younger and older participants alike. Younger participants’ views ranged. Some were less concerned: I don’t have any reason to be concerned. I don’t write anything that there’s someone trying to—I mean, there’s always someone trying to get into it, but there’s protectors against that. So, I don’t feel like I should worry myself over something that I can’t control anyway. (Texas, 18–33)
Others were more concerned: Well, you don’t know who’s going to have access to your information, depending on what you’re talking about, what is being said. You know, you could be giving out personal information and don’t want people knowing certain things if it’s pertaining to you or your family. So it’s just a matter, it’s, like, what type of company—who you’re sending it to, and how are they receiving, and who is going to be looking at it. (Fresno, 18–33)
Similarly, older participants’ views ranged. Some were less concerned: My feeling is that my life’s an open book, and whoever looks at it, they’re going to be disappointed. (Chicago, 57–74)
Others were more concerned: Because I’ve had personal information hacked before . . . Yes, I have. They actually purchased train tickets using my account information . . . I’ve been a victim, yes.
And I think the more sensitive the information, the more concerned I am. (Fresno, 57–74)
There was wide variability in how participants perceived privacy and security risks when using mobile technology. Some participants expressed little concern about potential breaches of privacy and security: I don’t really think people are as concerned as sometimes they may give off, because, let’s face facts. If you have an Android or if you have an iPhone, your GPS is on. So everything you do is taped, so I can put as many passwords on my stuff as I want to. At the end of the day, that password is also stored in somebody else’s database anyway. So I’m not really being protected from anything. That’s why I originally said I’m not concerned about it. (New York, 18–33)
Whereas other participants described strong concerns about risks to their private information when using technology, with some choosing to forgo use of technology to protect themselves: I don’t do any of that—I don’t even have a computer. I mean, I have the phone, but I just think it’s all invasive . . . (Chicago, 34–56)
The majority of consumers, however, acknowledged that there were benefits to the use of mobile technology, but were cautious, and often conflicted, about giving up aspects of their privacy to enjoy these benefits: Technology is just so out there now that anything can happen through technology . . . I think it’s just people that sits around and just think of ways to scam or do anything . . . I don’t trust—I’m not really trustworthy with the new technology. I like it but I’m not trusting of it. (Georgia, 18–33) I use my hand-held devices for pretty much everything. And I try to be careful about it, and I try to do all my security settings and whatnot. But I still know that, you know, there are people, there are hackers that if they . . . thought I had anything important, that, you know, if they wanted it, they could get it . . . it is a concern that I have, but what are you going to do? (Fresno, 34–56)
Discussion This exploratory study found that consumer perceptions and attitudes regarding privacy and security are highly contextualized. Level of concerns about mHealth privacy and security depend on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. The findings suggest that willingness to use mHealth technology specifically in the context of sending and receiving personal health information may be influenced by
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
678 perceived benefits and willingness to use new technologies, as well as trust with those in the information channel (health care providers, insurance companies, telecommunication companies). The important role of context is consistent with prior conceptual discussions (Ackerman & Mainwaring, 2005; Nissenbaum, 2010) and smaller focus group studies on patient or consumer attitudes (Prasad et al., 2011). Our findings are congruent with prior research regarding individual control over technology (Ackerman & Mainwaring, 2005; Avancha et al., 2012), which proposed that individuals are concerned about unauthorized access to their electronic health information and unintended secondary use of stored data. We found that control over the technology and the ability to determine who sees the information communicated through mobile devices was important to consumers. The large amount of data that can be collected and=or transmitted using mobile technology, as well as the greater number of actors in the communication chain (e.g., consumers, providers, Internet providers, telecommunication carriers, third-party vendors, possibly family members) increases the complexities of securing one’s personal health information. Our findings also concur with others who report that concerns over the privacy and security of using technology are not uniform among individuals and cut across traditional demographic characteristics (i.e., age, race=ethnicity, urbanicity; Ackerman & Mainwaring, 2005; Avancha et al., 2012). There is the possibility that variability in concerns and willingness to use mHealth technology with providers may be more influenced by the degree to which consumers are willing to adopt new technology than demographic differences and this should be studied further. Diffusion of Innovation theory (Rogers, 1995) may be useful in identifying the types of individuals who are more or less willing to use mHealth technology. Future research may wish to segment individuals based on their technology adoption classification (e.g., early adopters) and empirically evaluate factors that influence attitudes and behaviors toward mHealth use. Although in this study we did not assess technological literacy per se, we noted that consumers’ descriptions of their experience with and understanding of the capabilities of different forms of mobile technology were highly varied. Although life in the United States is increasingly defined by and dependent on technology, many consumers do not have the needed fundamental literacy skills (reading, writing, numeracy) to make informed decisions about technology (International Technology Education Association, 2007; Pearson & Young, 2002). Although our current data do not allow us to identify causal connections between attitudes and experience with technology and perceptions of privacy and security risks, these possible relationships deserve much closer attention and study. Consumers expressed other pragmatic concerns about the use of mHealth technology involving their relationship with providers. The most salient concerns included preferences for more personal interactions with providers (human touch), the desire to have the opportunity to ask clarifying questions, concerns about not understanding health
