Why Privacy Matters 2017-03-21T00:51:02+00:00

Why Privacy Matters

Whether you are a patient, physician or senior management for a healthcare provider, patient privacy considerations impact the quality and delivery of healthcare. Specifically, patients’ trust in their healthcare providers’ ability to keep their information private impacts how, when and whether they share sensitive medical information. When this trust is broken, care outcomes, reputations, revenue and lives are impacted.

With the advent of technical advancements and telemedicine, electronic healthcare is a liberating force for clinicians, healthcare providers and patients. However, improper access to Electronic Health Records (EHRs) can cause immense harm to hospitals’ reputations and staff, as well as irreparable damage to patients and their families.

Equally, improper use of patient data can undermine the trust of patients in EHRs, preventing healthcare providers and the industry as a whole from realizing their benefits. Unless patient privacy protections are built into IT systems, the risk of privacy breaches looms.

Failure to adequately protect patient privacy can also lead to fraud, impacting revenues in the healthcare industry and costing taxpayers money. It is in the best interests of healthcare organizations to adopt privacy measures which will protect them, their reputations, patients and staff from the severe harm caused by the misuse of patient records.

This is why patient privacy matters.

Trust in the confidentiality of medical records influences when, where, from whom and what kind of treatment is delivered to patients, and affect patient care outcomes. Survey results show:

  • 85% of US patients surveyed indicated that a care provider’s reputation for protecting privacy would influence their choice to seek care from that provider
  • 27% of patients would withhold information from their care provider
  • More than 1 out of 2 patients indicated they would seek care outside of their community, due to privacy concerns
  • 66% of patients report when a privacy breach occurs, their trust in electronic health records is affected

Similar findings were reported in the UK, France, Canada and Australia.

The relationship between patient and care provider is based on trust: patients must be able to trust that their care provider will protect their private information. Patients have a fundamental right to know that their information is safe with their healthcare provider, and must be able to trust their care teams and hospitals with the most sensitive information about themselves and their children.

When that trust is violated and patients are victimized by the misuse of access to protected health information, they lose control of the most intimate details of their lives. The harm which snooping does is often hard to measure as it can extend from malicious gossip and material losses from identity theft or burglary to financial, physical, emotional, professional and social damage.

While patients may suffer personal, professional or criminal consequences if their data is stolen, whether as a result of a data breach or fraud, their loss of faith in healthcare providers can also discourage them from seeking help or giving full details of their condition. Therefore, a healthcare provider’s reputation for privacy can impact patient confidence, patients’ lives and care outcomes.

Beyond this, electronic healthcare systems, which support and sustain better patient care outcomes, can only succeed and grow if physicians and patients have confidence in them. Patients appreciate that electronic records are essential to their healthcare, but firmly believe that their information must be protected in order to keep themselves and their families from harm. Thus, without proper safeguards of EHRs, patients’ fundamental rights to privacy are at risk.

Per the Office of the National Coordinator for Health Information Technology, “If individuals…lack trust in electronic exchange of information due to perceived or actual risks to electronic health information…it may affect their willingness to disclose necessary health information and could have life-threatening consequences.”

By withholding medical information, patients are impacting the care received and outcomes:

  • Over 53% of patients would withhold information from their care provider based on privacy concerns
  • More than 38% of patients have or would postpone seeking care for a sensitive medical condition due to privacy concerns
  • Nearly 1 out of 2 patients, 45% would seek care outside of their community due to privacy concerns with 37% indicating they would travel substantial distances, 30 miles or more, to avoid being treated at a hospital they did not trust in order to keep sensitive information confidential

Chief Information Officers (CIOs) need to support the business as well as patients, and are in charge of the data that is essential to successful electronic healthcare. However, healthcare IT systems tend to be fundamentally insecure with few built-in privacy and security capabilities. CIOs need to ensure the security of IT systems, giving patients the confidence to reveal sensitive information to their care providers, leading to the best care.

Senior executives, physicians, regulators and the public rely on CIOs to make sure that breaches do not occur, as well as to ensure that their systems comply with national and international requirements. CIOs must be confident that their IT systems combine flexibility with security, and comply with privacy regulations. The misuse of authorized access to patient information can lead to privacy breaches and massive reputational damage.

Modern healthcare providers use dozens of healthcare applications that are accessed by thousands of users, generating millions of transactions. As a result, effective manual review of these transactions is impossible. CIOs can employ proactive patient privacy monitoring software, which can effectively identify misuse of access by triggering an alert when suspicious behaviours, such as those which may indicate snooping, identity theft, medical identity theft, and fraud, occur.

As healthcare providers grow and merge, with many new providers, and information of all kinds being exchanged through larger networks, the potential for fraud and inappropriate accessing of patient records rises. It is essential for CIOs to ensure that every organization is properly protected, and as soon as possible, for the sake of the provider as well as the patient.

