The annual big-data party known as the HIMSS conference played out in Chicago – and online – last week. During the event, one of the central issues that arose in the social media conversation under the #HIMSS15 tag involved the one facing patients trying to access their health records, either digitally or on old-school paper: the security/access conundrum. Data that’s accessible to a patient could also wind up accessible to Romanian hackers (you’ve heard me on this topic before), and efforts at making patient data “secure” mean that data is often secure from the patient whose data it is. Patients give their forehead some serious keyboard every day over that one.
The folks over at Software Advice released a report on HIPAA breaches on March 12*, which I only caught up with when I returned from my Mighty Mouth 2015 Tour of Info-Sec and Right Care. Full disclosure, I’m quoted in the report, but that’s not why I’m talking about it here.
Here’s my biggest takeaway from the piece: 54% of the patients surveyed for the report would consider ditching a healthcare provider if that provider had a breach.
Most Patients Would Switch Providers After Breach
Key findings in the report:
- Forty-five percent of patients are “moderately” or “very concerned” about a security breach involving their personal health information.
- Nearly one-quarter of patients (21 percent) withhold personal health information from their doctors due to data security concerns.
- Only 8 percent of patients “always” read doctors’ privacy and security policies before signing them, and just 10 percent are “very confident” they understand them.
- A majority of patients (54 percent) are “moderately” or “very likely” to change doctors as a result of a patient data breach.
- Patients are most likely to change doctors if their medical staff caused a data security breach, and least likely to change doctors if hackers were responsible.
Given the rising number of breach reports hitting headlines, including the massive one that impacted 80 million Anthem customers (possibly including me – not 100% confirmed yet) in January, this is not an issue that will go away. From the expert patient perspective, this is doubly frustrating, because the first thing that happens after a breach headline is the throttling of patient access to our records. Additional sign-on protocols, tighter credentialing, or a full-on “no more digital access” from smaller providers, all laid at the door of “because HIPAA.”
This doesn’t just affect access, it can have an impact on care. Here are the report’s stats on patients withholding information from their medical providers due to breach concerns:
Security Concerns Can Stifle Communication With Doctor
Quoting from the report:
“Health care lawyer and blogger David Harlow is also troubled by our results. Doctors need to get a full picture of a patient’s health history, he explains. If they don’t, the effectiveness of treatment could suffer—or worse, the patient could be harmed. For example, if a doctor is not told about a patient’s current prescriptions, the doctor could inadvertently prescribe a second medication that has adverse interactions with the first drug.
“That’s an invitation for disaster,” Harlow says. “It means we have a lot of work to do to convince people of the safety and importance of sharing information with physicians.”
My thinking on this topic can be summed up in the closing quote from the report, from yours truly:
“Concerns over digital privacy and security have obscured the real conversation, which is, ‘How can we make health care more accessible, frictionless and safe with the data we collect about patients?’”
*Source: Practice Management systems consultancy Software Advice