HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Survey Explores Trust in Healthcare Organizations’ Ability to Keep Data Secure

A recent survey by Accenture has explored consumers’ attitudes about healthcare data security and revealed the impact healthcare data breaches have had on consumers.

The survey showed the extent to which individuals had suffered losses as a result of a data breach, how consumers felt their organization handled data breaches and the effect those breaches had on trust.

Trust in Healthcare Providers and Insurers is High

In the United States, trust in healthcare providers’ and health insurers’ ability to keep sensitive data secure is high. 88% of respondents said they trusted their physician or other healthcare providers ‘somewhat’ (53%) or ‘a great deal’ (36%). Trust in hospitals was slightly lower at 84% (54% somewhat / 30% a great deal). Health insurers and laboratories that process medical tests fared slightly worse, both somewhat trusted by 54% of respondents and trusted a great deal by 28% of respondents.

Distrust –not at all trusted or not trusted very much – was highest in urgent care clinics (25%), non-medical staff at physicians’ and healthcare providers’ offices (36%) and tech companies that provide wearables and health apps (43%). As a comparison, 56% said they somewhat trusted or trusted the government a great deal with respect to health data security. 32% didn’t trust the government very much and 13% didn’t trust the government at all.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

80% of consumers were very confident or somewhat confident in their healthcare providers’ data security measures, with trust in health insurers’ data security measures a fraction lower at 79%. The measures put in place by health app and device companies only received the highest two ratings by 63% of consumers.

Trust may be fairly high, but a quarter of U.S. consumers have experienced a breach of their healthcare data and half of those individuals have been a victim of medical identity theft as a direct result. Consumers have been forced to cover costs as a result of the exposure of their data, with 88% of individuals spending an average of $2,528.

More than a third of those individuals said their hospital had experienced the breach. 22% said their pharmacy or urgent care clinic had been breached with health insurers’ and physicians’ offices the next worst affected, with 21% of consumers saying they were the source of the breach.

Even with HIPAA Rules requiring breach notifications to be sent to patients, half of those impacted by a health data breach said they found out about it on their own. Only 36% of respondents said their company told them about the breach, although 91% said action was taken by that company in response to the breach.

The breach response was rated as being handled very well by 25% of respondents and somewhat well by 51% of respondents. 18% said the breach response was not handled very well and 6% said it was not handled well at all.

Trust in Healthcare Organizations May Improve After a Data Breach

While healthcare data breaches have the potential to destroy patients’ and health plan members’ trust in their providers, the survey showed that is not always the case. In fact, in 41% of cases, consumers’ trust in their healthcare organizations increased after a data breach.

12% of respondents said they ended up trusting their providers much more, 29% said they trusted their providers a little more and 24% said the breach response made no difference to trust levels.

The results show just how important it is for the breach response to be handled well. 34% of respondents said they lost trust in their healthcare organization after a breach was experienced.

Getting the breach response right is essential if healthcare organizations want to ensure trust is not negatively affected. For that to happen, organizations must be prepared for the worst and have policies and procedures that can be rapidly implemented when a breach is discovered.

Fast notifications are important for consumers as they need to take action to secure their accounts and protect their identities. 91% of respondents said they personally took action when they discovered their health data had been stolen. The faster that process can take place, the less likely consumers are to experience losses.

Getting breach notifications right is also important. If trust is to be built, consumers need to be reassured that privacy and security is taken seriously. Consumers should also be informed about the actions that are being taken in response to the breach to ensure a similar incident will not occur in the future. However, this is an area that could be improved.

Only 27% of companies explained the cause of the breach and just 26% the breach has prompted them to add new security protocols. Only 22% explained how future breaches would be prevented.

Fewer than a quarter of companies (24%) explained the potential consequences of the breach to consumers and only 23% offered identity theft protection services.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.