As paper health records are slowly becoming non-existent, does that mean that a patient’s trust in his/her own medical records is becoming non-existent, as well? According to a Health IT Outcomes’ article, a 2014 study from the University of Wisconsin-Milwaukee and Dartmouth College found that patients are keeping some data from their doctors, in hopes to keep their data from being stored in their electronic health record (EHR).

Researchers noted:

“…findings suggest that patients may non-disclose to providers to protect against the perceived EHR privacy and security risks.

HealthIT.gov asserts the benefits of EHRs, including improved patient care and care coordination. However, if patients are not willing to share their health information, improved patient care and care coordination, cannot occur. Just like ATMs need our debit card information to allow us to withdraw cash no matter where our location, to be truly successful, EHRs will need a patient’s entire record.

Yet patients are fearful of the consequences of their information being compromised in the event of a data breach.

If patients are not willing to share their health information, improved patient care and care coordination, cannot occur.

It is no wonder that individuals are afraid of providing sensitive information to their providers who keep EHRs. One doesn’t have to look too far to find examples of how healthcare data is becoming the next big target for cyber criminals. In fact, in the largest healthcare breach involving Anthem, approximately 80 million individuals were victimized.

“…the compromise of the confidentiality, integrity and/or availability of individually identifiable health information can result in reputational, financial and clinical harm to our patients.”

As Clearwater CEO Bob Chaput noted in a recent blog post, a strong information risk management program not only meets compliance goals but also demonstrates a commitment to patient care, and in turn can provide a real competitive advantage.

However, as we continue to modernize our healthcare system, patients will have to weigh the benefits of EHRs against the inherent risks that come along for the ride.

Clinicians and executives at health care organizations need to be aware of and address these patient concerns in order to provide optimal care. Information privacy, security and risk management is no longer a compliance issue- it’s a patient care issue.

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.