aOne health system–affiliated hospital and 1 independent hospital were randomly selected from each state and the District of Columbia. Ineligible or excluded hospitals were replaced with the next randomly selected hospital within the same stratum.
eAppendix. Phone Interview Script
Customize your JAMA Network experience by selecting one or more topics from the list below.
Identify all potential conflicts of interest that might be relevant to your comment.
Conflicts of interest comprise financial interests, activities, and relationships within the past 3 years including but not limited to employment, affiliation, grants or funding, consultancies, honoraria or payment, speaker's bureaus, stock ownership or options, expert testimony, royalties, donation of medical equipment, or patents planned, pending, or issued.
Err on the side of full disclosure.
If you have no conflicts of interest, check "No potential conflicts of interest" in the box below. The information will be posted with your response.
Not all submitted comments are published. Please see our commenting policy for details.
Latulipe C, Mazumder SF, Wilson RKW, et al. Security and Privacy Risks Associated With Adult Patient Portal Accounts in US Hospitals. JAMA Intern Med. Published online May 04, 2020. doi:10.1001/jamainternmed.2020.0515
Do hospitals allow caregivers to access patient portals in a manner that protects security and privacy?
In this cross-sectional study of 102 US hospitals, 68% of hospitals in the sample offered proxy accounts to caregivers of adult patients, 45% of the hospital personnel surveyed endorsed sharing of login credentials, and 19% of hospitals that provided proxy accounts enabled patients to limit the types of information seen by their caregivers.
Findings of this study suggest that hospitals and electronic health record vendors should work together to improve the availability and setup of proxy accounts not only to facilitate caregiver access but also to protect the privacy and security of patient health information.
Patient portals can help caregivers better manage care for patients, but how caregivers access the patient portal could threaten patient security and privacy.
To identify the proportions of hospitals that provide proxy accounts to caregivers of adult patients, endorse password sharing with caregivers, and enable patients to restrict the types of information seen by their caregivers.
Design, Setting, and Participants
This national cross-sectional study included a telephone survey and was conducted from May 21, 2018, to December 20, 2018. The randomly selected sample comprised 1 independent hospital and 1 health system–affiliated general medical hospital from every US state and the District of Columbia. Specialty hospitals and those that did not have a patient portal in place were excluded. An interviewer posing as the daughter of an older adult patient called each hospital to ask about the hospital’s patient portal practices. The interviewer used a structured questionnaire to obtain information on proxy account availability, password sharing, and patient control of their own information.
Main Outcomes and Measures
The primary outcome was the proportion of hospitals that provided proxy accounts to caregivers of adult patients. Secondary outcomes were the proportion of hospitals with personnel who endorsed password sharing and the proportion that allowed adult patients to limit the types of information available to caregivers.
After exclusions, a total of 102 (51 health system–affiliated and 51 independent) hospitals were included in the study. Of these hospitals, 69 (68%) provided proxy accounts to caregivers of adult patients and 26 (25%) did not. In 7 of 102 hospitals (7%), the surveyed personnel did not know if proxy accounts were available. In the 94 hospitals asked about password sharing between the patient and caregiver, personnel in 42 hospitals (45%) endorsed the practice. Among hospitals that provided proxy accounts, only 13 of the 69 hospitals (19%) offered controls that enabled patients to restrict the types of information their proxies could see.
Conclusions and Relevance
This study found that almost half of surveyed hospital personnel recommended password sharing and that few hospitals enabled patients to limit the types of information seen by those with proxy access. These findings suggest that hospitals and electronic health record (HER) vendors need to improve the availability and setup process of proxy accounts in a way that allows caregivers to care for patients without violating their privacy.
