A survey of 1,001 patients has resulted in 87% agreeing that managers of NHS should be sacked or fined if there was a serious data breach, assuming they knew there was a risk but failed to act. Based on events over the past couple of years, I imagine that instances where disk encryption software is used on laptops with sensitive data would protect NHS managers if such policy were to pass.
The survey, by FairWarning Inc., showed the following findings (businesswire.com):
87.1% – NHS chief executives and senior management should be fired or fined for a serious data breach if they knew the risks were there. Only 1.3% disagree.
73.3% – Feel that better enforcement of rules and regulations would cut security breaches.
62.1% – Approve national league tables to show the best and worst hospitals for data security – only 9.7% disapprove. These would be something akin to the U.S.A.’s HIPAA “Wall of Shame” except much more “customer-oriented.” Currently, the HIPAA listing can be accessed if one’s interested, but one needs to put some effort into gleaning useful information out of it.
86.5% – think that a serious breach of personal data would do severe or considerable damage to a hospital’s reputation.
87.2% – strongly or somewhat agree that the NHS should monitor who looks at their files.
The fourth statistic is an interesting one because the survey also polled how far patients would travel to seek treatment “due to privacy concerns”: 45.1% would travel outside of their community. FairWarning’s report has a chart of, and that 45.1% appears to break down thusly:
Up to 10 miles – 33%
20 miles – 30%
30 miles – 19%
40 miles – 6%
50 miles – 4%
More than 50 miles – 8%
4% Already had Medical Records Breached
41 UK respondents (about 4%) said they had already been involved in a medical data breach. Of those, 70.7% were satisfied with how the healthcare provider had resolved the issue.
Regardless, it appears that the data breaches are having an impact on patient behavior. 53.6% of those surveyed “have, or would, withhold information about a sensitive personal medical matter from a healthcare provider with a poor record of protecting patient privacy.” On reading the actual survey’s findings, I have found references to “would withhold information” only, with no trace of the “have” component.
It would be even more interesting to see the breakdown to see how many have actually done so vs. thinking of doing so. Personally, I don’t think those two should be combined.
For comparison purposes, the report shows that only 27.1% of US patients would withhold information if a healthcare provider had a history of poor data protection.
Surprisingly, 75.5% of the respondents approved of electronic records. Surprising, since it seems that going digital is what is what has brought on this torrent of patient data breaches.
On the other hand, one must also admit that paper records are much harder to protect in some ways. For example, it’s impossible to track who accessed which file if dealing with a paper document. Likewise, it’s nearly impossible to know whether a patient’s file is missing or not from a shelf full of documents. And, digital records can be secured with encryption software, there is no practical equivalent for your average paper document.
Related Articles and Sites: