80% of Americans worry about EHR privacy

A majority of Americans believe that electronic health records don't keep their medical records confidential, according to a new survey released by security firm SailPoint.

The survey, released September 20, found that 80 percent of Americans were concerned about moving their personal medical information to EHRs because of the risks of identity theft, exposure of their information on the Internet and the viewing of their records by those not directly related to their care. There also was concern that patients' private health conditions could be revealed to current or potential employers.

The results were similar in other nations: 81 percent of Britons and 83 percent of Australians reported the same fears. Overall, 5,246 individuals, including 2,309 Americans.

While such fears are well founded, they aren't necessarily unique to electronic records. "It's a very real fear [for patients to have], but security concerns also exist with paper records," Tony Ryzinski, senior vice president of product management and marketing for Sage Healthcare, tells FierceEMR.

In fact, Irving, Texas-based OB/GYN Jeffery Livingston tells FierceEMR that he believes EHRs generally are more secure than paper records, since the files are encrypted. Livingston's practice transitioned to EHRs in 2007.

A major part of the concern involves human error and activity, such as lax access controls and inadequate security measures, SailPoint notes in the report.

"Consumers are right to be concerned about the possible exposure of their very private medical information," Jackie Gilbert, vice president of marketing and co-founder at SailPoint, said in a statement. "As the healthcare industry around the world moves toward digitalizing personal healthcare records, keeping patient information private and secure must be the highest priority. Healthcare organizations need to make sure that they have the proper controls in place to protect patient data; those that don't clearly risk lawsuits, fines, and most importantly, loss of patient trust."

Governments are aware of the public's fear of exposure regarding the use of EHRs. The HITECH Act addressed some of these concerns with its beefed up privacy and security rules and more stringent accounting of disclosure requirements for providers who use EHRs, for which a proposed rule was published in the Federal Register May 31. The final rule implementing that measure has not yet been promulgated.

To learn more:
- here's the healthcare portion of SailPoint's survey (.pdf)
- check out the SailPoint press release
- read the proposed accounting for disclosures rule
- view this SailPoint infographic