Security and Privacy Risks Associated With Adult Patient Portal Accounts in US Hospitals

Patient portals can help caregivers better manage care for patients, but how caregivers access the patient portal could threaten patient security and privacy. To identify the proportions of hospitals that provide proxy accounts to caregivers of adult patients, endorse password sharing with caregiver...

Full description

Saved in:
Bibliographic Details
Published in:JAMA internal medicine Vol. 180; no. 6; p. 845
Main Authors: Latulipe, Celine, Mazumder, Syeda Fatema, Wilson, Rachel K W, Talton, Jennifer W, Bertoni, Alain G, Quandt, Sara A, Arcury, Thomas A, Miller, Jr, David P
Format: Journal Article
Language:English
Published: United States 01-06-2020
Subjects:
Online Access:Get more information
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Patient portals can help caregivers better manage care for patients, but how caregivers access the patient portal could threaten patient security and privacy. To identify the proportions of hospitals that provide proxy accounts to caregivers of adult patients, endorse password sharing with caregivers, and enable patients to restrict the types of information seen by their caregivers. This national cross-sectional study included a telephone survey and was conducted from May 21, 2018, to December 20, 2018. The randomly selected sample comprised 1 independent hospital and 1 health system-affiliated general medical hospital from every US state and the District of Columbia. Specialty hospitals and those that did not have a patient portal in place were excluded. An interviewer posing as the daughter of an older adult patient called each hospital to ask about the hospital's patient portal practices. The interviewer used a structured questionnaire to obtain information on proxy account availability, password sharing, and patient control of their own information. The primary outcome was the proportion of hospitals that provided proxy accounts to caregivers of adult patients. Secondary outcomes were the proportion of hospitals with personnel who endorsed password sharing and the proportion that allowed adult patients to limit the types of information available to caregivers. After exclusions, a total of 102 (51 health system-affiliated and 51 independent) hospitals were included in the study. Of these hospitals, 69 (68%) provided proxy accounts to caregivers of adult patients and 26 (25%) did not. In 7 of 102 hospitals (7%), the surveyed personnel did not know if proxy accounts were available. In the 94 hospitals asked about password sharing between the patient and caregiver, personnel in 42 hospitals (45%) endorsed the practice. Among hospitals that provided proxy accounts, only 13 of the 69 hospitals (19%) offered controls that enabled patients to restrict the types of information their proxies could see. This study found that almost half of surveyed hospital personnel recommended password sharing and that few hospitals enabled patients to limit the types of information seen by those with proxy access. These findings suggest that hospitals and electronic health record (HER) vendors need to improve the availability and setup process of proxy accounts in a way that allows caregivers to care for patients without violating their privacy.
ISSN:2168-6114
DOI:10.1001/jamainternmed.2020.0515