Three Ways to Calm Patients’ Concerns About Patient Portal Security

This story is all too common: another security breach leaking confidential patient information to the masses and another fine totaling in the millions—$4.8 million to be exact.

This story is all too common: another security breach leaking confidential patient information to the masses and another fine totaling in the millions—$4.8 million to be exact.

We found in our study conducted last year that security was the number one reason why participants said they would not use a patient portal. An event such as this security breach is exactly what prevents patients from being open to new technologies. While patient portal may provide benefits, whether it is secure or not is what keeps the patient from using it. HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) are the two most important pieces of U.S. legislation related to patient privacy and information security. Facilities should not only be securing patient information for sake of compliance, but also to show patients that their data is safe, and easily accessible. Here are four ways organizations can work to calm concerns expressed by potential patient portal users:

1. Educating patients about portal security. Similar to banking online, the key is to educate end users on
   

   Physicians should educate patients, not only on how to use patient portals, but also how the portals works and protects their information.

   how to protect their log-in information and password. Just as they would not provide someone their banking ID, so should they treat healthcare information the same. Additional education about how information is protected should also be presented to patients.This includes informing them about portal monitoring, but also telling them about security systems in place, such as multi-tiered firewalls, that protect access to the portal and track for intrusions.

2. Educating patients on the value of a portal versus the conventional method. Compared to the alternative, which is film, paper or CD, which means if lost, that information is more accessible by someone else.While patient engagement is a requirement of Meaningful Use Stage 2, facilities cannot force a patient to use a portal. Keeping the sign-up process voluntary removes the sense of pressure and relieves anxiety felt by the patients when being forced into a situation.
3. Being proactive with incident and response programs. The portal should be monitored proactively so that risks can be alleviated at a moment’s notice and patients can be informed in a timely manner of any issues of which they need to be aware. Assuring patients that the well-being and security of the portal is looked after 24/7/365 adds an additional level of confidence that can bring in a larger volume of portal users.

Security in the IT space is becoming increasingly complex every day, but that is not slowing down the transition to digital environments. This means that organizations must adapt accordingly, especially with security measures, or else they will continue to see large fines for violating HIPAA and HITECH practices.

What do you currently see as being the biggest barrier to patient portal adoption at your facility? Are security concerns often expressed by patients? If so, what are they and how do you alleviate those concerns?