CHICAGO — A new examination of patient perspectives on data privacy illustrates unresolved tension over the eroding security and confidentiality of personal health information in a wired society and economy. More than 92% of patients believe privacy is a right and their health data should not be available for purchase, according to a survey (PDF) released today by the American Medical Association (AMA).

The survey of 1,000 patients was conducted by Savvy Cooperative, a patient-owned source of health care insights, at the beginning of 2022 and found concern over data privacy protections and confusion regarding who can access personal health information. Nearly 75% of patients expressed concern about protecting the privacy of personal health data, and only 20% of patients indicated they knew the scope of companies and individuals with access to their data. This concern is magnified with the U.S. Supreme Court ruling in Dobbs v. Jackson Women’s Health Organization as the lack of data privacy could place patients and physicians in legal peril in states that restrict reproductive health services.

The survey indicated patients are most comfortable with physicians and hospitals having access to personal health data, and least comfortable with social media sites, employers and technology companies having access to the same data.

“Patients trust that physicians are committed to protecting patient privacy—a crucial element for honest health discussions,” said AMA President Jack Resneck Jr., M.D. “Many digital health technologies, however, lack even basic privacy safeguards. More must be done by policymakers and developers to protect patients’ health information. Most health apps are either unregulated or underregulated, requiring near and long-term policy initiatives and robust enforcement by federal and state regulators. Patient confidence in data privacy is undermined as technology companies and data brokers gain access to indelible health data without patient knowledge or consent and share this information with third parties, including law enforcement.”

The survey found an overwhelming percentage of patients demand accountability, transparency, and control as it relates to health data privacy. More than nine out of ten (94%) patients want companies to be held legally accountable for uses of their health data. A similar majority of patients (93%) want health application (app) developers to be transparent about how their products use and share personal health data. To prevent unwanted access and use of personal health data, patients want control over what companies collected about them and how it is used:

• Almost 80% of patients want to be able to opt-out of sharing some or all their health data with companies.
• More than 75% of patients want to opt-in before a company uses any of their health data.
• More than 75% of patients want to receive requests prior to a company using their health data for a new purpose

Patients worry about the repercussions of little or no control over the use and sharing of personal health data that companies have collected. About three out of five patients (59%) expressed concern with personal health data being used against them or their loved ones. Most patients stated they are “very” or “extremely” concerned about discriminatory uses of personal health data to exclude them from insurance coverage (64%), employment (56%), or opportunities for health care (59%). More than half of Hispanic/Latinx and American Indian or Alaskan Natives stated they are “highly” concerned about discriminatory uses of personal health data and two-thirds (66%) of transgender individuals stated they are “extremely” concerned.

Patients also want physicians and their hospitals to have the technology and capability to review apps for privacy and security protections. Nearly nine out of ten (88%) patients believe that their doctor or hospital should have the ability to review and verify the security of health apps before those apps gain access to their health data. Unfortunately, federal regulations prevent providers and even electronic health record (EHR) systems from conducting necessary privacy and security reviews of apps.

Strong regulations are needed to support patients’ right to data privacy and restore trust in data exchange that facilitates accessible, equitable, and personalized care. Patients must have meaningful control and a clear understanding of how their data is being used and with whom it is being shared. The AMA’s Privacy Principles (PDF) outline five key aspects of a national privacy framework—individual rights, equity, entity responsibility, applicability, and enforcement. The AMA has also developed a guide (PDF) to help app developers build privacy-forward technologies. The AMA continues to advocate for near-term app transparency requirements, including app privacy attestations collected by EHRs, that will increase transparency and bolster individuals’ choice in which apps to use. As Congress continues discussions around federal privacy legislation, the AMA seeks to ensure that resulting privacy law protects the sacred trust at the heart of the physician-patient relationship.