Patients want privacy, accountability for how their health data is used

At a time when people are divided on so many issues, there is at least one area of near unanimous agreement: the importance of respecting patient data privacy.

The AMA teamed up with Savvy Cooperative, a patient-owned source of health care insights, and surveyed 1,000 patients nationwide to discover their thoughts about the privacy of their medical information.

The results of the patient data privacy survey (PDF) made several things clear:

• 92% believe privacy is a right and their health data should not be available for corporations or other individuals to buy.
• 94% said companies that collect, store, analyze or use health data should be held accountable under the law.
• Nearly 93% want health app developers to publicize if and how their product adheres to industry standards for handling health data.

“Physicians are committed to protecting our patients' privacy—a crucial element for honest health discussions. Yet, we learn more each day that personal health information is no longer private,” AMA President Jack Resneck Jr., MD, said.

Especially in light of the U.S. Supreme Court ruling overturning Roe v. Wade, “the lack of privacy raises many questions that could put patients and physicians in legal peril,” he added. “That medical information was previously being siphoned off and monetized was always a concern. Now, it’s a legal threat as zealous prosecutors can track patients and access their medical records to determine what medical services were provided.”

The survey discovered that when it comes to data use, 75% of patients are most comfortable with their physician having access, and 64% are comfortable with their hospital or health system having access to such information.

On the flip side, 71% of patients are very uncomfortable with social media sites having access to their data, followed by big tech with 67% and prospective employers with 63%.

“Patients trust that physicians are committed to protecting patient privacy—a crucial element for honest health discussions,” Dr. Resneck said. “Many digital health technologies, however, lack even basic privacy safeguards. More must be done by policymakers and developers to protect patients’ health information. Most health apps are either unregulated or underregulated, requiring near and long-term policy initiatives and robust enforcement by federal and state regulators.”

Nearly 88% of patients want their doctor or hospital to be able to review and verify that a health app meets security standards before it can gain access to their health data. Federal regulations, however, prevent those reviews from happening—an issue that the AMA and several other professional organizations continue to flag for policymakers.

Patients surveyed also want more control over how their information is used:

• Nearly 80% want to be able to opt-out of sharing some or all of their health data.
• More than 75% want to opt in before a company uses any of their health data.
• More than 75% want to receive requests before a company uses their health data for a new purpose.

Nearly 60% of patients surveyed said they worried companies would use health data to discriminate against them or their loved ones or exclude them from opportunities to find housing, gain employment and receive benefits.

The AMA is working to ensure that patients have meaningful controls over and a clear understanding of how their data is being used—particularly when it’s shared outside the health care system. The AMA believes that patient data privacy laws must protect trust which is the heart of the patient-physician relationship.

The AMA privacy principles (PDF) outline five key aspects of a national privacy framework—individual rights, equity, entity responsibility, applicability and enforcement. The AMA is encouraging Congress to build strong data privacy legislation upon these principles.

The AMA has a guide (PDF) to help app developers build privacy-forward technologies. The AMA also continues to advocate for near-term app transparency requirements, including app privacy attestations collected by EHRs, that will give patients the transparency they are demanding and bolster individuals’ choice in which apps to use.