Topics
More on Patient Engagement

Vulnerabilities in health data privacy causing tension among patients

More than 92% of patients believe privacy is a right and their health data should not be available for purchase, survey shows.

Jeff Lagasse, Editor

Photo: Al David Sacks/Getty Images

Confidence in the security and confidentiality of personal health information is beginning to erode, if the results of a new survey are any indication. Released by the American Medical Association, the study showed that more than 92% of patients believe privacy is a right and their health data should not be available for purchase.

Nearly 75% of the 1,000 patients surveyed by Savvy Cooperative expressed concern about protecting the privacy of personal health data, and only 20% of patients said they knew the scope of companies and individuals with access to their data.

This concern is magnified with the U.S. Supreme Court ruling in Dobbs v. Jackson Women's Health Organization, as the lack of data privacy could place patients and physicians in legal peril in states that restrict reproductive health services. That ruling overturned the right to abortion that had been protected by Roe v. Wade for decades.

The survey indicated patients are most comfortable with physicians and hospitals having access to personal health data and least comfortable with social media sites, employers and technology companies having access to the same data.

WHAT'S THE IMPACT?

The survey found that an overwhelming percentage of patients demand accountability, transparency and control as it relates to health data privacy. About 94% of patients want companies to be held legally accountable for uses of their health data, while 93% want health app developers to be transparent about how their products use and share personal health data.

To prevent the unwanted access and use of such data, patients want control over what companies collect about them and how it's used. For instance, almost 80% of patients want to be able to opt out of sharing some or all their health data with companies. More than 75% want to opt in before a company uses any of their health data, while a similar number want to receive requests prior to a company using their health data for a new purpose.

Patients worry about the repercussions of having little or no control over the use and sharing of their data. About three out of five patients (59%) expressed concern with personal health data being used against them or their loved ones. Most patients said they're "very" or "extremely" concerned about discriminatory uses of personal health data to exclude them from insurance coverage (64%), employment (56%), or opportunities for healthcare (59%). 

In fact, more than half of Hispanic and American Indian or Alaskan Natives said they're "highly" concerned about discriminatory uses of personal health data, while 66% of transgender people said they're "extremely" concerned.

Patients also want physicians and their hospitals to have the technology and capability to review apps for privacy and security protections. About 88% of patients believe their doctor or hospital should have the ability to review and verify the security of health apps before those apps gain access to their health data. But federal regulations currently prevent providers and even electronic health record systems from conducting privacy and security reviews of apps.

The AMA, which said stronger regulations are needed to protect data privacy, has released Privacy Principles outlining five key aspects of a national privacy framework: individual rights, equity, entity responsibility, applicability and enforcement.

The AMA has also developed a guide to help app developers build privacy-forward technologies and is advocating for near-term app transparency requirements, including app privacy attestations collected by EHRs.

THE LARGER TREND

Industries are increasingly being sued by consumers for data breaches, but the sector with the biggest litigation increase is healthcare, according to findings published in April by the law firm BakerHostetler.

In fact, healthcare comprises 23% of lawsuits due to data breaches, according to BakerHostetler. The next highest after that is business and professional services at 17%, followed by finance and insurance (15%), education (12%) and manufacturing (10%).

Of all industries, healthcare also logged the highest initial ransom demand from hackers and bad actors, at more than $8.3 million, the study found. The average ransom that was actually paid was far lower, at about $876,000, but that was still the highest average amount paid across all industries. 

One of the few bright spots for the industry was in "days to acceptable restoration," or the amount of time it took to return to normal. For healthcare, it was 6.1 days, the second-fastest behind the energy and technology sector, at 4.6 days, the study showed.
 

Twitter: @JELagasse
Email the writer: jeff.lagasse@himssmedia.com