EHR and IT Security

As healthcare organizations move forward on implementing electronic health records (EHRs), they would do well to recognize that patients are wary when it comes to EHRs and the security of their personal health information.

That is a main takeaway of a report on EHR and IT security, released today by CDW Healthcare, Vernon Hills, Ill. The report’s findings are based on a nationwide poll, conducted in January, of 1000 respondents who had visited a physician’s office or healthcare facility in the last 18 months.

Clearly patients have high expectations for their physicians to protect their personal health data, and are wary about the security of EHRs. According to the poll, 80 percent of patients cite doctors’ offices in general, or someone at the office, as responsible for the protection of their personal data. And many are comfortable with that: 83 percent of respondents said they trust doctors to use their data in their patients’ best interest; while a lower but still significant number, 67 percent, trust their physicians to protect their patient data.

Yet many are distrustful of EHRs. When asked about the effect that EHRs will have on the privacy of their personal information and health data, 49 percent said it would have somewhat or significantly negative effect; and another 24 percent said it would have no effect. Only 27 percent said the effect would be positive.

Regarding their particular concerns, 35 percent worried about their personal health information being available to anyone on the Internet—a significant factor, given the rise in the availability of social media tools in the healthcare space. In fact, 24 percent of respondents have concerns about even trusting themselves enough to access their own health data. Other top concerns included identification theft and employers using health information to manage benefits or compensation, or to make hiring decisions. Financial information, personal ID information and personal health information ranked as the top three types of information that is most important to keep secure.

Are patient concerns justified? Yes, according to a separate survey conducted by CDW Healthcare in 2010, in which 30 percent of 200 physician practices said they do not use anti-virus software and another 34 percent said they do not use firewalls.