Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records

Abstract

Some policymakers argue that consumers need legal protection of their privacy before they adopt interactive technologies. Others contend that privacy regulations impose costs that deter adoption. We contribute to this growing debate by quantifying the effect of state privacy regulation on the diffusion of Electronic Medical Record technology (EMR). EMR allows medical providers to store and exchange patient information using computers rather than paper records. Hospitals may not adopt EMR if patients feel their privacy is not safeguarded by regulation. Alternatively, privacy protection may inhibit adoption if hospitals cannot benefit from exchanging patient information with one another. In the US, medical privacy laws that restrict the ability of hospitals to disclose patient information vary across time and across states. We exploit this variation to explore how privacy laws affect whether hospitals adopt EMR. Our results suggest that inhibition of EMR's network benefits reduces hospital adoption by up to 25 percent. We find similar evidence when we control for the endogeneity of state laws using variation in signups to the 'Do Not Call' list.