Do EHR privacy and security risks affect patient disclosure?

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon
 - patient record, EHR, EMR

A recent study in the July issue of the Journal of the American Medical Informatics Association suggests that patients are withholding information from their health providers because of privacy and security concerns related to electronic health records.

In the study, two sociologists, Celeste Campos-Castillo, PhD. and Denise L. Anthony, PhD., looked at EHRs as a “double-edged sword” in the sense that they provide potential benefits as well risks associated with privacy and security concerns. The question they were concerned with was whether patients withheld information because of those concerns.

“I’m interested in patient-doctor communication,” said Campos-Castillo, an assistant professor in the Department of Sociology in the University of Wisconsin-Milwaukee. “That’s the center point of care, and whenever a patient withholds information from their doctors it influences not only the care they receive, but the care other doctors and researchers can provide for patients who are like that individual."

The researchers analyzed a nationally representative sample from the 2012 Health Information National Trends Survey to try to answer that question and found that about one in eight patients—close to 13 percent—have withheld information from a physician for privacy or security reasons. A multivariate analysis of the results found a correlation between patients withholding information and their physician using an EHR during the patient encounter.

As for how to address this issue, “it’s difficult to tell exactly because the research hasn’t been done yet,” Campos-Castillo said. But, she suggested that past research investigating how patients reacted to disclosures about how physicians are paid showed that transparency actually increased patient trust in physicians.

Campos-Castillo and Anthony suggested that there are several things providers can do to mitigate these privacy/security concerns and increase patient disclosure.

For example, patient-provider communication could include explicit discussions about the benefits of EHRs as well as the related security and privacy risks. They pointed out that many of these concerns have to do with unauthorized access and use of patient information and that these discussions should focus on how the security of their information is protected by rules, requirements and systems standards.

More importantly, individual physicians can emphasize their commitment to the protection of patient confidentiality. While providers are required by law to show patients a Notice of Privacy Practices describing how their information is handled, it is often done superficially and physicians likely will be more successful in mitigating patient privacy concerns and EHR usage by engaging directly with the patient.

As for future research in this area, Campos-Castillo wants to further examine the link between EHRs and the withholding of information. “Is it specific to the use of electronic health records within the healthcare system?” she asked. “Or does it involve something broader, like concerns about risks related to any kind of electronic records, whether it be in healthcare, or banking, or other types of situations?”