Healthcare Information Security

Cybersecurity News

VA patients discuss secure messaging barriers, benefits

By Patrick Ouellette

- Secure messaging tools within patient portals are gaining momentum within healthcare, but similar to other patient engagement initiatives, healthcare organizations must ensure patients know that they need to secure their data on their end as well.

The United States Department of Veterans Affairs (VA) just released a paper titled “Evaluating User Experiences of the Secure Messaging Tool on the Veterans Affairs’ Patient Portal System.” The VA interviewed 33 veterans who had access to and had previously used the portal’s Secure Messaging tool (My HealtheVet) for the paper. According to the report, there were four interview themes: (1) perceived benefits of using Secure Messaging, (2) barriers to using Secure Messaging, (3) facilitators for using Secure Messaging, and (4) suggestions for improving Secure Messaging. took a long look at “Perceived Barriers to Using Secure Messaging” and some of the veterans cited privacy and security issues in their responses. Prominent areas of concern included not knowing how to register and initiate the authentication process required in using Secure Messaging and not fully understanding the circumstances and situations in which they should use the Secure Messaging tool. This was one veteran’s explanation of privacy and security barriers:

I think Secure Messaging has great potential but it just has to be explained…they have to stop letting you think you’re talking to your doctor somehow, it has to be a little clearer…it’s misleading to say you’re sending a message directly to your primary care provider.

I would say it’s an indirect way of getting in touch with your doctor, and it’s open to who knows how many people in the system. I get responses from a lot of people, sometimes the call center even. It’s disconcerting…when I first started using Secure Messaging, it would go directly to [my primary physician] although everybody in the clinic gets them for some reason.

Another veteran said that they see authentication as an issue:

The authentication process to use [Secure Messaging] is too cumbersome. I feel like if I can come in and see a doctor without having to do all this and the doctor knows it’s me. I mean, this seems like it ought to be something that could be done in your doctor’s office and not some other way. There has to be an easier way to do it.

Privacy and security are just part of the veterans’ responses, but it’s helpful to see how they perceive Secure Messaging in the My HealtheVet patient portal. The VA said data from this study can inform a large-scale quantitative assessment of Secure Messaging users’ experiences in a representative sample to validate qualitative findings. From a privacy and security perspective, respondents seem to believe the VA needs to add clarity to basic definitions when engaging patients with secure messaging and patient portals so they know exactly what information is going where.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks