Vulnerabilities in health data privacy causing tension among patients


Photo: Al David Sacks/Getty Images

Trust in the security and privacy of personal health information is starting to erode, according to the results of a new survey. Published by the American Medical Association, the study showed that more than 92% of patients believe that privacy is a right and that their health data should not be available for purchase.

Nearly 75% of 1,000 patients surveyed by Savvy Cooperative expressed concern about protecting the privacy of personal health data, and only 20% of patients said they knew the scope of companies and individuals with access to their data .

This concern is amplified by the United States Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization because the lack of data privacy could put patients and doctors at legal risk in states that restrict reproductive health services. This decision nullified the right to abortion which had been protected by Roe v. Wade for decades.

The survey indicated that patients are more comfortable with doctors and hospitals having access to personal health data and less comfortable with social media sites, employers and technology companies having access to personal health data. same data.


The survey revealed that an overwhelming percentage of patients demand accountability, transparency and control when it comes to the privacy of health data. Around 94% of patients want companies to be held legally accountable for the use of their health data, while 93% want health app developers to be transparent about how their products use and share patient data. personal health.

To prevent unwanted access and use of this data, patients want to control what companies collect about them and how it is used. For example, nearly 80% of patients want to be able to refuse to share all or part of their health data with companies. More than 75% want to register before a company uses their health data, while a similar number want to receive requests before a company uses their health data for a new purpose.

Patients worry about the repercussions of having little or no control over the use and sharing of their data. About three in five patients (59%) expressed concern about personal health data being used against them or their loved ones. Most patients said they were “very” or “extremely” concerned about discriminatory uses of personal health data to exclude them from insurance coverage (64%), employment (56%) or career opportunities. health care (59%).

In fact, more than half of Hispanics and American Indians or Alaska Natives say they are “very” concerned about discriminatory uses of personal health data, while 66% of transgender people say they are “extremely” “concerned.

Patients also want doctors and their hospitals to have the technology and ability to review apps for privacy and security. About 88% of patients think their doctor or hospital should have the ability to review and verify the security of health apps before those apps have access to their health data. But federal regulations currently prevent vendors and even electronic health record systems from performing privacy and app security reviews.

The AMA, which has said stronger regulation is needed to protect data privacy, released Privacy Principles outlining five key aspects of a national privacy framework: individual rights, fairness, accountability entity, applicability and application.

The AMA has also developed a guide to help app developers build privacy technologies and is advocating for short-term app transparency requirements, including app privacy attestations collected by EHRs.


Industries are increasingly being sued by consumers over data breaches, but the sector with the biggest rise in litigation is healthcare, according to findings released in April by law firm BakerHostetler.

In fact, healthcare accounts for 23% of lawsuits due to data breaches, according to BakerHostetler. Next come business and professional services with 17%, followed by finance and insurance (15%), education (12%) and manufacturing (10%).

Of all industries, healthcare also had the highest initial ransom demand from hackers and bad actors, at more than $8.3 million, according to the study. The average ransom actually paid was much lower, at around $876,000, but it was still the highest average amount paid across all industries.

One of the few bright spots for the industry was the “days to acceptable restoration,” or how long it took to get back to normal. For healthcare, it was 6.1 days, second fastest behind the energy and technology sector at 4.6 days, according to the study.

Twitter: @JELagasse
Email the author: [email protected]


Comments are closed.