Consumer Forgiveness for Breaches Varies, Survey Finds

This is the third installment of the Journal of AHIMA’s special series for Privacy and Security Month at AHIMA.


A majority of consumers are likely to consider switching providers in the event that their health records are breached due to negligence by their provider’s office staff, results of a new survey suggest.

The survey, which also evaluated patients’ habits around reviewing their provider’s Notice of Privacy Practices (NPPs) documents, found that consumers are more forgiving about privacy breaches if an incident was caused by a hack attack or by an external source.

According to the survey, released by the company Software Advice, the likelihood of a consumer switching providers depends considerably on the type of breach. For example, “a combined 69 percent of patients say they would be ‘extremely’ or ‘moderately likely’ to change providers if staff misconduct were to blame for a breach, compared to just 45 percent who say the same if a cyberattack were the cause,” the authors wrote.

“You could almost infer sympathy,” said Stephen Cobb, a senior security researcher at the information technology firm ESET in an analysis of the report. “Health care providers get something of a break when it comes to cyberattacks. [Security] issues involving staff and theft register more strongly among patients.”

Despite expressing deep concern about the privacy of their records, most patients don’t take the time to read up on their HIPAA-protected rights, the report finds. HIPAA requires providers to give patients the NPP, which explains how a provider may use a patient’s information. According to the survey, however, 44 percent of respondents “rarely or never” read the forms before signing them, 32 percent reported they “sometimes” read the forms before signing, and only 8 percent “always” read the documents.

Click here for the full analysis from the EHR research firm Software Advice.

Mary Butler is the associate editor at The Journal of AHIMA.

Submit a Comment

Your email address will not be published. Required fields are marked *