April 2, 1999

The unstoppable march of technology into every phase of life has left a majority of Americans very troubled about the effectiveness of safeguards that are supposed to protect the confidentiality of their medical records.

Although Americans are especially apprehensive about the fate of medical records that are processed and stored by insurance plans, they harbor even more fear that clever computer hackers can too easily gain access to and distribute the contents of these records.

These were among the findings of a survey of Americans' attitudes toward medical record privacy released in late January that clearly highlights some of the anxieties with which Americans live regarding the price they pay to live in the computer age.

Princeton Survey Research Associates conducted the survey of 1,100 Californians and 1,000 other Americans for the California HealthCare Foundation. The results were presented at a January 28 conference in Oakland, Calif., sponsored by the foundation and Consumers Union, publisher of Consumer Reports magazine.

About 54 percent of Americans surveyed identified the switch from paper to computerized records as the most serious threat to the confidentiality of their personal medical data. Two percent fewer Californians agreed with this statement, perhaps reflecting more and longer familiarity with computer use and greater knowledge about the effectiveness of software safeguards.

What troubles both groups of respondents more than the possibility of a health care provider or insurance company passing their records along to unauthorized persons, however, are opportunities for electronic piracy by hackers who tap into supposedly secure computer systems. Even the Pentagon has had to endure break-ins into some of its most sensitive computer files despite multiple layers of security. While 55 percent of respondents worry about such piracy, just 30 percent extend the same level of concern about confidentiality breaches from their physicians' offices or insurance plans. Californians express more anxiety about threats from computer hackers than do other Americans.

A substantial number of Americans are aware that their records are accessible by health care providers and insurance company personnel, but they balk at granting permission for other people or entities to gain access to their medical data, even if it is purportedly for the patients' own benefit. The only exception a majority would allow is for government or academic researchers conducting health studies, the survey found.

As for hospitals that might want to use medical information to contact individuals about prevention programs, employers evaluating them for a new job, or a health insurance company that might offer them lower premiums, between 50 percent and 60 percent of respondents would prohibit such uses of their medical data.

Seven out of 10 respondents would bar access to their medical records by drug companies that want to identify potential users of new drugs. This marketing tactic has caused so much anger in some locales that states are beginning to enact statutes banning the practice.

There is also a wide gap between the degree to which the public trusts doctors and hospitals to protect the confidentiality of their medical records and the trust they place in both private and public insurance plans to do so. About 60 percent have confidence in the ability of their physician or hospital to maintain medical record privacy, but only about one-third of respondents trust their health insurance company or the federal government to meet that same standard.

Perhaps anxiety over unauthorized disclosure of personal medical data is not expressed by an even greater percentage of Americans because so few believe that they have actually been victimized by such a violation. Fewer than one in five respondents (18 percent) reported having reason to think that a provider, insurer, or government agency improperly disclosed personal medical information. Twenty percent of Californians believe their medical data have been released inappropriately.

About half of the respondents who said they were the victims of unauthorized medical confidentiality breaches claimed that they were embarrassed or harmed by the violation.

Troubling to those who seek or provide psychiatric care was the finding that patients who have used mental health services are the most likely to have been harmed by these privacy violations. The study found that 14 percent of Californians and 13 percent of other Americans say they have suffered as a result of these disclosures.

Americans have implemented few changes in their health care interactions to protect themselves from privacy breaches, according to the report; between 15 percent and 18 percent have done so. These steps include foregoing care to avoid disclosure to their employer, paying out of pocket for care, changing physicians, or giving their physician incomplete information about their medical problems. Not surprising, far more individuals who have experienced harm because of a privacy violation-44 percent of Californians and 38 percent of other U.S. adults-have resorted to these strategies.

"The public understands that the world is changing," commented Larry Hugick, senior project director for Princeton Survey Research Associates. "Yet this. . .survey shows that people are more cautious about [making] changes in important areas of their lives such as health care."

The survey's sponsor, the California HealthCare Foundation, was established in 1996 as a result of the conversion of Blue Cross of California from a nonprofit organization to the for-profit entity known as WellPoint Health Networks. The foundation holds a majority of WellPoint stock and makes grants throughout California.

The results of the California HealthCare Foundation survey are posted on the Internet at www.chcf.org/press/.