Finally, someone decided to ask patients how they feel about EHR security, or how much they trust their providers’ EHR systems. No consultants, regulators or blue-sky technologists were allowed in this survey.
Health IT distributor CDW Healthcare surveyed 1,000 patients (age and gender-adjusted to reflect the general U.S. population) on the topic, and its report, titled “Elevated Heart Rates: EHR and IT Security Report” had some interesting findings – including a fear that EHRs are not secure and therefore untrustworthy, at least compared to paper:
- While patients ranked Web site history, business transaction history and family information low in priority for the types of data that should be kept private and secure, 63% felt that personal health information needed to be locked down. Only personal ID information and financial information ranked higher, both of which were tagged by 90% of respondents as important to keep secure.
- 67% of respondents said they trust their doctors’ office to maintain their health info, compared to 7% who trust their employers, 6% who trust the government, and 10% who trust their insurance companies. Following up to that question, 83% said they trust their doctors’ offices to “use their health information in their best interest.” 89% said they either have complete trust” or “some degree of trust” in hospitals or outpatient facilities to protect their personal information.
- Here’s the kicker: 49% of respondents then turned around and said that they feel EHRs will have either a “significantly negative” or “somewhat negative” impact on health data privacy. In whose hands could data fall in to, unwantedly? Respondents indicated they worry about marketers, criminals, employers and in general “anyone on the internet” after their data’s been exposed. Oh, and the people in the mirror: 24% of respondents don’t even trust themselves enough to access their health data.
The authors recommended physician practices help build that trust by shoring up security. Start with an assessment process that identifies potential breach points. Then, install antivirus and firewall software for their networks – roughly a third of practices don’t have even these basics – and reassess data security controls periodically.
In a related all-industries study released concurrently, “CDW 2012 Data Loss Straw Poll,” 71% of health care provider respondents said they feel their data security policies are effective. “Bring your own device” (BYOD) is becoming a more prevalent security necessity, the poll showed, with 57% of health care respondents indicating that security for employee- and employer-owned mobile devices are uniformly deployed. Two-thirds of health care respondents indicated they’ve defined security procedures for employee-owned smartphones, compared to 77% in financial services and 44% in higher education.