EHRs Raise Consumer Fears of Identity Theft: Harris Interactive

As health care facilities increasingly adopt electronic health records (EHRs), a large number of consumers are fearful of the ability of organizations to keep them secure, according to a survey performed by Harris Interactive and commissioned by SailPoint.

SailPoint is a developer of identity-management and governance applications that help IT managers in industries such as health care and financial services control access to data.

For the survey, conducted from May 24 to June 2, Harris interviewed 2,241 consumers in Great Britain, 1,023 adults in Australia and 2,309 people in the United States. SailPoint announced the results of the Market Pulse Survey on Sept. 20.

The focus of the survey was to assess how EHRs affected consumer attitudes, according to Jackie Gilbert, SailPoint's co-founder and vice president of marketing.

"It's interesting that people's fears are pretty well aligned to what's actually going on out there in the industry," Gilbert told eWEEK.

Among the concerns consumers had regarding EHRs were fears of identity theft, nosy health care workers, medical records exposed on the Internet and employers finding out about a personal medical condition.

In fact, one in five American, one in two British, and one in three Australian employees admitted they would steal electronic data from their employers, according to the report.

Of the respondents interviewed, 80 percent of Americans, 81 percent of Britons and 83 percent of Australians were concerned about converting medical information to electronic media, according to the report.

Identity theft was a major worry among the respondents, particularly by their co-workers or other employers. As far as identity, 35 percent of Americans, 33 percent of Britons and 37 percent of Australians expressed fears about identity theft.

Gilbert described the medical identity theft in health care as worse than in financial services.

"People who are suffering from medical identity theft are experiencing the same impact as financial identity theft, but in a way, it's probably even riskier because most banks and credit card companies would make good on the losses," Gilbert said.

"Most people hear identity theft, and they assume you're talking about something in the financial services realm," she said.

Meanwhile, of the respondents, 10 percent of Americans, 14 percent of Britons and 11 percent of these Australians expressed concern about staff members improperly accessing private health data.

This snooping was also a key concern expressed by respondents in a PricewaterhouseCoopers (PwC) report showing that health care organizations are unprepared to secure patient data.

"If you track this, you've probably seen that a growing number of people are affected by health care data breaches, and in many cases, theft is involved—either theft of paper records or theft of electronic records," Gilbert said.

Gilbert mentioned a recent case at Southern California Medical-Legal Consultants (SCMLC), in which the personal data of 300,000 applicants for workers' compensation benefits was exposed, including Social Security numbers.

SCMLC is a California firm that represents medical providers as they seek payment from workers' compensation-insurance carriers.

"In some widely publicized cases, the very basics of user access control were not put in place to safeguard sensitive data, making it child's play for intruders to gain access to it," Gilbert said.

As data breaches continue to be a threat with more health data available electronically, the Obama administration made the Health Insurance Portability and Accountability Act. (HIPAA) privacy laws more stringent under the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act.

"Unfortunately, as this survey shows, there is still a lot of work to do to win back customer confidence in light of the number of bad examples across industries," Gilbert said.

In findings similar to the Harris report, CDW Healthcare reported in March that 49 percent of patients interviewed believed that EHRs would have a negative effect on privacy.