INTRODUCTION
Some patients may withhold relevant medical information from their provider because of concerns about the security and privacy of their information, or about how their information will be used.1 With increasing reliance on telemedicine and telehealth tools (e.g., patient portals) in response to the coronavirus disease 2019 (COVID-19) pandemic, this issue may be particularly problematic. As withholding information can compromise providers’ ability to deliver appropriate care, the accuracy of public health surveillance system data, and even population health efforts to mitigate the spread of COVID-19, we need to understand how patients’ concerns about the privacy and security of their medical information may lead to information-withholding behaviors.
METHODS
Data for the present study came from a survey administered to patients hospitalized at a large academic medical center (AMC) enrolled in a pragmatic randomized controlled trial (RCT).2 The RCT studied the relationship between inpatient portal use and patients’ care experience. One survey section asked about patients’ attitudes toward use of health information technology, including their perceptions about information security risks and privacy. These questions were adapted from the National Cancer Institute’s Health Information Technology National Trends Survey. The Institutional Review Board of the AMC approved this study.
The dependent variable for this study was the answer to the question “Have you ever kept information from your healthcare provider because you were concerned about the privacy or security of your medical record?” (yes/no). On the basis of previous research,3 we included four independent variables derived from answers to questions about medical information privacy and security:
-
1.
“If your medical information is sent electronically from one health provider to another, how concerned are you that an unauthorized person will see it?”
-
2.
“How confident are you that you have some say in who is allowed to collect, use, and share your medical information?”
-
3.
“How confident are you that safeguards (including the use of technology) are in place to protect your medical records from being seen by people who aren’t permitted to see them?”
-
4.
“How interested are you in exchanging medical information electronically with a healthcare provider?”
A multivariable logistic regression model was used to test the relationship of the independent variables with information-withholding behavior, adjusting for patient demographics.
RESULTS
Table 1 summarizes patient characteristics and survey responses of our study participants. Results of our regression analysis (Table 2) show that for patients who were concerned that their medical information would be compromised if it was sent electronically between providers, the odds of withholding information from their provider was three times that of patients without concerns. Conversely, for patients who were confident about the privacy of their medical information, the odds of keeping information from their provider was approximately half of those who were not confident. Black patients were generally more likely to withhold information compared with White patients. Patients who were older, married, employed, and in good mental health and who had healthcare coverage were less likely to keep information from their provider.
DISCUSSION
Similar to previous research conducted in the general population,3, 4 our findings suggest that many hospitalized patients are concerned about who has access to their medical information, and we found an association between these concerns and patients’ reported information-withholding behavior. While these findings were limited to the perceptions of patients from a single AMC, they are nonetheless important for providers to consider given relaxation of Health Insurance Portability and Accountability Act (HIPAA) protections in response to COVID-19. Specifically, the U.S. Office for Civil Rights has granted business associates (e.g., healthcare clearinghouses) the ability to make good-faith disclosures of personal medical information for public health activities as long as the patient is informed within 10 days.5
In order to protect against potential adverse impacts of this rule on disclosure, providers likely need to reinforce technological safeguards, such as secure and encrypted communication, and clearly communicate about how patients’ medical information is accessed, stored, and used in order to honor patient privacy preferences6 and potentially address patients’ concerns in this area. Monitoring the impact of these changes on patients’ information-withholding behavior will be critical to ensure providers have the appropriate information to enable delivery of high-quality care.
References
Abdelhamid M, Gaia J, Sanders GL. Putting the Focus Back on the Patient: How Privacy Concerns Affect Personal Health Information Sharing Intentions. J Med Internet Res. 2017;19(9):e169.
McAlearney AS, Sieck CJ, Hefner JL, et al. High Touch and High Tech (HT2) Proposal: Transforming Patient Engagement Throughout the Continuum of Care by Engaging Patients with Portal Technology at the Bedside. JMIR Res Protoc. 2016;5(4):e221.
Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. J Am Med Inform Assoc. 2014;21(2):374-378.
Walker DM, Johnson T, Ford EW, Huerta TR. Trust Me, I'm a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior. J Med Internet Res. 2017;19(1):e2.
Department of Health and Human Services. Notification of enforcement discretion under HIPAA to allow uses and disclosures of protected health information by business associates for public health and health oversight activities in response to COVID-19 (45 CFR Parts 160 and 164). Published 2020. Available at: https://www.hhs.gov/sites/default/files/notification-enforcement-discretion-hipaa.pdf?language=en. Accessed May 4, 2020.
Chaet D, Clearfield R, Sabin JE, Skimming K. Ethical practice in Telehealth and Telemedicine. J Gen Intern Med. 2017;32(10):1136-1140.
Acknowledgments
The authors wish to thank Alice Gaughan, Lindsey Sova, Jaclyn Volney, Danijela Cvijetinovic, Toby Weinert, Allison Silverman, Ayanna Scott, and Karen Alexander, all affiliated with the authors’ organization, for their assistance with this project, and all the participants in this study.
Funding
This research was supported by grants from the Agency for Healthcare Research on Quality (Grant No. P30HS024379, Grant No. R01HS024091 and Grant No. R21HS024767).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they do not have a conflict of interest.
Disclaimer
While this research was funded by the Agency for Healthcare Research and Quality, the study sponsor had no involvement in the collection, analysis, or interpretation of data; in the writing of this manuscript; or in the decision to submit the manuscript for publication.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
DePuccio, M.J., Di Tosto, G., Walker, D.M. et al. Patients’ Perceptions About Medical Record Privacy and Security: Implications for Withholding of Information During the COVID-19 Pandemic. J GEN INTERN MED 35, 3122–3125 (2020). https://doi.org/10.1007/s11606-020-05998-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11606-020-05998-6