Getty Images/iStockphoto

AMA: Patients Demand Health Data Privacy, Accountability, Transparency

Three-quarters of surveyed patients expressed health data privacy concerns, and nine out of ten patients said they wanted to see companies held accountable for health data use.

Three-quarters of surveyed patients expressed significant health data privacy concerns and confusion about how their health information is handled, the American Medical Association (AMA) discovered. The AMA partnered with patient-owned insights co-op Savvy Cooperative to survey 1,000 patients on health data privacy issues and found that most respondents were unclear about what rules protected their health data and who might have access to it.

More than 90 percent of surveyed patients reported believing that privacy is a right and that their health data should not be available for purchase. But only 20 percent of patients indicated that they understood which individuals and companies had access to their health data, and how they were using that data.

“The AMA is highly concerned that patients’ private medical information is increasingly vulnerable and digital patient data is being shared beyond the confines of the HIPAA framework without protections of federal privacy,” the survey report stated.

In the aftermath of the Supreme Court’s decision to overturn Dobbs v. Jackson Women’s Health Organization, health data use has been brought to the forefront of discussions surrounding data privacy. HIPAA safeguards sensitive health data, but it only applies to HIPAA-covered entities and their business associates, not to tech companies and health apps that may hold equally sensitive data.

The issue prompted two US Senators to write a letter to HHS asking it to consider updates to the HIPAA Privacy Rule to safeguard reproductive rights and patient privacy. Additionally, the FTC recently vowed to enforce against improper consumer location and health data privacy practices, and the House Committee on Oversight and Reform launched an investigation into five data brokers and five health apps over their handling of reproductive health data.

As these investigations unfold, patients are left to deal with the existing uncertainties surrounding the security and privacy of their health data.

Unsurprisingly, the AMA found that patients are still the most comfortable with their doctor, hospital, or health system having access to their health data, and least comfortable with social media sites, big tech companies, and prospective employees having access to that data.

“Patients trust that physicians are committed to protecting patient privacy—a crucial element for honest health discussions,” Jack Resneck Jr., MD, president of the AMA, explained in a press release.

“Many digital health technologies, however, lack even basic privacy safeguards. More must be done by policymakers and developers to protect patients’ health information. Most health apps are either unregulated or underregulated, requiring near and long-term policy initiatives and robust enforcement by federal and state regulators. Patient confidence in data privacy is undermined as technology companies and data brokers gain access to indelible health data without patient knowledge or consent and share this information with third parties, including law enforcement.”

Nearly 93 percent of surveyed patients said they wanted health app developers to publicly state if and how their product adheres to industry standards for health data privacy. Almost 88 percent of surveyed patients reported believing that their doctors or hospitals should have the ability to verify the security of health apps before giving them access to their health data.

“Unfortunately, federal regulations prevent providers from conducting necessary privacy and security reviews of apps,” the report noted.

Transparency and accountability by companies that hold health data appear to be the keys to easing patient health data privacy concerns. In addition, many patients expressed their desire for more control in how their data is used. Nearly 80 percent of respondents wanted to have the ability to opt-out of some health data sharing, and more than 75 percent of respondents wanted the chance to opt-in before a company is even allowed to use any of their health data.  

The AMA also suggested that improper health data use could have a direct impact on health equity. Nearly 60 percent of respondents reported worrying that their health data could be used by companies to discriminate against them or their loved ones or exclude them from housing and employment opportunities.

“Privacy efforts must include non-discrimination protections to avoid exacerbating existing inequities or creating new ones,” the report continued.

“Patients must be able to trust that the information captured using digital health tools will not be used against them (e.g., in immigration/removal proceedings; impeding access to insurance coverage, government benefits and social services).”

The AMA expressed its support for stronger regulations surrounding patients’ right to data privacy and called on policymakers to “restore trust in data exchange that facilitates accessible, equitable, and personalized care.”

“As Congress continues discussions around federal privacy legislation, the AMA seeks to ensure that resulting privacy law protects the sacred trust at the heart of the physician-patient relationship,” the AMA stated.

Next Steps

Dig Deeper on Health data access & privacy