HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Patients Want to Share Their PHI, Says ONC Study

A new study released by the Office of the National Coordinator for Health IT (ONC) this week – Individuals’ Perceptions of the Privacy and Security of Medical Records – suggests that patients are happy with their healthcare data being shared; they just don’t want that information shared with unauthorized individuals.

Healthcare Data Privacy Protections under HIPAA

The sharing of healthcare data is highly restricted under the Health Insurance Portability and Accountability Act (HIPAA). The information can only be viewed by authorized individuals for the purpose of providing medical care or other essential healthcare purposes such as billing. Protected Health Information (PHI) cannot even be shared for the purposes of medical research, unless the data is first de-identified or patient permission is obtained.

This may be about to change, certainly for the purposes of research, but how do patients actually feel about the use of their data by healthcare providers? Do they have concerns about the growth in use of Electronic Health Records (EHRs)? Vaishali Patel, PhD MPH and his team decided to find out.

Specifically the team wanted to determine whether the adoption of EHRs by healthcare providers was responsible for the growing concern of patients that their health records were no longer safe. By the end of 2013, 75% of healthcare providers had adopted EHRs.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The study looked at the change in attitudes between 2012 and 2013 and also examined whether privacy and security fears were linked to the medium used to store medical records.

Patient Privacy & Security Fears not Tied to EHR Uptake


One of the most important findings was that in spite of patients having major concerns about privacy and security, those concerns were not sufficiently high to stop information being given to healthcare providers. The study found that this was the case for just 10% of individuals.

In 2013, 69% of individuals said that they were very or somewhat concerned about the privacy of information in their medical records, while a year previously that figure was 75%. For data security the level of concern was higher, with 75% currently worried about the security of their healthcare data compared to 77% the year before. There was no significant change in the number of individuals choosing to withhold data, in spite of the increase in EHR adoption.

This was further explored by asking the participants in the study about their views on EHRs over their paper counterparts. Interestingly, while the perception of EHRs may be that data is easier to steal, consumers appear to believe the reverse is true.

Privacy concerns were higher for paper records (75%) than EHRs (69%) and the responses regarding data security told a similar story, with paper record security being a concern for 83% of respondents, compared to only 74% who had concerns about EHR record security. The researchers did point out however that the difference between the two results is not statistically significant.

There was also no statistically significant difference between how medical records are shared among the care team, with views on electronic file transfer and fax transmission being broadly the same.

Patients Want their Healthcare Data Shared


The study clearly showed that in spite of patients’ fears about privacy and security of healthcare data, they do appreciate the benefits that electronic medical records bring. Patients are comfortable with their EHRs being shared between healthcare providers, regardless of the risk of data being accessed inappropriately.

In 2012, 75% of survey respondents said they wanted their healthcare providers to use an EHR, regardless of the risks. There was a one percent rise in responses to the question in 2013.

Sharing of data electronically with other healthcare providers appeared to be viewed as involving more risk. 74% of individuals believed the electronic transfer of medical records was a necessity in 2012. The figure for 2013 was 70%.

According to Patel, “We found that the concerns individuals may have about the privacy and security of their medical records are not unique or limited to EHRs. More importantly, in spite of potential concerns, a majority of individuals want their providers to use an EHR and to share appropriate medical information electronically with the individual’s other healthcare providers.”

The ONC Privacy and Security Study can be downloaded here.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.