A. A. Atienza et al. information if received electronically, and uncertainty about whether information would reliably reach the intended recipient. These issues place perceptions of mHealth privacy and security into a larger context of the multitude of factors consumers consider when deciding whether and when to use mHealth tools. There are a number of limitations to this study. Although focus groups were conducted with individuals from diverse backgrounds in five different states, it is unclear to what extent the focus group participants are representative of the U.S. population. The use of smart phones was higher among participants in this sample (61%), compared with a recent national survey (45%; Pew Research Center, 2012a). Thus, this sample may be more inclined toward technology adoption compared with other nationally represented research. That said, all groups were balanced according to various demographic characteristics. Moreover, given the exploratory nature of the study, causal relationships cannot be determined. In addition, this study was not designed to determine consumers’ knowledge of specific policies and technical requirements related to mHealth privacy and security, but instead it focused on consumers’ perceptions and attitudes. Last, the themes that emerged reflect viewpoints at one point in time. Participants’ attitudes and perceptions were evolving and fluid even during the course of the focus group discussion. Thus, the rapid adoption and use of continually evolving mobile technology may modify perceptions and attitudes of mHealth privacy and security as consumers gain more knowledge and experience with using mobile devices for tasks related to health care. Overall, the present study suggests that a more nuanced and contextual framework of mHealth privacy and security for consumers is required. Further research is needed to examine how familiarity and experience with technology affects consumers’ assessment of mHealth privacy and security risks, as well as the ways in which consumers seek to protect personal health information when using mobile technology. Because trust in health care providers seems to be associated with a willingness to use mHealth devices despite privacy concerns, providers may consider appropriate situations for supporting consumers in the use of mHealth technology and tailor messages for encouraging this use according to consumers’ readiness to embrace the technology. Providers need to also assess the degree to which consumers may feel that the information being communicated is considered too sensitive or too complex to be transmitted through mobile technology. For technology developers, user-centered design and continued collaboration with care providers is strongly recommended to better understand how individuals and groups actually use the technology in their everyday lives, as well as the barriers to use (e.g., readability, navigability). One should not assume a particular behavioral pattern of mobile technology use because individuals belong to a particular demographic group (e.g., variability in concerns was seen in both younger and older consumers), but empirically test these assumptions in usability studies. Explicitly providing consumers with options to modify and control privacy
mHealth, Privacy, Security, and Mixed Methods settings, as well as to determine when consumers can view or hear information at a time and place of their choosing, needs to be considered when developing mobile technology programs. Also, researchers, providers, and developers need to better understand the tradeoffs to privacy and security that consumers are willing to consider as they adopt the use of mHealth technology. Future research is needed to confirm and provide further evidence to support the findings that emerged from this exploratory study.
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
Supplemental Material Supplemental data (Appendix: mHealth Privacy and Security Consumer Research Pre-Focus Group Survey) for this article is available on the publisher’s website at http:// dx.doi.org/10.1080/10810730.2015.1018560.
Acknowledgments This study was not supported by external funding. The Department of Health and Human Services, Office of the National Coordinator for Health Information Technology provided funds for the data collection. The National Cancer Institute, the Department of Health and Human Services, and the Office of the National Coordinator for Health Information Technology reviewed and approved this article before submission. The findings and conclusions in this report are those of the authors and do not necessarily represent the views of the Department of Health and Human Services, the National Institutes of Health, or the National Cancer Institute.
References Ackerman, M. S., & Mainwaring, S. D. (2005). Privacy issues and human-computer interaction. In L. F. Cranor & S. Garfinkel (Eds.), In security and usability: Designing secure systems that people can use (pp. 381–400). Sabastopol, CA: O’Reilly Media. Addison, R. (1999). A grounded hermeneutic editing approach. In B. Crabtree & W. Miller (Eds.), Doing qualitative research (2nd ed., pp. 145–162). Thousand Oaks, CA: Sage. Avancha, S., Baxi, A., & Kotz, D. (2012). Privacy in mobile technology for personal healthcare. ACM Computing Surveys, 45(1). Retrieved from http://www.cs.dartmouth.edu/~dfk/papers/ avancha-survey.pdf Baptist, A. P., Thompson, M., Grossman, K. S., Mohammed, L., Sy, A., & Sanders, G. M. (2011), Social media, text messaging, and email: Preferences of asthma patients between 12 and 40 years old. Journal of Asthma, 48, 824–830. Borkan, J. (1999). Immersion=crystallization. In B. Crabtree & W. Miller (Eds.), Doing qualitative research (2nd ed., pp. 179–194). Thousand Oaks, CA: Sage. Boyce, N. (2012). Maps, apps—and evidence? The Lancet, 379, 2231. Consumer Health Information Corporation. (2011). Motivating patients to use smartphone health apps. Retrieved from http://www. consumer-health.com/press/2008/NewsReleaseSmartPhoneApps.php Creswell, J. (1998). Qualitative inquiry and research design: Choosing among five traditions. Thousand Oaks, CA: Sage. Dhanireddy, S., Walker, J., Reisch, L., Oster, N., Delbanco, T., & Elmore, J. G. (2012). The urban underserved: Attitudes towards gaining full access to electronic medical records. Health Expect. Dimitropoulos, L., Patel, V., Scheffler, S. A., & Posnack, S. (2011). Public attitudes toward health information exchange: Perceived benefits and concerns. American Journal of Managed Care, 17, SP111–SP116.
679 Glaser, B., & Strauss, A. (1967). The discovery of grounded theory: Strategies for qualitative research. Chicago, IL: Aldine. Gold, J. (2012). FDA seeks to tame exploding medical app market. Kaiser Health News. Retrieved from http://www.kaiserhealthnews.org/ stories/2012/june/27/fda-medical-app-market.aspx International Technology Education Association. (2007). Standards for technological literacy: Content for the study of technology (3rd ed.). Reston, VA: Author. Retrieved from http://www.iteea.org/TAA/PDFs/xstnd.pdf Kharrazi, H., Chisholm, R., VanNasdale, D., & Thompson, B. (2012). Mobile personal health records: An evaluation of features and functionality. International Journal of Medical Informatics, 81, 579–593. Lindstrom Johnson, S., Tandon, S. D., Trent, M., Jones, V., & Cheng, T. L. (2012). Use of technology with health care providers: Perspectives from urban youth. Journal of Pediatrics, 160, 997–1002. National Committee on Vital, & Health Statistics. (2009). Recommendations on privacy and confidentiality, 2006–2008. Hyattsville, MD: US Department of Health and Human Services. Retrieved from http://www.ncvhs.hhs.gov/privacyreport0608.pdf Nissenbaum, H. (2010). Privacy in context: Technology, policy and the integrity of social life. Stanford, CA: Stanford University Press. Pearson, G., & Young, A. T. (Eds.). (2002). Technically speaking: Why all Americans need to know more about technology. Washington, DC: National Academies Press. Pew Research Center. (2012a). Mobile health 2012. Washington, DC: Pew Internet and American Life Project. Retrieved from http://www. pewinternet.org/~/media//Files/Reports/2012/PIP_MobileHealth 2012.pdf Pew Research Center. (2012b). Privacy and data management on mobile devices. Retrieved from http://pewinternet.org/~/media//Files/ Reports/2012/PIP_MobilePrivacyManagement.pdf Prasad, A., Sorber, J., Stablein, T., Anthony, D., & Kotz, D. (2011, August). Exposing privacy concerns in mHealth. Paper presented at the USENIX Workshop on Health Security and Privacy, San Francisco, CA. Retrieved from http://www.cs.dartmouth.edu/~dfk/ papers/prasad-healthsec11.pdf Proudfoot, J., Parker, G., Pavlovic, D. H., Manicavasagar, V., Adler, E., & Whitton, A. (2010). Community attitudes to the appropriation of mobile phones for monitoring and managing depression, anxiety, and stress. Journal of Medical Internet Research, 12, e64. Rogers, E. (1995). Diffusion of innovations (4th ed.). New York, NY: Free Press. Tran, B. X., & Houston, S. (2012). Mobile phone-based antriretroviral adherence support in Vietnam: Feasibility, patient’s preference, and willingness-to-pay. AIDS and Behavior, 16, 1988–1992. U.S. Census Bureau. (2009). American Community Survey, B16001, Language spoken at home by ability to speak English for the population 5 years and over. Retrieved from http://factfinder.census.gov U.S. Department of Agriculture FNS. (2012). WR WIC Participant Survey and Focus Groups Report. Retrieved from http://www.cdph.ca.gov/ programs/wicworks/Documents/Millennial%20Generation/Research %20Reports/USDA%20FNS%20WR%20WIC%20Participant %20Survey%20and%20Focus%20Group%20Report%205.29.12.pdf U.S. Department of Health, & Human Services. (2011). Federal health information technology strategic plan 2011–2015. Retrieved from http://web.mediacdt.com/onc-emerg/FINAL-Federal-Health-ITStrategic-Plan-0911.pdf U.S. Department of Health, & Human Services. (2012). Electronic Health Record Incentive Program, Stage 2, Final Rule 77 Fed Reg 53978, 54033. Retrieved from http://www.gpo.gov/fdsys/pkg/ FR-2012-09-04/html/2012-21050.htm Walker, J., Ahern, D. K., Le, L. X., & Delbanco, T. (2009). Insights for internists: ‘‘I want the computer to know who I am.’’ Journal of General Internet Medicine, 24, 727–732. Whittaker, R. (2012). Issues in mHealth: Findings from key informant interviews. Journal of Medical Internet Research, 4, e129, 1–9. Zarcadoolas, C., Vaughon, W. L., Czaja, S. J., Levy, J., & Rockoff, M. L. (2013). Consumers’ perceptions of patient-accessible electronic medical records. Journal of Medical Internet Research, 15(8), e168.
Journal of Health Communication: International Perspectives Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/uhcm20
Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study a
b
b
c
Audie A. Atienza , Christina Zarcadoolas , Wendy Vaughon , Penelope Hughes , Vaishali c
a
Patel , Wen-Ying Sylvia Chou & Joy Pritts
c
a
National Cancer Institute, National Institutes of Health, Rockville, Maryland, USA
b
CUNY School of Public Health at Hunter College, New York, New York, USA
c
Click for updates
Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, Washington, District of Columbia, USA Published online: 14 Apr 2015.
To cite this article: Audie A. Atienza, Christina Zarcadoolas, Wendy Vaughon, Penelope Hughes, Vaishali Patel, WenYing Sylvia Chou & Joy Pritts (2015) Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study, Journal of Health Communication: International Perspectives, 20:6, 673-679, DOI: 10.1080/10810730.2015.1018560 To link to this article: http://dx.doi.org/10.1080/10810730.2015.1018560
PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content. This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http:// www.tandfonline.com/page/terms-and-conditions
Journal of Health Communication, 20:673–679, 2015 ISSN: 1081-0730 print/1087-0415 online DOI: 10.1080/10810730.2015.1018560
Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study AUDIE A. ATIENZA1, CHRISTINA ZARCADOOLAS2, WENDY VAUGHON2, PENELOPE HUGHES3, VAISHALI PATEL3, WEN-YING SYLVIA CHOU1, and JOY PRITTS3 1
National Cancer Institute, National Institutes of Health, Rockville, Maryland, USA CUNY School of Public Health at Hunter College, New York, New York, USA 3 Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, Washington, District of Columbia, USA
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
2
This study examined consumers’ attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race=ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy=security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy=security of using mHealth technologies and the potential benefits. Having control over mHealth privacy=security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy=security both within and between traditional demographic groups. Thus, to address consumers’ concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.
Mobile phones and other portable electronic devices offer unprecedented opportunities to improve the health of the U.S. population and reach traditionally underserved subgroups (e.g., rural communities, low-income groups, ethnic minority populations). Mobile phone use, in particular, has proliferated at an astounding rate. A survey conducted in 2012 reported that 88% of U.S. adults owned a mobile phone, and more than half of mobile phone owners use smart phones (Pew Research Center, 2012a). From 2010 to 2012, the number of U.S. adults who used their phones to access health information nearly doubled (17% to 31%), with increases noted across nearly all demographic categories, including gender, age, ethnicity=race, income, and education levels (Pew Research Center, 2012a). In addition, ethnic minority groups are more likely to own mobile phones and smartphones, and use mobile phones to access health information compared with non-Hispanic Whites. This article not subject to US copyright law.
Address correspondence to Audie A. Atienza, Science of Research and Technology Branch, Behavioral Research Program, Division of Cancer Control and Population Sciences, National Cancer Institute, National Institutes of Health, 9609 Medical Center Drive 3E608, Rockville, MD 20892, USA. E-mail: [email protected]
Along with the proliferation of mobile devices, there has been an exponential proliferation of consumer-facing mobile health (mHealth) technology (e.g., some report that there are currently 40,000 medical applications available for download on smartphones and tablets; Gold, 2012). Surveys further suggest that, in general, preference for communicating about health information with mobile devices is increasing. For example, the Consumer Health Information Corporation (2011) found that 41% of consumers prefer to receive a health-related task reminder through text messaging, 58% expressed interest in using a mobile device application (app) to manage their health, and 49% stated that they want to use an application to keep track of their health. Although the adoption of mHealth technologies geared toward clinical settings has been slower compared with consumer-facing technology (Pew Research Center, 2012a), the development and use of mobile medical devices for patients is beginning to increase rapidly, taking health-care workers by surprise (Boyce, 2012). Federal policies seek to empower individuals to improve their health by increasing access to their health information and engagement with the health care system through technology (U.S. Depart of Health and Human Services, 2011). Recent federal objectives for providers to receive incentives though the Meaningful Use program for the
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
674
A. A. Atienza et al.
adoption and use of electronic health records include encouraging the use of secure email to communicate with patients regarding relevant health information, and enabling patients to electronically view, download, and transmit their health information (U.S. Depart of Health and Human Services, 2012). With suggestions of mobile devices being integrated in the not too distant future with electronic health records (Kharrazi et al., 2012), the federal incentives that encourage electronic health record use could spur even greater adoption of mHealth technology. The rise of mHealth technology has prompted discussions of privacy=security issues related to using these devices. Privacy relates to having control over who is able to access, use, or share one’s information, whereas security refers to the tools or technology used to prevent unauthorized access, use, or sharing (National Committee on Vital and Health Statistics, 2009). Concerns and preferences about the use of mobile technology have recently been discussed in stakeholder interviews (Whittaker, 2012), surveys of general consumers (Pew Research Center, 2012b; Proudfoot et al., 2010), and research among patient groups (e.g., people with asthma [Baptist et al., 2011]; people with HIV=AIDS [Tran & Houston, 2012]). Some have proposed that attitudes about privacy and security are determined by situation, context, and expectations for information flow—who gets what information for what purpose (Ackerman & Mainwaring, 2005; Nissenbaum, 2010). However, research has primarily asked general questions about mHealth privacy and security. Few studies have examined more specific concerns and preferences individuals may have regarding the use of mobile
technology, particularly in the clinical setting, and limited attention has been given to situational or contextual factors. This exploratory mixed-methods study examined consumers’ attitudes and perceptions regarding the use of mobile technology in health care to communicate health information. We conducted focus groups in 2012 among geographically, ethnically, and socioeconomically diverse groups in the United States. This article primarily aimed to describe the privacy and security perceptions, attitudes, and concerns of consumers about the use of mHealth technology in health care.
Method Twenty-four focus groups with 256 participants were conducted in five U.S. states (California, Georgia, Illinois, New York, and Texas). These areas were selected for geographic diversity. This study aimed to elicit perspectives of consumers representing a variety of ages, educational levels, and areas of population density. To reach this diverse body of consumers, we collaborated with local community-based organizations. We identified organizations representing well-known, trusted entities in the community that served the targeted consumer groups, were capable of assisting in recruiting and scheduling the focus groups, and could host the groups in their facility (see Table 1). We provided the community-based organizations with a screening guide, which they used to recruit and select participants. Inclusion criteria included the following: adults between 18 and 74 years of age who were current owners and users of cell phones or smartphones with texting capability and
Table 1. Community-Based Organizations and Focus Group Locations Community-based organization Health Coalition of Amarillo Rural Area Parenting Program Services Ravenswood Community Services
Focus group location
Purpose
Plainview, TX Hereford, TX Seguin, TX
. Develop and support the collaboration of area health providers in the
Chicago, IL
. Provides resources for neighbors in need and creates outreach opportunities . Provides neighbors with basics of food and daily supplies, health screenings
provision of health services . Assists families in achieving knowledge and proper techniques to raise their
children in a safe and healthy environment
and information, and life skills education Latino Commission on AIDS New York, NY Union Settlement Association New York, NY (Harlem) New Jerusalem Baptist Church New York, NY (Jamaica) Vietnamese Voluntary San Jose, CA Foundation Central CA Center for HHS, CA State University
Fresno, CA
Community Health Care, Inc. Irwinton, GA
. Dedicated to fighting the spread of HIV=AIDS in the Latino community . Expands opportunities for low-income families and individuals by providing
culturally relevant services ranging from early childhood and youth development to community support for adults and seniors . Dedicated to fellowship, with an emphasis on family and acceptance of people everywhere . Assists refugees, former refugees and immigrants, and low-income ethnic families to become productive members of their communities and to value multicultural diversity . Addresses high-priority needs in the region . Provides administrative and grant development support for various ancillary units and developing projects . Commitment to providing quality primary health care services to patients . Provides leadership and services necessary to improve the health status of all community members
675
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
mHealth, Privacy, Security, and Mixed Methods who were able to communicate in English or Spanish. The number of focus groups held in a rural or urban setting was evenly balanced at 12 each. Focus groups were also diverse with respect to age and education levels: 8 groups of each age range (18–33 years, 34–56 years, and 57–74 years); 6 higher educational level groups, and 18 lower educational level groups. Because approximately 12% of U.S. residents 5 years of age and older speak Spanish at home (U.S. Census Bureau, 2009), to ensure a representative sample of Spanish speakers, 25% of the groups (6 out of the 24) were conducted in Spanish; the rest were conducted in English. All research activities had received institutional review board approval and followed approved institutional review board guidelines. After providing consent, participants completed a pre–focus group questionnaire (see supplemental Appendix available online). The questionnaire, which is based on research with low literacy and underserved populations (Zarcadoolas et al., 2013), included basic demographic questions (age, race=ethnicity, education, and family income) as well as questions regarding general health status and mobile device privacy and security concerns. The technology questions aimed to identify the amount of computer and Internet experience people had. The questionnaire was anonymous, so focus group remarks made by individuals could not be directly linked with the questionnaire data. Each focus group was led by an experienced moderator who was a native of the language of the group, with a trained note taker present in each group. The focus groups were audiotaped and transcribed. On average, the moderated portion of each focus group session lasted 90 min. Upon completion of the focus group, participants each received US$50 as compensation for their time and travel, which is consistent and within the range of current norms of compensating focus group participants (Dhanireddy et al., 2012; Lindstrom et al., 2012; U.S. Department of Agriculture FNS, 2012; Walker, Ahern, Le, & Delbanco, 2009). All 24 focus group discussions were notated in quick notes—notes made by note takers and moderators immediately after a focus group. Data analysts listened to the audio recordings multiple times and examined the written transcripts to develop a coding guide. Because of the large number of English-language focus groups (n ¼ 18), the qualitative software program Dedoose (SocioCultural Research Consultants, LLC) was used to assist in the analysis of verbally transcribed discussions. Dedoose is a commercially available rich Internet application that facilitates the analysis of large qualitative or mixed-methods data sets. The six Spanish-language focus groups were coded manually. With respect to coding major topics and subtopics, four trained coders (two English=two Spanish) independently listened to the English language audio and read the transcript of one group until agreement on codes exceeded 80%. This coding was a process of sorting, organizing, and indexing the data (Borkan, 1999). We analyzed all data=utterances using the grounded theory method and axial coding (Addison, 1999; Creswell, 1998). We examined our emerging
theories about content, returning to the data looking for evidence, incidents, and events that supported or refuted the questions, and so verified our understanding of the data (Creswell, 1998). We considered each instance of similar content as an incident. The incidents were compared with other incidents to develop concepts. Themes were derived by clustering or consolidating concepts on the basis of frequency, saliency, and intensity (Glaser & Strauss, 1967) and immersion=crystallization (Borkan, 1999). Once the coding guide (a listing of codes and examples) for English was complete, the primary coder coded all 18 focus groups and the secondary coder coded one third of the groups. The coding guide was updated as necessary. With the Spanish-language groups, once the coding guide was established, both coders independently coded all six focus groups, meeting frequently to resolve any discrepancies in interpretation.
Findings Pre–Focus Group Survey Findings One quarter of participants identified themselves as non-Hispanic White, 31% Hispanic, 21% Black=African American, 9% Asian=Pacific Islander, 3% American Indian or other ethnicity, and 11% did not report this information. Of participants, 61% owned a smart phone and 62% stated that they had used a mobile phone app. More than half of participants (59%) had accessed the Internet using a mobile phone=smart phone, and 75% sent a text message every day or almost every day. With respect to all messages, 41% of participants reported being concerned=very concerned about sending or receiving messages on their mobile phone or device, and 46% had limited the types of messages sent by mobile phone because of privacy=security concerns. Of participants, 18% used an online personal health record, and 77% previously used the Internet to search for health information. Focus Group Findings Focus group participants were asked to discuss privacy and security of personal health information transmitted through mobile device in two general contexts: (a) the use of mobile devices in their lives and (b) issues related to health information flow with providers. In addition to privacy and security issues, participants in the focus groups also discussed preferences for personal interactions with providers, the desire to be able to ask clarifying questions, and concerns about not understanding health information if sent electronically. Three major themes regarding privacy and security emerged from the focus groups: . Tradeoffs: what consumers are willing=not willing to
exchange relative to privacy and security concerns. . Control: desire to have a final say in what personal infor-
mation is exchanged, with whom, and in what format. . Trust: level of trust in technology, health care providers,
and other entities influencing consumer behavior regarding the use of mHealth.
676
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
Tradeoffs Participants frequently considered the tradeoffs between their privacy=security concerns and potential benefits of mHealth technologies. While most participants expressed a keen interest in protecting their privacy or security, many participants were also willing to exchange privacy and security if they viewed the use of mHealth technology to be more convenient or perceived certain benefits (to oneself or others): Help maintaining our bodies, our system that we align with every day. That’s the tradeoff. And, see, again, I just don’t feel that the private and security risk is really that great when you really, really stop and think about it. It really isn’t that great. So personally I’d think the tradeoff is to my benefit. (New York, 57–74) Para evitar el viaje a la clı´nica . . . Tres horas ahı´ esperando para que me llamen, para decirme dos palabras [To avoid the trip to the clinic . . . Three hours there waiting to call me to say two words]. (NYC [Spanish], 57–74)
Many consumers gauged their level of concern over privacy=security in the context of the perceived sensitivity of information being communicated. Thus, a subtheme with tradeoffs also emerged whereby participants were more concerned about exchanging sensitive or possibly stigmatizing information. For example, although participants expressed little concern over receiving general health tips or reminders over a mobile device to get information ‘‘sooner,’’ many expressed more concerns about sending or receiving certain types of lab=test results, diagnostic information (particularly ‘‘bad news’’ or potentially stigmatized diagnoses), and=or personal pictures over a mobile device: Like with something really extreme, like if you were getting an HIV test, you know, I certainly would not want that to pop up on my phone, you know, or something that’s very stigmatized. You know, but pretty much anything else, the sooner I can get the results, you know. (Chicago, 18–33)
In another example, participants were asked whether they would be okay with sending certain types of test results, such as blood sugar readings, to their doctor over their mobile device. Some participants were willing to electronically send these results because the information was not so personal: Depending on there are some things that you want people to know, there are some things you don’t want people to know, like some people are dying of cancer. They don’t want their family to know, that’s information that they don’t want to let out there. It’s between him and the doctor, you know, that’s where you go in to go see your doctor. But other information, like . . . your blood pressure, all that stuff, I wouldn’t mind giving it on the phone just as a way of saving the trip, going over there and wasting gas, or, you know—sitting there and thinking, we scheduled for another day . . . when you could be working or doing something else. (San Jose, 18–33)
