The Danger to Patients When Health Information Privacy Isn’t Protected

“Not only are we not seeing improvements, but the hidden health data broker industry continues to grow,” says Kate Gorski, director of communications for Patient Privacy Rights, an advocacy group dedicated to protecting medical data. “Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records by Adam Tanner, released in January, is the first scholarly work detailing this subject. Latanya Sweeney, head of the Harvard University Data Privacy Lab, is working on putting together theDataMap, which tracks the many different places our data flows. The true threat to privacy comes from health information being shared without patient knowledge or consent.”

One of the biggest dangers, Gorski says, is hidden discrimination. “Many people simply don’t know who has access to their health information and how they are using it. We tend to think it is only used by our physicians, pharmacists, and insurance companies. But because all of that data is also bought and sold, we often have no way of knowing how our medical information is impacting other facets of our lives, from employment to insurance, and even mortgages.”

Gorski explains that there are simply too many examples of private health data going public to deny the impact. “People have been fired at the height of expensive cancer treatment or other expensive conditions,” she says.

The importance of privacy in EHR success

Privacy and trust are significant challenges at a time when the healthcare industry is focused on improving interoperability of electronic health records as a way to significantly improve health outcomes.

“To more deeply understand patients’ conditions and provide the best care possible, sharing data among providers across the continuum and with patients themselves is critical,” states a 2015 report from the American Hospital Association. The report notes that shared data could help patients access a holistic picture of their health history that makes sense in the context of broad health problems, rather than relying on individual portals from a range of providers. It could boost patient engagement by empowering them with meaningful information about their health, as well as help hospitals more easily transmit public health information to the CDC to improve public safety.

Through interoperable records, patients could benefit, but the cost may be considered too steep.

“We sign away our rights when we visit the doctor’s office. Signing the notice of privacy practices actually does not protect you—your signature means that you now know all of the many ways that they will use all of your sensitive information,” Gorski says. Instead, “we need a health system that prioritizes meaningful informed consent—which has actually been part of the practice of medicine for 2,000 years (the Hippocratic Oath).”

Changing tech or changing perception?

Gorski wants to see the introduction of technologies that put patients back in control of their information. “Patients need to know where it goes and how it is being used and by whom. Technology to facilitate this does exist, and could enable patients to be in control of your data, keep sensitive details private, and share it with those you trust. The motivation to bring this technology to market is what’s been missing,” she says.

But healthcare organizations also see that patients’ perception of provider trustworthiness can impact their buy-in on digital health solutions. A January study in the Journal of Medical Internet Research investigated how the patient-doctor relationship affects patients’ willingness to share their health data for use in digital health records. The researchers found that patients who felt they received high-quality care were less likely to withhold information from a provider. Based on the study’s results, researchers suggested providers could improve concerns around privacy and security by focusing on the care quality benefits that EHRs provide.

Indeed, Black Book’s survey respondents related that the more technology a physician is perceived as using to manage patient healthcare, the higher patients’ trust in that provider. Eighty-four percent of patients said their trust in their provider is influenced by how the provider uses the technology. Only 5% of consumers cited any mistrust in the technology itself.

As a result, healthcare organizations may consider taking a closer look at how they are using data as they expand their reliance on digital health records.

Megan Headley is a freelance writer for PSQH and has covered healthcare safety and operations for several publications. She can be reached at