Many withhold medical information over privacy fears, study finds
A substantial number of Americans are worried about the security of their medical information.
Nearly 1 in 8 people have withheld information about themselves from a healthcare provider due to concerns about security and privacy, according to a study published online by the Journal of the American Medical Informatics Association.
The findings are based on data from the “fourth wave” of the Health Information National Trends Survey, also known as HINTS4, sponsored by the National Cancer Institute.
The work “underscores the need for enhanced measures to secure patients' PHI to avoid undermining their trust,” according to its team of authors, headed by Dr. Israel Agaku, a researcher at the Harvard School of Public Health.
The study was launched to assess the perceptions and behaviors of U.S. adults about the security of their protected health information, or PHI. It focused on people's views about their individually identifiable medical records as defined under the Health Insurance Portability and Accountability Act.
Slightly more than 12% of survey respondents indicated they had withheld information from a healthcare provider due to security concerns, the report said. The likelihood of respondents saying that they had withheld information increased among those who expressed perceptions that they “had very little to say about how their medical records were used.”
Under a 2002 revision of the HIPAA privacy rule, HHS granted providers, insurance companies, claims clearinghouses and other so-called “covered entities” authorization to disclose patient information without their consent for treatment, payment and other healthcare operations, a broad category that includes many common, secondary uses of healthcare information.
James Pyles, a Washington privacy lawyer, noted that Agaku's results are remarkably consistent with those of prior surveys on privacy, security and patient behavior conducted in 2005 and 1999 by the California HealthCare Foundation.
The 2005 foundation survey found that two-thirds of respondents indicated that computer security breaches had raised concerns about privacy; 13% indicated they'd practiced some form of "privacy protective behaviors."
“It is likely that the public concern reflected in the study would be even greater if the public appreciated that the HIPAA privacy rule and the HITECH law provide the individual with few rights to control the use and disclosure of their health information and provide federal permission to disclose health information in a manner that is inconsistent with professional ethics,” Pyles said.
HITECH is the health information technology section of the American Recovery and Reinvestment Act of 2009.
Follow Joseph Conn on Twitter: @MHJConn