Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records

Some policymakers argue that consumers need legal protection of their privacy before they adopt interactive technologies. Others contend that privacy regulations impose costs that deter adoption. We contribute to this growing debate by quantifying the effect of state privacy regulation on the diffusion of Electronic Medical Record technology (EMR). EMR allows medical providers to store and exchange patient information using computers rather than paper records. Hospitals may not adopt EMR if patients feel their privacy is not safeguarded by regulation. Alternatively, privacy protection may inhibit adoption if hospitals cannot benefit from exchanging patient information with one another. In the US, medical privacy laws that restrict the ability of hospitals to disclose patient information vary across time and across states. We exploit this variation to explore how privacy laws affect whether hospitals adopt EMR. Our results suggest that inhibition of EMR's network benefits reduces hospital adoption by up to 25 percent. We find similar evidence when we control for the endogeneity of state laws using variation in signups to the 'Do Not Call' list

System Size, Lock-in and Network Effects for Patient Records

We examine empirically whether the size of a firm using a network affects the scope of its network usage, and consequently network effects and lock-in within the network. We use the example of hospital information exchange. We find that hospitals in larger hospital systems are more likely to exchange electronic patient information only within their system and less likely to exchange patient information externally. We show that hospitals are also more likely to exchange information externally if others hospitals also do so. This implies that the disinclination of large hospital systems to exchange data externally harms overall levels of network use. Our results highlight that makers of technology policy designed to encourage the optimal use of networks should consider regulating the behavior of network users as well as technology vendors