Improving the balance between data exchange and privacy
In analyzing the state of health data security, there’s a growing struggle between robust health data exchange and respecting patients’ privacy concerns.
The current state of health data exchange in the U.S. is rooted in two truths that seemingly oppose each other. On one hand, since the passage of the 21st Century Cures Act, more healthcare organizations are participating in national health information exchange than ever, creating a more connected healthcare system with the potential to improve the quality of care, and how it is coordinated and paid for.
At the same time, patient concerns about the security of their data have gained steam. Trust in the institutions that hold and share patient data is paramount to the continued growth of data sharing, but it’s severely lacking. With high-profile data breaches from health systems and stories about apps and tech companies misusing sensitive health data in the news seemingly on weekly basis, it’s easy to see why.
A new report on the state of patient privacy uncovers patients’ concerns around health data security with the backdrop of increased data exchange, shedding light on how patients view the possible advantages and risks that come with their health information being shared by third parties.
Concerns around breaches
Among the most definitive findings from this recent research is that patients are concerned about data breaches. In fact, 95 percent of respondents expressed some level of concern, with 70 percent expressing moderate or extreme concern. More than half of respondents say that they are worried about whether the companies handling their data are providing sufficient privacy and security protections.
That distrust is especially true of Big Tech companies, with nearly two-thirds of survey respondents saying that they don’t trust these organizations with their health data. Companies like Meta and Google have made various efforts to move into healthcare in recent years, but they’ve been embroiled in controversies related to mishandling user data and a lack of transparency into data collection methods. Plus, unlike provider organizations that suffer breaches, the business models of many tech companies rely on data monetization, raising serious questions about their motivations for collecting — and potentially commercializing — private health data.
It makes sense, then, that most survey respondents (60 percent) say they feel more confident in health data exchange when it’s facilitated by government-approved entities. Patients are clearly wary of exactly who is handling their data, and it’s clear that Big Tech’s reputation has consequences here, too.
As these companies continue their healthcare efforts, building back patient trust will be an important challenge to overcome. While their scale and capabilities present opportunities to improve healthcare research and delivery, their involvement also increases the number of risk vectors that put data in harm’s way.
Nervousness around use cases
Patient concerns about health data sharing aren’t universal. According to the survey, a majority of patients (71 percent) actually are comfortable with sharing health data with healthcare providers for treatment purposes, like sharing health records, test results or medication history among providers involved in a patient’s care.
However, the comfort generally ends there. Only 39 percent of patients surveyed said they’re comfortable sharing their data for payment-related purposes, and the numbers are even lower for operations-related purposes (28 percent) and public health purposes (23 percent).
This perhaps shouldn’t come as a surprise. It’s easy to see the treatment use case as the one that most directly benefits patients, many of whom have first-hand frustrations from poorly coordinated care. But to fully realize the potential of expanded health data exchange, it’s important to get patients comfortable with other uses cases, too.
The importance of individual access
Individual Access Services (IAS), which enable patients to access and manage their own health information, is becoming increasingly important in the United States as the healthcare industry continues to shift towards a more patient-centered approach.
According to the survey data, patients care a lot about medical record access, with nearly three-quarters of respondents saying accessing their own medical records is “very important.” IAS enable patients to take a more active role in their own healthcare, and survey results show that patients walk away from viewing their health data feeling more informed.
These findings illustrate that patients want to be more involved in their own care and have access to the information powering that care. To make this a reality and help health data exchange reach its fullest potential, it’s essential to involve patients in the national dialogue around health data sharing.
Policymakers and industry leaders must account for patient concerns and educate them on how their data will be used and shared, particularly for use cases outside of treatment. Doing so will put us on a path to a more connected healthcare ecosystem – one that is truly patient-centered.
Steve Yaskin is founder and CEO of Health Gorilla.