Healthcare Information Security

Patient Privacy News

Patient Privacy Concerns Must Be a Priority for Providers

By Elizabeth Snell

- As healthcare data breaches continue to make headlines, it should come as no surprise that patient privacy concerns are also on the rise. Healthcare providers need to be aware of patient concerns, especially those that are connected with data security or the safety of individuals’ medical records.

A recent survey from Software Advice found that patient privacy concerns over the security of their PHI is sometimes severe enough to push patients to hold back on what information they share with their provider. Specifically, 21 percent of respondents said that they withhold personal health information from their doctors because of data security concerns.

This is especially troublesome because it could potentially cause harm to patients because doctors do not have all the information they need to make a proper diagnosis, according to Software Advice Market Researcher Gaby Loria.

For example, a physician may prescribe a drug that has an adverse reaction to another medication an individual is taking. However, the doctor does not know about that first prescription because they were never told about it.

“These kinds of things could happen and the fact that 21 percent of people feel this way means it’s really a red flag for physicians,” said Loria, who helped conduct the survey. “This is something they need to think about when they’re speaking with their patients and presenting their patients their security and privacy policies.”

READ MORE: Exposed Server Causes Cottage Health Healthcare Data Breach

Notice of Privacy Practices

The survey also asked respondents about the Notice of Privacy Practices (NPPs) at their provider. Forty-four percent of those surveyed said that they rarely or never read the NPPs, and just 8 percent said that they always read the notices all the way through before signing. This is particularly concerning because 45 percent of respondents also said they were very or moderately concerned about a security breach.

“As a patient I know how cumbersome it can be to walk into the doctor’s office and get handed this big stack of papers,” Loria said. “You don’t really want to spend all that time going through all that paperwork. A lot of times the language isn’t very easy to understand, and you just kind of want to sign and get treated.”

Even so, Loria explained that just 8 percent of respondents stating that they always read the NPPs given to them is “abysmally low.” It’s important for physicians to find ways of presenting these policies to their patients that are really going to ensure that their patients absorb it and understand it, Loria said. Moreover, patients need to be able to feel comfortable enough to ask questions about it. That way they can engage with their provider, according to Loria, rather than just signing a piece of paper and secretly worrying that their data isn’t secure.

In terms of the provider’s security policies, just 10 percent of respondents said that they were very confident that they understood their physician’s security policies. Nearly three-quarters reported that they were either moderately or minimally confident, while 13 percent stated that they were “not at all” confident that they understood the security policies.


Credit: Software Advice

READ MORE: VA Sees 60% Decrease in PHI Health Data Breaches in December

Software Advice also found that the way that providers react to data security issues, and even how a data breach is caused, can have an effect on patients’ confidence levels. For example, 54 percent of respondents say they would be “very” or “moderately likely” to change providers if their personal health information was inappropriately accessed. Of those respondents, 37 percent said that they would stick with their doctor if specific examples were given to how the practice’s security policies and procedures had improved after the breach.

Loria added that patients reacted very negatively toward security breaches that were caused by staff misconduct and carelessness. Respondents would be more likely to switch providers if that was the reason for a breach instead of a third-party cyber attack, she said.

“This means that doctors really have a lot of control over the way that they implement these security measures and the potential fall out if a breach were to occur,” Loria said.

Keeping the industry outlook positive

When physicians are able to put effecting safeguards in place, it will go beyond just remaining in compliance with federal regulations. According to Loria, physicians will hopefully see these survey results as a window into how patients feel about security risks.

READ MORE: UCHealth Alerts Patients of Internal Healthcare Data Breach

Strong safeguards are something that providers need to do to also improve patient satisfaction, keep patients comfortable, and also improve overall patient care.

“I hope that this is kind of a way for the industry to look at the other side and look at the more human side of it,” Loria said. “They need to be compelled to bolster the measures that they might have in place for that reason and not just for compliance.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks