People managing chronic diseases are more likely to have accessed information in their electronic medical records — and are also less likely to worry about the privacy risks of their personal electronic health information compared with people who are healthy.
Over 2,000 people, both those who say they’re healthy and those with chronic conditions, were surveyed by Accenture in February-March 2014, and their responses are summarized in the report, Consumers with Chronic Conditions Believe the Ability to Access Electronic Medical Records Outweighs Concern of Privacy Invasion.
Slight more consumers are concerned about privacy risks related to online banking, online shopping, and in-store credit cards (thank you, Target and Neiman-Marcus) than the security of EMR data, shown in the first graphic.
While 87% of people believe it is important to have control over their personal health data, 55% believe they have little or no control over it, which yields a big confidence gap among U.S. health consumers who are seeing their data moving from paper to digital medical records as their health providers have been adopting and implementing EMRs over the past few years in response to incentives in the HITECH Act. (For more on this, see 4 in 5 doctors in American use an EHR, but most not ready for Stage 2 here in Health Populi).
The two reasons consumers with chronic conditions don’t yet access their EMRs are (1) 55% say they don’t know how to access their medical information, and (2) 17% claim that they trust their medical records are accurate so don’t need to check them.
Health Populi’s Hot Points: In an FTC briefing earlier this week on consumer-generated health data and privacy, I learned from the brilliant Latanya Sweeney of the Harvard University Data Privacy Lab that one-half of health data flows are not covered by HIPAA. These are shown in the second graphic. Latanya has been studying health data, and has figured out how to re-identify so-called “de-identified data.”
Given that nearly as many people are concerned about EMR data security as they are about their personal data generated through online banking, online shopping and paying with credit cards in stores (as the graphic illustrates), I asked Kaveh Safavi, managing director for Accenture’s global healthcare business, about the health data sharing/privacy trade-off.
Regarding trust, Dr. Safavi identified 2 levels from the consumer’s view:
- “I trust you won’t intentionally use my information against my interests,” such as an online social network that wants your information to use to drive advertising to the consumer; and,
- “I trust you to be a good steward of my data to prevent the loss of my information.”
In health care, we have both challenges to solve: in (1), the concern that organizations (say, a health plan) might make a decision in their financial interest and not in ‘my’ interest; and in (2), the expectation that the holder of your health information will allocate sufficient resources to ensure your personal information is protected from a malicious attack. Health consumers’ expectations may be different on the trust dimension for a health plan versus a personal physician as a trusted data steward.
As patients pay more out of pocket for health care and transact more with the health system as a “payor,” they’re becoming more consumers — with the expectations of health organizations to become and behave more like retail organizations. This includes the expectation that high levels of data security are in place for their precious information that’s held in a provider’s EMR.