Consumer Access to EHRs Could Help Improve Security Efforts

by Mary Butler

This is the second installment of the Journal of AHIMA’s special series for Privacy and Security Month at AHIMA. Click here to read the first installment.

Last year was a banner year for healthcare privacy breaches, according to an annual report that found the number of patients affected by breaches in 2014 grew 22 percent over the year prior.

The Ponemon Institute, with support from Kaiser Permanente, ID Experts, Experian Data Breach Resolution, and Identity Finder, also found that in the five years that it has been publishing its survey results, the number of medical identity theft incidents has nearly doubled, reaching more than two million victims.

The Institute’s 2014 survey, released in February, didn’t even include the two biggest breaches of 2015—the Anthem cyber attack that affected 80 million individuals, and the more recent Premera Blue Cross breach, which compromised the identities of 11 million patients in March. In 2014 alone, consumers spent over $20 million out of pocket to resolve issues tied to security breaches.

HIM Implications

To develop the report, the Ponemon Institute surveyed adult-aged individuals who self-reported they or close family members were victims of medical identity theft, and thus researchers were able to draw conclusions based on feedback from individuals intimately involved in a breach.

According to the report, providers and insurers seldom notified the individuals that their data was compromised. Thirty-three percent of respondents noticed errors and mistakes in their invoices, on their own. Thirty-nine percent discovered the breach when they received phone calls or letters from collection agencies, and 32 percent found mistakes in their own health records.

The researchers posit that identity theft could be more quickly discovered and acted upon if more consumers carefully reviewed their electronic health records (EHRs).

“Despite the fact that respondents in this study have been victims of some type of identity theft, only 17 percent check their records for accuracy most of the time and 23 percent check some of the time. That means 60 percent of identity theft victims are not taking this precautionary step,” the report authors wrote.

The survey also revealed that 60 percent of respondents don’t check their records because they don’t know how. The authors recommend that providers should work hard to make EHRs accessible to patients as part of their own efforts to reduce breaches.