A. A. Atienza et al. When the moderator asked this participant whether it would be okay to communicate information that was ‘‘not too personal,’’ the participant agreed the convenience of mobile outweighed privacy concerns. Thus, perceptions and attitudes about the privacy and security of using mobile technology were highly contextualized rather than viewed in absolute terms. The sensitivity of the health information being transmitted affected whether participants would use mHealth technology; individuals may readily engage in using mHealth technology if the information is less sensitive, but may be less likely to if the information is considered too personal or stigmatizing. Control Focus group participants expressed a desire to ‘‘control’’ who receives or views their personal health information, transmitted using mobile devices. Particularly with sensitive health information, participants expressed some concerns about their ability to control the technology and information in two different areas: controlling the actual handling and use of technology in one’s own personal space (i.e., proximal space), and controlling who sees or has access to the information once the information is transmitted from the mobile device (i.e., cyberspace). With respect to proximal space and control over the mobile device, many participants wished to have control of when and where they accessed their health information; for example, being able to control the time and location of incoming texts, and expressed concerns about others inadvertently or intentionally seeing personal information on their mobile devices: One thing about that, though, is like I’m not totally comfortable with using it like —I might surf the Internet on the train, but I’m not going to necessarily go to my health record on the train. Most of the places where I’d be comfortable using it are places where I have access to a computer. (Chicago, 34–56) A text message seems more open to the public. I can hand my phone off to someone real quick and just say, ok, check this out . . . I don’t know. It doesn’t make me feel safe. (Fresno, 18–33)
With respect to control of information in cyberspace (i.e., once information has left the device), responses were mixed. Some expressed concerns over who has access to or uses their information. Others expressed resignation over the consumer’s inability to control information once it was sent: That’s why I guess I’m not worried about what I send across, for the fact that I know everything—all our information about you is stored somewhere there now. If any hacker really wanted it bad enough, they could find it now. So it’s out of our hands, basically. (Georgia, 57–74)
Trust Participants were not universally comfortable transmitting health information using mobile devices with all entities. For some individuals, a trusting relationship with one’s
677
mHealth, Privacy, Security, and Mixed Methods
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
health care provider was an important factor in considering the use of mHealth technology, despite concerns of privacy= security. One participant said, ‘‘I think because all the doctors I go to I’ve known a long time, so I guess I feel a sense of trust there.’’ Another participant mentioned that she would use m-Health technology ‘‘if the doctor requires it.’’ In contrast, participants were less trusting of what insurance companies, Internet companies, or other businesses would do with their personal health information: It’s your own confidentiality with your personal information. I mean, I don’t want people to randomly hold on to my health care information just because they can, like Internet companies. Like, why do you need my information? Why are you holding on to it? Why is stored in a random place where a random person could see it? (Fresno, 18–33)
Demographic Versus Technology Mindset Segmentation There was diversity in attitudes and concerns regarding mHealth privacy=security both within and between traditional demographic groups (e.g., age groups, race=ethnic groups, and urban=rural location). For example, a range in the salience and levels of concern about privacy=security was expressed among younger and older participants alike. Younger participants’ views ranged. Some were less concerned: I don’t have any reason to be concerned. I don’t write anything that there’s someone trying to—I mean, there’s always someone trying to get into it, but there’s protectors against that. So, I don’t feel like I should worry myself over something that I can’t control anyway. (Texas, 18–33)
Others were more concerned: Well, you don’t know who’s going to have access to your information, depending on what you’re talking about, what is being said. You know, you could be giving out personal information and don’t want people knowing certain things if it’s pertaining to you or your family. So it’s just a matter, it’s, like, what type of company—who you’re sending it to, and how are they receiving, and who is going to be looking at it. (Fresno, 18–33)
Similarly, older participants’ views ranged. Some were less concerned: My feeling is that my life’s an open book, and whoever looks at it, they’re going to be disappointed. (Chicago, 57–74)
Others were more concerned: Because I’ve had personal information hacked before . . . Yes, I have. They actually purchased train tickets using my account information . . . I’ve been a victim, yes.
And I think the more sensitive the information, the more concerned I am. (Fresno, 57–74)
There was wide variability in how participants perceived privacy and security risks when using mobile technology. Some participants expressed little concern about potential breaches of privacy and security: I don’t really think people are as concerned as sometimes they may give off, because, let’s face facts. If you have an Android or if you have an iPhone, your GPS is on. So everything you do is taped, so I can put as many passwords on my stuff as I want to. At the end of the day, that password is also stored in somebody else’s database anyway. So I’m not really being protected from anything. That’s why I originally said I’m not concerned about it. (New York, 18–33)
Whereas other participants described strong concerns about risks to their private information when using technology, with some choosing to forgo use of technology to protect themselves: I don’t do any of that—I don’t even have a computer. I mean, I have the phone, but I just think it’s all invasive . . . (Chicago, 34–56)
The majority of consumers, however, acknowledged that there were benefits to the use of mobile technology, but were cautious, and often conflicted, about giving up aspects of their privacy to enjoy these benefits: Technology is just so out there now that anything can happen through technology . . . I think it’s just people that sits around and just think of ways to scam or do anything . . . I don’t trust—I’m not really trustworthy with the new technology. I like it but I’m not trusting of it. (Georgia, 18–33) I use my hand-held devices for pretty much everything. And I try to be careful about it, and I try to do all my security settings and whatnot. But I still know that, you know, there are people, there are hackers that if they . . . thought I had anything important, that, you know, if they wanted it, they could get it . . . it is a concern that I have, but what are you going to do? (Fresno, 34–56)
Discussion This exploratory study found that consumer perceptions and attitudes regarding privacy and security are highly contextualized. Level of concerns about mHealth privacy and security depend on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. The findings suggest that willingness to use mHealth technology specifically in the context of sending and receiving personal health information may be influenced by
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
