The research comes against the backdrop of the Information Commissioner's Office revealing in the spring of 2010 that a third of the regulator's data breach reports come from the National Health Service, Infosecurity notes.
The survey – which took in responses from 1,001 respondents – found that patients believe hospital chief executives and top managers should be held accountable for healthcare privacy protection and breaches.
According to FairWarning – a medical records audit and compliance technology firm – with patients now being given more choice, which in itself requires sharing of information, and the drive for creating national electronic health records (EHRs), the issue around protecting patient privacy has become critical.
Researchers found that some patients actually postpone seeking treatment owing to confidentiality concerns which, as you might expect, creates a situation that could have a direct impact on people’s health.
One of the most interesting conclusions from the survey was that a segment of respondents fundamentally trust care providers to do the right things with regard to privacy, but react quite emotionally when surprised by a privacy violation.
According to the report, the survey showed clear variations in views and opinions between respondents in England, Scotland and Wales and within different English regions.
“With the devolved nature of the NHS between the home nations, and the increasing autonomy of English healthcare providers, further research would be beneficial in most geographical areas in order to identify concerns and to ensure confidence in local hospitals”, the report noted.
The survey also revealed that confidentiality concerns could have a direct impact on people’s health. Nearly four in 10 said they have, or would, put off seeking treatment, and well over half, have or would withhold information from clinicians, if a hospital had a poor reputation for security.
Many respondents stated that they would travel substantial distances (37% would go 30 miles or more) to avoid being treated at a hospital they did not trust, in order to keep sensitive information confidential.
Kurt Long, FairWarning's founder and CEO, said that modern patient care is very much information-based.
“Any obstacle to the free flow of information between care providers and patients, such as those caused by privacy concerns, can prevent patients from receiving the best possible care. Patients across the UK have enormous faith in the NHS, but this survey reveals that more needs to be done for medical information to be shared and exchanged securely, and so to ensure the best patient outcomes”, he explained.
Researchers found that 87.1% if respondents agreed that chief executives and senior management should be sacked or fined if they were aware of risks but failed to act and there is a serious breach. Just 1.3% disagree with this suggested assertion.
73.3%, meanwhile, said they felt that better enforcement of rules and regulations would cut security breaches, while 62.1% approve of having national league tables to show the best and worst hospitals for data security – only 9.7% disapprove.
Delving further into the report reveals that 86.5% of respondents think that a serious breach of personal data would do severe or considerable damage to a hospital’s reputation, with 87.2% strongly – or somewhat – agreeing that the NHS should monitor who looks at their files.
Over 61% of respondents, meanwhile, said they are very – or somewhat – worried that their identity could be used to commit fraud or used by criminals to target them, their family or home; 53.6% said they have (or would) withhold information about a sensitive personal medical matter from a healthcare provider with a poor record of protecting patient privacy.
All of the analysis is not theoretical, however, as total of 41 UK respondents (over 4%) claimed their medical records had already been breached. Some had information used against them in legal actions, had their identities stolen and suffered financially. However, 75.5% of UK patients said they value electronic records as a way for clinicians to share information and keep it up-to-date.