Trust in HIPAA-Covered Entities Ability to Securely Store Healthcare Data Remains Low

Earlier this year, a survey conducted by Software Advice indicated that the high volume of cyberattacks, cases of insider theft, and negligence by healthcare providers with regard to data security was negatively affecting patient confidence in healthcare organizations’ ability to securely store healthcare data.

The survey was conducted on 243 healthcare patients, who were questioned about healthcare security, patient data theft and their fear of becoming a victim of a healthcare data breach.

The results of that survey revealed that 45% of patients were moderately or very concerned that they would have their private and confidential healthcare data exposed in a security breach. Just over a fifth of patients (21%) were withholding their PHI from doctors as a result of concerns about data security.

The survey was conducted shortly after the Anthem data breach, which exposed the PHI of 78.8 million health insurance subscribers, which was closely followed by the announcement that 11 million records had also been exposed in a cyber attack suffered by Premera Blue Cross.

Understandably, after close to 90 million records had been exposed, trust in insurers’ and healthcare providers’ ability to securely store healthcare data was understandably low.

A larger study was conducted by the Office of the National Coordinator in 2014 which also showed that confidence in HIPAA-covered entities’ ability to secure data was low. Last year, 10% of patients were choosing to withhold their healthcare data from providers who used electronic health records. The two studies cannot be reliably compared due to differences in sampling methods, although the apparent increase in patients withholding data is indicative of a decrease in trust.

With the volume of cyberattacks taking place, and numerous reports of healthcare data theft by insiders, it is understandable that many fear for the confidentiality of their health data. The ONC survey also showed that 75% of respondents were concerned or somewhat concerned about healthcare data security.

Patients Lack Trust in Healthcare Providers’ Ability to Securely Store Healthcare Data

More recently a new Harris Poll survey was conducted on 2,000 healthcare patients by the University of Phoenix College Health Professions School. The survey set out to explore attitudes toward healthcare information security. Now that the media frenzy over the Anthem and Premera Blue Cross mega data breaches has died down, it is interesting to see how attitudes have changed.

The survey showed that patients are still concerned about data security and are still distrustful of healthcare providers and insurers. 76% of respondents indicated they were concerned about the ability of their healthcare providers to protect their data from cyber attacks.

There were considerable differences in opinion between different age groups. The over 50+ age group was most likely to believe their data was under threat, with 83% of respondents in this age category being concerned about the vulnerability of their health data.

The 41-50 age group were similarly concerned, with 80% believing their data was vulnerable. The 31-40 age group was more trusting, with 71% expressing concern, and 70% of 21-30 age group showed concerned about data security.

When asked about data sharing, more than half (55%) of respondents were comfortable with data sharing. 45% said they were “not at all” or “not very” comfortable with healthcare providers sharing their health data.

It is clear that in order for confidence to improve, the volume of data breaches suffered by HIPAA-covered entities must decrease, and patients must be reassured that efforts are being made to ensure their personal information is being safeguarded. However, with hackers and cyber criminals determined to steal healthcare data, that could be an uphill struggle.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of