January 14, 2016

Privacy and Information Sharing

3. Scenario: Health information, convenience and security

Sharing health information

Previous Pew Research surveys have found that Americans are quite sensitive about their personal health information and worry about how this information might be used in ways that negatively impact their ability to secure insurance, access credit or find jobs.

Still, the convenience of accessing one’s health records or interacting with one’s physician online has a relatively strong appeal. By a two-to-one margin (52% to 26%), more Americans would accept the following scenario:

A new health information website is being used by your doctor’s office to help manage patient records. Your participation would allow you to have access to your own health records and make scheduling appointments easier. If you choose to participate, you will be allowing your doctor’s office to upload your health records to the website and the doctor promises it is a secure site.

Some 20% say their response to a scenario like this would depend on the particular circumstances.

Those ages 50 and older are more likely than adults ages 18 to 49 to say this tradeoff would be acceptable to them (62% vs. 45%). Furthermore, those with some level of college education are more likely than those whose education stopped at high school to find the deal acceptable (59% vs. 44%).

Very few of those who indicated this tradeoff was acceptable gave any additional explanation for their answer. Some argued that it was self-evident why easier access to their medical records and more convenient interactions with providers’ offices would be appealing to them.

Others indicated their view on this tradeoff would be contingent on who could access their data, as well as how vulnerable they feel the doctor’s website is.

It depends on exactly what records are shared. It would have to be a very secure site for me to trust it. Scheduling appointments online wouldn’t bother me though.

“If it was with my current doctor and he showed me the site and how it was secure I may do it, because I trust him.”

“Well, it would probably be like any website. Look at all the ones that have been hacked so far. If I’m going to get hacked I would rather it be my medical records than my banking information. It would be nice to be able to know what your lab works are and not have to wait 2-3 weeks to go back to doctor to get results.”

“It’s OK if it’s my own HMO [health management organization] (Kaiser Permanente), but a third party website is unnecessary and unacceptable, [because] I want my health info kept confidential.”

According to one focus group participant: “I have Kaiser Permanente insurance. Kaiser has everything available. I can look up my cholesterol results going back 10 years and more. But that is not a public website, and I trust Kaiser Permanente, and they do very valuable research. I am even in a genetics study with them – they’ve got my DNA. But this is totally different from going through some third party website.”

“It depends on exactly what records are shared. It would have to be a very secure site for me to trust it. Scheduling appointments online wouldn’t bother me though.”

“I need to know that my medical information will be encrypted and secure from online hackers.”

“My question is: Would there be any discount for me if helped them do their job? I want my records to stay personal, not on the internet.”

“Other than just the doctor’s promise, I would want a document that contained the promise and was signed by the doctor.”

“It would need to be HIPAA [Health Insurance Portability and Accountability Act, a law governing how patient privacy is protected] compliant and very few servers meet those guidelines.”

“They would have to prove it’s a secure site. Also there should be some sort of a major fine if it’s not secure at all times.”

“[It] depends on my approval of who would get this information in the future.”

“I would want to better understand the actual security of the site and the true benefit to me vs. him/her.”

A considerable number of those who found the tradeoff unacceptable went on to explain their responses. For many it was simply a matter of the security of the information – or lack thereof:

No matter how safe you think the site is, it’s not. Hackers can bypass anything if they choose to.

“There is no such thing as a secure site. Hackers are always finding entry points into databases. Insurance companies can afford to hire hackers. The gleaned database information would allow insurance companies to deny coverage to the patients whose information was compromised. Doctors charge excessive fees to patients to use and access this online record tool. Many patients cannot afford the online record service.”

“My health records are my business and no one else’s. No website is totally secure.”

“No matter how safe you think the site is, it’s not. Hackers can bypass anything if they choose to.”

“Nothing is truly secure online. I don’t go to the doctor very often nor do I like them, and I don’t want my personal info on the WWW [World Wide Web] secure or not!”

“Do not trust doctors.”

“What am I going to do if it turns out not to be a secure website? Sue the doctor???”

According to one focus group participant: “With the government in charge of health care now, I am no longer allowing my doctors to put my information on the patient portals. I definitely don’t like the kind of control the health industry is trying to gain in my personal life. I am offended by many of the seemingly ‘none of your business’ questions they are now asking at my doctor [appointments]. I refuse to answer them, and I tell them I am offended.”

Some worried that exposure of their health data would make them targets of customized pitches to buy more medicine or unnecessary treatments:

“My health records are confidential. I don’t want them in the hands of someone unscrupulous or marketing companies possibly trying to recommend a drug or something based on a condition I may have.”

Others made references to the social problems that might result from unauthorized disclosure of the records:

“If these records ever leaked it could be devastating to people with certain diseases. I’m specifically thinking about stigmatized diseases like AIDS.”

And at least one respondent’s medical records had been hacked in the past:

“My records were stored by USPS [United States Postal Service]. The system was hacked! Now my information – all of it – is out there.”