Security and privacy risks with patient portal accounts in US hospitals
A research team working with Dr. Celine Latulipe in the UM Faculty of Science has found that many American hospitals may be inviting privacy violations by allowing password sharing between patients and their care providers. Latulipe, formerly at the University of North Carolina at Charlotte, is now in the UM department of computer science.
In a paper published this week in the Journal of the American Medical Association – Internal Medicine, Latulipe and her colleagues found that the lack of caregiver proxy accounts or lack of use of proxy accounts on patient portals could lead to serious privacy and security issues.
Patient portals are very common in the USA, in as many as 95 per cent of all hospitals. They allow patients to log in and see their test results, visit summaries, email doctors, schedule appointments, renew prescriptions, and pay medical bills. Such portals are helpful for older patients who have recurring health issues, because they make it easier to proactively manage their healthcare from home, without having to chase healthcare providers down by phone. But caregivers are not always considered in the design of these portals.
Latulipe explains: “We approached hospital staff at 102 hospitals across the US using a ‘secret shopper’ approach where an interviewer pretended to be a middle-aged woman whose elderly mother was moving to the area and looking for a hospital that provided an external patient portal. The interviewer then asked if she could get an account to help manage her mother’s health, and if so, how that would work, and if not, how she could get access to her mother’s lab results and other information.”
The researchers were startled to find that 45 per cent of the hospital staff contacted recommended that the elderly mother share her confidential patient portal username and password with the daughter, in violation of the hospitals’ own terms of service for portal usage. This password sharing practice opens up a huge host of privacy and security issues and is likely a violation of the American Health Insurance Portability and Accountability Act.
Caregivers using a patient’s password can see everything in the medical record, including things the patient might not want the caregiver to know, such as past diagnoses of stigmatized illnesses, substance abuse or reproductive health decisions. Also, because password re-use is common across systems, a caregiver with a patient’s portal password may have access to the patient’s online banking.
Latulipe says that during the current pandemic, this is of concern. “With COVID-19 and shelter-in-place orders, many people are turning to online systems for things like healthcare and banking, where they would have gone in person before. Older adults are relying on their caregivers to help them navigate these electronic systems and may feel they have no choice but to share passwords, opening up higher risk of fraud and undesired information disclosures.”
Almost 68 per cent of the institutions surveyed allowed proxy access for caregivers, which gives caregivers their own login credentials, but proxy account setup processes are not always user friendly and often require an in person visit. This is clearly a problem, especially during the COVID-19 pandemic.
Latulipe explains: “In the USA, patients should be able to access COVID-19 results through their patient portal. Releasing results online cuts down on the amount of human labour involved in contacting people with test results. Then patients can have e-visits with doctors and communicate with doctors through the patient portals about whatever COVID-19 treatment is required, such as when it’s necessary to go to the hospital. However, older patients will likely rely on their caregivers to manage the interaction through the patient portal, and especially during social distancing, this means they will probably do this by sharing their portal passwords.”
The researchers recommended that hospitals provide proxy accounts with easy setup, that proxy accounts default to very limited information access (not the full medical record), and that staff are trained to actively discourage password sharing for patient portals.
In Canada, patient portals are just starting to be introduced, such as the one announced last week by Shared Health Manitoba that will allow people tested for COVID-19 to get their results online.