People have strong concerns about medical identity theft from EHRs, according to a new survey by Harris Interactive.
As health care facilities
increasingly adopt electronic health records (EHRs), a large number of
consumers are fearful of the ability of organizations to keep them secure,
according to a survey performed by Harris Interactive and commissioned by SailPoint
SailPoint is a developer of
identity-management and governance applications that help IT managers in
industries such as health care and financial services control access to data.
For the survey, conducted
from May 24 to June 2, Harris interviewed 2,241 consumers in Great Britain,
1,023 adults in Australia and 2,309 people in the United States. SailPoint
announced the results of the Market Pulse Survey on Sept. 20.
The focus of the survey was
to assess how EHRs affected consumer attitudes, according to Jackie Gilbert,
SailPoint's co-founder and vice president of marketing.
"It's interesting that
people's fears are pretty well aligned to what's actually going on out there in
the industry," Gilbert told eWEEK.
Among the concerns consumers
had regarding EHRs were fears of identity theft, nosy health care workers,
medical records exposed on the Internet and employers finding out about a
personal medical condition.
In fact, one in five
American, one in two British, and one in three Australian employees admitted
they would steal electronic data from their employers, according to the report.
Of the respondents
interviewed, 80 percent of Americans, 81 percent of Britons and 83 percent of
Australians were concerned about converting medical information to electronic media,
according to the report.
Identity theft was a major
worry among the respondents, particularly by their co-workers or other
employers. As far as identity, 35 percent of Americans, 33 percent of Britons
and 37 percent of Australians expressed fears about identity theft.
Gilbert described the
medical identity theft in health care as worse than in financial services.
"People who are
suffering from medical identity theft are experiencing the same impact as
financial identity theft, but in a way, it's probably even riskier because most
banks and credit card companies would make good on the losses," Gilbert
"Most people hear
identity theft, and they assume you're talking about something in the financial
services realm," she said.
Meanwhile, of the
respondents, 10 percent of Americans, 14 percent of Britons and 11 percent of
these Australians expressed concern about staff members improperly accessing
private health data.
This snooping was also a key
concern expressed by respondents in a PricewaterhouseCoopers
showing that health care organizations are unprepared to
secure patient data.
"If you track this,
you've probably seen that a growing number of people are affected by health
care data breaches, and in many cases, theft is involved-either theft of paper
records or theft of electronic records," Gilbert said.
Gilbert mentioned a recent
case at Southern California Medical-Legal Consultants (SCMLC), in which the
personal data of 300,000 applicants for workers' compensation benefits was
exposed, including Social Security numbers.
SCMLC is a California firm
that represents medical providers as they seek payment from workers' compensation-insurance
"In some widely
publicized cases, the very basics of user access control were not put in place
to safeguard sensitive data, making it child's play for intruders to gain
access to it," Gilbert said.
As data breaches continue to
be a threat with more health data available electronically, the Obama
administration made the
Health Insurance Portability and
Accountability Act. (HIPAA) privacy laws
more stringent under the
2009 Health Information
Technology for Economic and Clinical Health (
"Unfortunately, as this
survey shows, there is still a lot of work to do to win back customer
confidence in light of the number of bad examples across industries,"
In findings similar to the
Harris report, CDW Healthcare reported in March that 49 percent of patients
interviewed believed that
EHRs would have a negative effect on privacy