Kirill Kedrinski - Fotolia

CIO: Consumer mistrust in health information security is founded

A survey found that consumers mistrust health information security, especially with health technology. A CIO explains these concerns are founded and what improvements are necessary.

One in four U.S. healthcare consumers have suffered from a healthcare data breach, according to a recent survey from Accenture, a digital, technology and operations consulting company based in Dublin, Ireland.

These breaches may include stolen Social Security numbers, contact information, electronic medical records or health insurance IDs. The survey found that half of the consumers affected by a data breach became victims of medical identity theft and the stolen identity was used to purchase items, bill for care, receive care and to fill prescriptions. Most of the victimized consumers reported that the incident cost them an estimated $2,528, on average, per incident.

Survey participants said they are more confident and have more trust in their providers and payers when it comes to health information security than in the government and health technology companies.

However, the survey also found that the highest percentage of breaches occurred in hospitals (36%) while the lowest percentage of breaches occurred at a government entity (6%).

Furthermore, respondents said they have some confidence in the health information security measures providers and insurers are taking, 80% and 79%, respectively. Fewer respondents (63%) are confident in the security measures that health app and device companies are taking to protect health data.

I think their concern of the technology that's in place is well-founded.
Marc ProbstCIO, Intermountain Healthcare

Mark Probst, CIO at Intermountain Healthcare in Salt Lake City, Utah, said these results make sense. "I think their concern of the technology that's in place is well-founded," he said. "I mean just look at the [news]paper. Every day there's a breach and healthcare has been relatively slow in adopting state of the art security processes and tools."

Probst added that from a consumer's perspective, it's the health technology, not the providers and payers, that is compromising their data.

Even though data breaches aren't happening because of a mobile app -- they're happening in large data centers, Probst said -- he believes that consumers are simply blaming -- and mistrusting -- health technology in general.

The focus has been much more on providing health systems, hospital and providers technology to help them improve workflow and processes, he said, and less on providing quality health technology to the consumer.

"We've given doctors electronic medical records and we've certainly given clinics and health systems lots of technology [for billing] and improving their work flow and processes, but we've given really very little value to the consumer," Probst said.

Having consumers trust and use technology tools that are provided to them and that could help improve their care is important, Probst agreed, but "we need to get more valuable product, technology and tools to the consumers," he said. "As they start using them and say, 'Wow, this is pretty valuable to me,' then I think we'll start building their trust."

In addition to providing technology to the consumer that offers a valuable experience, Probst said that healthcare organizations should also advertise that they are working to protect patient data.

"We advertise the quality of our care pretty well, we advertise the clinicians that we have, we advertise our services," Probst said. "If there's a real trust gap there [we] need to start advertising what we're doing to protect [patient] data and that we take it seriously."

Iliana L. Peters, senior advisor for HIPAA compliance and enforcement at the U.S. Department of Health and Human Services Office for Civil Rights, added that complying with HIPAA and using health technology that is in compliance with HIPAA would not only help healthcare organizations avoid data breaches but would also help build trust with patients.

"The HIPAA rules provide a baseline for privacy and security protections for health data held by the entities covered by HIPAA; including providers, plans and their business associates," Peters wrote in an email. "Compliance with such privacy and security baseline requirements is crucial to ensuring that individuals trust the healthcare system and sector, and stay active participants in it."

To provide consumers a valuable experience and help build their trust, Probst envisions providing a health technology experience much like the social media experience today.

"[The consumer's] ability to interact almost immediately with clinicians, their ability to easily schedule, their ability to quickly triage their issues not just by going to WebMD and saying 'I've got a headache,'" Probst said. "But going to a site where you can say 'I've got a headache,' but that system also has access to your medical record and understands what your blood pressure issues might be or your stress issues might be, things that you've dealt with your physician."

Next Steps

With endpoints, healthcare information security is at a crossroads

What topped our purchasing survey? Health information security

There's a spike in health IT security worries, according to HIMSS report

Dig Deeper on Patient safety and quality improvement