678 perceived benefits and willingness to use new technologies, as well as trust with those in the information channel (health care providers, insurance companies, telecommunication companies). The important role of context is consistent with prior conceptual discussions (Ackerman & Mainwaring, 2005; Nissenbaum, 2010) and smaller focus group studies on patient or consumer attitudes (Prasad et al., 2011). Our findings are congruent with prior research regarding individual control over technology (Ackerman & Mainwaring, 2005; Avancha et al., 2012), which proposed that individuals are concerned about unauthorized access to their electronic health information and unintended secondary use of stored data. We found that control over the technology and the ability to determine who sees the information communicated through mobile devices was important to consumers. The large amount of data that can be collected and=or transmitted using mobile technology, as well as the greater number of actors in the communication chain (e.g., consumers, providers, Internet providers, telecommunication carriers, third-party vendors, possibly family members) increases the complexities of securing one’s personal health information. Our findings also concur with others who report that concerns over the privacy and security of using technology are not uniform among individuals and cut across traditional demographic characteristics (i.e., age, race=ethnicity, urbanicity; Ackerman & Mainwaring, 2005; Avancha et al., 2012). There is the possibility that variability in concerns and willingness to use mHealth technology with providers may be more influenced by the degree to which consumers are willing to adopt new technology than demographic differences and this should be studied further. Diffusion of Innovation theory (Rogers, 1995) may be useful in identifying the types of individuals who are more or less willing to use mHealth technology. Future research may wish to segment individuals based on their technology adoption classification (e.g., early adopters) and empirically evaluate factors that influence attitudes and behaviors toward mHealth use. Although in this study we did not assess technological literacy per se, we noted that consumers’ descriptions of their experience with and understanding of the capabilities of different forms of mobile technology were highly varied. Although life in the United States is increasingly defined by and dependent on technology, many consumers do not have the needed fundamental literacy skills (reading, writing, numeracy) to make informed decisions about technology (International Technology Education Association, 2007; Pearson & Young, 2002). Although our current data do not allow us to identify causal connections between attitudes and experience with technology and perceptions of privacy and security risks, these possible relationships deserve much closer attention and study. Consumers expressed other pragmatic concerns about the use of mHealth technology involving their relationship with providers. The most salient concerns included preferences for more personal interactions with providers (human touch), the desire to have the opportunity to ask clarifying questions, concerns about not understanding health
A. A. Atienza et al. information if received electronically, and uncertainty about whether information would reliably reach the intended recipient. These issues place perceptions of mHealth privacy and security into a larger context of the multitude of factors consumers consider when deciding whether and when to use mHealth tools. There are a number of limitations to this study. Although focus groups were conducted with individuals from diverse backgrounds in five different states, it is unclear to what extent the focus group participants are representative of the U.S. population. The use of smart phones was higher among participants in this sample (61%), compared with a recent national survey (45%; Pew Research Center, 2012a). Thus, this sample may be more inclined toward technology adoption compared with other nationally represented research. That said, all groups were balanced according to various demographic characteristics. Moreover, given the exploratory nature of the study, causal relationships cannot be determined. In addition, this study was not designed to determine consumers’ knowledge of specific policies and technical requirements related to mHealth privacy and security, but instead it focused on consumers’ perceptions and attitudes. Last, the themes that emerged reflect viewpoints at one point in time. Participants’ attitudes and perceptions were evolving and fluid even during the course of the focus group discussion. Thus, the rapid adoption and use of continually evolving mobile technology may modify perceptions and attitudes of mHealth privacy and security as consumers gain more knowledge and experience with using mobile devices for tasks related to health care. Overall, the present study suggests that a more nuanced and contextual framework of mHealth privacy and security for consumers is required. Further research is needed to examine how familiarity and experience with technology affects consumers’ assessment of mHealth privacy and security risks, as well as the ways in which consumers seek to protect personal health information when using mobile technology. Because trust in health care providers seems to be associated with a willingness to use mHealth devices despite privacy concerns, providers may consider appropriate situations for supporting consumers in the use of mHealth technology and tailor messages for encouraging this use according to consumers’ readiness to embrace the technology. Providers need to also assess the degree to which consumers may feel that the information being communicated is considered too sensitive or too complex to be transmitted through mobile technology. For technology developers, user-centered design and continued collaboration with care providers is strongly recommended to better understand how individuals and groups actually use the technology in their everyday lives, as well as the barriers to use (e.g., readability, navigability). One should not assume a particular behavioral pattern of mobile technology use because individuals belong to a particular demographic group (e.g., variability in concerns was seen in both younger and older consumers), but empirically test these assumptions in usability studies. Explicitly providing consumers with options to modify and control privacy
mHealth, Privacy, Security, and Mixed Methods settings, as well as to determine when consumers can view or hear information at a time and place of their choosing, needs to be considered when developing mobile technology programs. Also, researchers, providers, and developers need to better understand the tradeoffs to privacy and security that consumers are willing to consider as they adopt the use of mHealth technology. Future research is needed to confirm and provide further evidence to support the findings that emerged from this exploratory study.
Downloaded by [University of California, San Diego] at 15:28 03 June 2015
Supplemental Material Supplemental data (Appendix: mHealth Privacy and Security Consumer Research Pre-Focus Group Survey) for this article is available on the publisher’s website at http:// dx.doi.org/10.1080/10810730.2015.1018560.
Acknowledgments This study was not supported by external funding. The Department of Health and Human Services, Office of the National Coordinator for Health Information Technology provided funds for the data collection. The National Cancer Institute, the Department of Health and Human Services, and the Office of the National Coordinator for Health Information Technology reviewed and approved this article before submission. The findings and conclusions in this report are those of the authors and do not necessarily represent the views of the Department of Health and Human Services, the National Institutes of Health, or the National Cancer Institute.
