Application security, Privacy

Patients want greater control over health data sharing, AMA survey shows

A pharmacy technician counts pills to fill a prescription.
Patients want the option to opt in or out of their medical data being shared with third parties, a new American Medical Association survey shows. (Air Force)

After the fall of Roe v. Wade, the majority of patients have grown increasingly concerned about their health data privacy and how providers handle their personal information. A new American Medical Association confirms patients want providers to give them the option to opt-out or into data sharing.

The data was compiled from a survey of 1,000 patients, which found nearly 80% of patients want the ability to opt out of sharing some or all of their health data with third parties. Another 75% want the option to opt-in to data sharing before a company uses their health data at all.

And over 75% of patients would prefer to receive a request from a company to use their health data for a new purpose, ahead of the event.

The survey confirms multiple congressional warnings to tech giants and health app developers into data sharing of health information and location tracking in the wake of the Dobbs ruling. While Congress has launched several inquiries and proposed new bills to target these risks, such as banning the sale of health information to data brokers, these measures will take time.

For healthcare providers, the survey and concerns should signal the need for greater transparency into data sharing practices, as well as education for patients into how health apps currently handle consumer health data — and ongoing issues that put patient privacy at stake.

Multiple reports in recent years and several regulatory actions highlight health app privacy risks and the common practice for most health apps to routinely share consumer health data with third parties, such as data brokers, without transparency into the practice.

While most patients trust that providers are committed to patient privacy protections, AMA President Jack Resneck Jr., M.D., explained that many digital health technologies "lack even basic privacy safeguards" to have honest health discussions.

“Most health apps are either unregulated or underregulated,” Resneck, said in a statement. “Patient confidence in data privacy is undermined as technology companies and data brokers gain access to indelible health data without patient knowledge or consent and share this information with third parties, including law enforcement.”

In fact, providers and hospitals are most trusted with personal health data. On the other hand, the survey found social media sites, employers and tech companies were the least trusted.

Health and data privacy seen as a right

The overwhelming majority of patients (92%) believe data privacy is a right and that health data shouldn’t be available for purchase. Another 75% of patients are concerned about privacy protections. Just 20% of patients said they knew the scope of which companies and individuals have access to their data.

In response, the vast majority of patients believe Congress, regulators, and relevant entities should be held accountable and required to be transparent into how health data is used. Most patients want companies to be held legally accountable for health data uses, and want health app developers to be transparent about data sharing practices.

Further, 88% of patients want their providers and hospitals to be able to review apps for privacy and security measures, particularly before the health apps gain access to consumer health data. As it stands, federal regulations bar providers and electronic health record (EHR) systems from conducting privacy and security reviews.

AMA reiterated its support for patients to have meaningful control over their data and a clear understanding into how their health data is used, calling again for a national privacy framework to tackle these systemic issues and advocating for near-term app transparency requirements.

More near- and long-term policy initiatives, as well as robust federal and state enforcement, is needed to address these concerns and risks.

Resneck added: “More must be done by policymakers and developers to protect patients’ health information.”

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.