An American Medical Association (AMA) patient privacy survey has confirmed that patients are worried that their healthcare data is no longer being kept private and confidential. More must be done to protect medical information and strengthen trust.
Virtually every year since healthcare data breaches at HIPAA-regulated entities started to be published by the HHS’ Office for Civil Rights, the number of data breaches has increased. In 2010, the first full year that records of data breaches were published by OCR, 199 data breaches of 500 or more records were reported. By 2019, the number more than doubled to 512 data breaches per year, then to 642 in 2020, and 714 in 2021. While the H1 figures for 2022 show a slight decline compared to H1, 2021, 2022 looks like it will be another year of more than 700 data breaches.
Privacy advocates have also expressed concern about the collection and use of personal data by big tech companies and the purchasing of private information, including healthcare data. Meta is currently getting considerable backlash over the use of Meta Pixel code on hospital websites, which can disclose sensitive health information to Meta and potentially reach its Ad Manager and be used to serve personalized ads.
So how do patients feel about the privacy of their health information given the number of data breaches that are occurring and the extent to which health data is shared? The AMA survey shows that 92% of patients believe privacy is a right and believe their health data should not be made available for purchase by corporations and other individuals, and almost three-quarters of patients said they are concerned about protecting the privacy of their health data.
When asked about access to their health data, patients said they are most comfortable with their physician (75.2%) or hospital (64.2%) accessing their health data, and were least comfortable with social media sites (71.2%), employers (67.4%), and big tech firms (62.9%) receiving access to their health data. The survey also confirmed that patients are unclear about the rules that exist to protect their privacy and most patients are concerned about who has access to their sensitive health data.
While HIPAA sets strict rules on access, uses, and disclosures of patient data without authorization, many entities collect health data but are not bound by HIPAA. If a HIPAA-regulated entity uses or discloses health data without authorization for reasons not permitted by the HIPAA Privacy Rule, there will be repercussions and they will be held accountable under the law. 94% of patients said they believe all companies that collect, store, analyze, or use health data should be held accountable by the law. Privacy is a big concern for patients when deciding whether to use health apps. Almost 70% said they hesitate at least sometimes when selecting a health app due to privacy concerns, and over 60% said they have decided not to use an app due to privacy concerns.
“As health information is shared— particularly outside of the health care system—patients must have meaningful control and a clear understanding of how their data is being used and with whom it is being shared,” suggests the AMA. “Above all, patients must feel confident that their health information will remain private. Preserving patient trust is critical.”
Patients have expressed a desire for transparency from health app providers and want to be informed about how products comply with industry standards with respect to health data, so they can make an informed decision about whether to use the app. 88% of patients believe their physician or hospital should have the ability to review and verify the security of health apps before those apps are provided with health data, but current federal regulations prevent this.
Patients also want to be given a choice about how their health data is used. Almost 80% want to be able to opt out of sharing some or all of their health data, over 75% of patients wanted to be able to opt in before a company can use their health data, and over 75% want to receive requests prior to a company using their health data for a new purpose.
There is also concern about the potential for an individual’s health data to be used to discriminate against them or their loved ones (59%), such as excluding them from opportunities to find housing, gain employment, and receive benefits. Over 50% of patients said they are concerned that there could be negative repercussions related to insurance coverage, employment, or healthcare as a result of access to their health data. This was especially the case with Hispanic/Latin/American Indian/Alaskan natives, and 66% of transgender individuals said they were concerned that their health data could negatively impact their employment status.
Given the frequency that data breaches are now being reported, and the extent to which health data is being shared and sold, it is no surprise that patients are concerned that their sensitive health information may not remain private and confidential. That is of major concern since privacy is essential for honest health discussions between patients and their healthcare providers. The survey clearly shows that a great deal more needs to be done to ensure health information is protected and kept confidential to restore trust. The AMA has called for all policymakers in Congress and the administration to work together and take steps to address the problem, especially in light of the recent rulings by the Supreme Court, as the lack of data privacy has the potential to put healthcare providers and patients in legal peril.