References Ackerman, M. S., & Mainwaring, S. D. (2005). Privacy issues and human-computer interaction. In L. F. Cranor & S. Garfinkel (Eds.), In security and usability: Designing secure systems that people can use (pp. 381–400). Sabastopol, CA: O’Reilly Media. Addison, R. (1999). A grounded hermeneutic editing approach. In B. Crabtree & W. Miller (Eds.), Doing qualitative research (2nd ed., pp. 145–162). Thousand Oaks, CA: Sage. Avancha, S., Baxi, A., & Kotz, D. (2012). Privacy in mobile technology for personal healthcare. ACM Computing Surveys, 45(1). Retrieved from http://www.cs.dartmouth.edu/~dfk/papers/ avancha-survey.pdf Baptist, A. P., Thompson, M., Grossman, K. S., Mohammed, L., Sy, A., & Sanders, G. M. (2011), Social media, text messaging, and email: Preferences of asthma patients between 12 and 40 years old. Journal of Asthma, 48, 824–830. Borkan, J. (1999). Immersion=crystallization. In B. Crabtree & W. Miller (Eds.), Doing qualitative research (2nd ed., pp. 179–194). Thousand Oaks, CA: Sage. Boyce, N. (2012). Maps, apps—and evidence? The Lancet, 379, 2231. Consumer Health Information Corporation. (2011). Motivating patients to use smartphone health apps. Retrieved from http://www. consumer-health.com/press/2008/NewsReleaseSmartPhoneApps.php Creswell, J. (1998). Qualitative inquiry and research design: Choosing among five traditions. Thousand Oaks, CA: Sage. Dhanireddy, S., Walker, J., Reisch, L., Oster, N., Delbanco, T., & Elmore, J. G. (2012). The urban underserved: Attitudes towards gaining full access to electronic medical records. Health Expect. Dimitropoulos, L., Patel, V., Scheffler, S. A., & Posnack, S. (2011). Public attitudes toward health information exchange: Perceived benefits and concerns. American Journal of Managed Care, 17, SP111–SP116.
679 Glaser, B., & Strauss, A. (1967). The discovery of grounded theory: Strategies for qualitative research. Chicago, IL: Aldine. Gold, J. (2012). FDA seeks to tame exploding medical app market. Kaiser Health News. Retrieved from http://www.kaiserhealthnews.org/ stories/2012/june/27/fda-medical-app-market.aspx International Technology Education Association. (2007). Standards for technological literacy: Content for the study of technology (3rd ed.). Reston, VA: Author. Retrieved from http://www.iteea.org/TAA/PDFs/xstnd.pdf Kharrazi, H., Chisholm, R., VanNasdale, D., & Thompson, B. (2012). Mobile personal health records: An evaluation of features and functionality. International Journal of Medical Informatics, 81, 579–593. Lindstrom Johnson, S., Tandon, S. D., Trent, M., Jones, V., & Cheng, T. L. (2012). Use of technology with health care providers: Perspectives from urban youth. Journal of Pediatrics, 160, 997–1002. National Committee on Vital, & Health Statistics. (2009). Recommendations on privacy and confidentiality, 2006–2008. Hyattsville, MD: US Department of Health and Human Services. Retrieved from http://www.ncvhs.hhs.gov/privacyreport0608.pdf Nissenbaum, H. (2010). Privacy in context: Technology, policy and the integrity of social life. Stanford, CA: Stanford University Press. Pearson, G., & Young, A. T. (Eds.). (2002). Technically speaking: Why all Americans need to know more about technology. Washington, DC: National Academies Press. Pew Research Center. (2012a). Mobile health 2012. Washington, DC: Pew Internet and American Life Project. Retrieved from http://www. pewinternet.org/~/media//Files/Reports/2012/PIP_MobileHealth 2012.pdf Pew Research Center. (2012b). Privacy and data management on mobile devices. Retrieved from http://pewinternet.org/~/media//Files/ Reports/2012/PIP_MobilePrivacyManagement.pdf Prasad, A., Sorber, J., Stablein, T., Anthony, D., & Kotz, D. (2011, August). Exposing privacy concerns in mHealth. Paper presented at the USENIX Workshop on Health Security and Privacy, San Francisco, CA. Retrieved from http://www.cs.dartmouth.edu/~dfk/ papers/prasad-healthsec11.pdf Proudfoot, J., Parker, G., Pavlovic, D. H., Manicavasagar, V., Adler, E., & Whitton, A. (2010). Community attitudes to the appropriation of mobile phones for monitoring and managing depression, anxiety, and stress. Journal of Medical Internet Research, 12, e64. Rogers, E. (1995). Diffusion of innovations (4th ed.). New York, NY: Free Press. Tran, B. X., & Houston, S. (2012). Mobile phone-based antriretroviral adherence support in Vietnam: Feasibility, patient’s preference, and willingness-to-pay. AIDS and Behavior, 16, 1988–1992. U.S. Census Bureau. (2009). American Community Survey, B16001, Language spoken at home by ability to speak English for the population 5 years and over. Retrieved from http://factfinder.census.gov U.S. Department of Agriculture FNS. (2012). WR WIC Participant Survey and Focus Groups Report. Retrieved from http://www.cdph.ca.gov/ programs/wicworks/Documents/Millennial%20Generation/Research %20Reports/USDA%20FNS%20WR%20WIC%20Participant %20Survey%20and%20Focus%20Group%20Report%205.29.12.pdf U.S. Department of Health, & Human Services. (2011). Federal health information technology strategic plan 2011–2015. Retrieved from http://web.mediacdt.com/onc-emerg/FINAL-Federal-Health-ITStrategic-Plan-0911.pdf U.S. Department of Health, & Human Services. (2012). Electronic Health Record Incentive Program, Stage 2, Final Rule 77 Fed Reg 53978, 54033. Retrieved from http://www.gpo.gov/fdsys/pkg/ FR-2012-09-04/html/2012-21050.htm Walker, J., Ahern, D. K., Le, L. X., & Delbanco, T. (2009). Insights for internists: ‘‘I want the computer to know who I am.’’ Journal of General Internet Medicine, 24, 727–732. Whittaker, R. (2012). Issues in mHealth: Findings from key informant interviews. Journal of Medical Internet Research, 4, e129, 1–9. Zarcadoolas, C., Vaughon, W. L., Czaja, S. J., Levy, J., & Rockoff, M. L. (2013). Consumers’ perceptions of patient-accessible electronic medical records. Journal of Medical Internet Research, 15(8), e168.