Healthcare Privacy, Information Technology (IT) Security and Compliance professionals are responsible for regulatory compliance and fulfilling business requirements without interfering with patient-centered care. As a group, these professionals are well aware that privacy breaches are commonplace and that staff regularly access patient records at which they have no right to look.

Privacy, IT Security and Compliance professionals need to ensure that privacy is protected. However, most healthcare providers do not have systems in place to prevent breaches, leaving the organization and its leadership vulnerable to breaches, litigation and regulatory enforcement.

Thus, the need for effective processes and technologies to detect and deter privacy breaches is great. Automated monitoring of access to electronic health records (EHRs) and privacy breach detection solutions are available, yet most healthcare organizations still use manual auditing processes that barely scratch the surface, leaving the organization open to the accusations of failure to take adequate preventative measures. When a breach occurs, it is frequently the Privacy, IT Security, and Compliance professionals who take the blame.

The protection of patient privacy is best dealt with strategically, rather than piecemeal or in response to a crisis. By developing a blueprint that includes budget and resource allocation as well as technologies and processes to protect patient privacy, it is possible to stay ahead of the curve, compliant with existing and forthcoming regulations, and give confidence to patients, physicians, senior management and the board.

Privacy, IT, Security and Compliance professionals operate under an increasing weight of regulatory compliance pressures from healthcare legislation including such as ARRA HITECH privacy and meaningful use criteria, HIPAA, EU Data Protection, UK Freedom of Information Act, California SB 541 and AB 211, Texas HB 300, Massachusetts 201 CMR 17.00 and Canadian provincial healthcare privacy law.

The credibility and reputation of any physician depends heavily on patient trust. If trust is lacking, a physician’s ability to provide the best patient care can be compromised. Patients may also choose to seek help elsewhere if they feel the confidentiality of their relationship is uncertain or think it has been compromised. Leaks of information can be highly damaging to a patient’s family or professional life, as well as exposing them to crime.

Physicians are already aware of the challenges involved in encouraging patients with sensitive health issues, such as sexual or mental health concerns, to seek treatment. Healthcare professionals can only determine the most appropriate course of treatment if patients have the confidence to tell them everything they need to know. Where a healthcare professional is seen as responsible for abusing personal information, their reputation can be destroyed.

Reputational damage may well go beyond the individual, affecting the entire institution for its failure to have effective privacy and security measures in place. By installing software to monitor who is accessing patient files and when, the patient and clinician are protected. It gives a full audit trail, proving the integrity of any individual physician.

This helps maintain the vital relationship of confidence that must exist between care provider and patient if they are to deliver the best outcomes. Once the accessing of patient records is properly monitored, physicians can have confidence in the free flow of patient information because they know that every member of any care team is aware that privacy is taken seriously.

US survey data shows that concerns about trust directly affect care outcomes. When patients withhold information, or postpone and avoid visits to care providers, the quality of their care is impacted:

  • 27% of patients with sensitive medical conditions withhold information from a healthcare provider with a poor record of protecting patient privacy
  • Over 27% postpone seeking care for a sensitive medical condition due to privacy concerns
  • 74% state that serious or repeated privacy breaches would damage the provider’s reputation
  • 85% indicated that, if they had a sensitive medical condition, a care provider’s reputation for protecting privacy would influence their choice to seek care from that provider

CEOs and senior management are responsible for the success of their organizations as well as the quality of care they provide. When privacy concerns threaten, they can impact the ability to increase revenue, attract patients, protect organizational and professional reputations, decrease costs, and meet regulatory requirements such as ARRA HITECH Meaningful Use.

Further, CEOs and senior management need to ensure the quality of patient care through the continued adoption of Electronic Health Records (EHRs), which enable providers to deliver better, safer and more sustainable healthcare. EHRs and Health Information Exchanges (HIEs) also offer care providers financial benefits, allowing more to be invested in patient care.

With healthcare organizations increasingly merging and streamlining operations, electronic sharing and the free flow of patient information provide competitive advantages,greater flexibility and collaboration, cost cutting and improved performance as well as business growth. Thus, effective privacy protection is essential to ensuring that the benefits of EHRs are realized.

The protection of patient privacy is also mandated under a variety of privacy and security regulations. Without appropriate safeguards, healthcare organizations run the risk of fines and penalties for non-compliance, reputational damage, and governmental interference in their organization.

In essence, the CEO and senior management team are the public face of a healthcare organization, and a privacy breach puts their credibility on the line. Effective measures must be in place, both to deal with immediate problems and to build a culture of respect and trust. The uncomfortable alternative is to be forced to act after experiencing a severe breach. Only proactive patient privacy protections can ensure secure and private collaboration among care teams, protect personal and organizational reputations, fulfill regulatory requirements, and protect patients and staff.

Privacy concerns can impact the ability of CEOs and senior management to:

  • Increase revenue
  • Attract patients
  • Protect organizational and professional reputations
  • Decrease costs
  • Meet regulatory requirements