According to an American Hospital Association survey, 95% of US hospitals have a patient portal, a web-based or smartphone application that lets patients access their medical data and perform other tasks such as scheduling appointments or requesting prescription refills.1 Patient portals may be particularly helpful for older adults who are prone to recurring health issues.2,3 However, older adults are often uncomfortable using patient portals because they lack technology access and have complex health issues that interfere with their ability to learn or use new systems.4-6
Approximately 40 million people in the United States serve as caregivers, defined as those who assist patients with health management and daily living tasks.7 Giving caregivers access to the patient portals of those they are helping can improve their care.8-11 In a 2011 survey, 79% of respondents wanted to be able to share access to their patient portal with their caregivers; in almost half of those cases, the caregiver did not live with the patient.12
Some hospitals allow patients to authorize access to their portal through a proxy account, which enables caregivers to log in with their own credentials. However, caregivers commonly access these portals using the patients’ portal credentials, either because proxy accounts are unavailable or because sharing credentials is viewed as the easier option.13,14 Sharing credentials can lead to multiple data security and privacy problems, including revealing more information than the patient intended, and to health care practitioner confusion and mistakes if they do not know with whom they are communicating.14,15
The proportion of hospitals that provide proxy access to patient portal accounts is unknown. One study reviewed the websites of 20 large health systems and found that 90% of hospitals allowed adult patients to authorize proxy accounts for their caregivers; however, only 3 different electronic health record (EHR) systems were represented in this sample.16 The present study was prompted by one of us encountering a hospital with no proxy access that suggested patients share their login credentials with caregivers to provide access to the patients’ information. We aimed to investigate the proportion of hospitals that did not provide proxy accounts, endorsed password sharing between users of the portal, or did not allow patients to limit the information seen by caregivers, thus unintentionally threatening patient privacy. We examined the availability, setup, and privacy limits of adult proxy accounts in randomly selected hospitals across the United States.
This cross-sectional study, involving a telephone interview, was conducted from May 21, 2018, to December 20, 2018. The study, which included the use of deception, was approved by the Wake Forest School of Medicine Institutional Review Board. Informed consent was waived because institutions were considered the study participants and obtaining informed consent would likely lead to social desirability bias.
Approximately half of US physicians are employed by a hospital or medical group, and the percentage of independent physicians decreases yearly.17 Therefore, we surveyed hospitals, given that they typically operate numerous outpatient practices. Because patient portal access policies could vary by geographic region or by organizational structure, we aimed to survey 1 independent hospital and 1 health system–affiliated hospital from every US state and the District of Columbia. We used the 2016 American Hospital Association Annual Survey Database to generate a list of all hospitals stratified by ownership (either health system–affiliated or independent). From this data set, we used stratified simple random sampling to select 1 health system–affiliated hospital and 1 independent hospital from each state and the District of Columbia. We excluded specialty hospitals (ascertained from the hospital website review) and those that did not have a patient portal (ascertained from the telephone interviews). Excluded hospitals were replaced with another randomly selected hospital within the same stratum. Health systems that spanned multiple states were included only once in the sample. We used REDCap (Research Electronic Data Capture; Vanderbilt University) to gather and store information from our website investigations and telephone interviews.18
One of us (R.K.W.W.) or another female data collector contacted personnel at each randomly selected hospital by telephone between May 21, 2018, and December 20, 2018. We called the patient portal technical support or general information telephone number listed on the website. Each hospital was called until a staff member was reached for the interview. After a minimum of 5 calls without making contact with personnel, we excluded the hospital and replaced it with another randomly selected hospital.
A standardized interview script was developed to investigate how hospitals advised caregivers to access the patient’s portal information (eAppendix in the Supplement). The interviewer pretended to be seeking information on behalf of her mother, who was going to be moving to the hospital’s region. The script was pilot tested on several hospitals (not included in the sample) and then revised.
The interviewer first asked personnel, usually either an information technology support staff member or a medical records employee, whether the hospital had a patient portal in place. The interviewer then asked if she could create her own account that would allow her to see her mother’s information to help manage her care. If the hospital provided proxy accounts, the interviewer inquired about the setup process. The interviewer then asked, “Wouldn’t it just be easier for my mother to share her password?” and recorded whether the staff member agreed, was noncommittal, or discouraged her from using her mother’s login credentials. After stating that her mother was private about some of her patient information, the interviewer asked whether her mother could limit the types of information available on the portal, such as only upcoming appointments.
If the hospital did not provide proxy accounts, the interviewer asked the staff member, “How can I get access to my mother’s upcoming appointments and medications if I can't create my own account?” The interviewer recorded whether personnel recommended she use her mother’s password.
Descriptive statistics (count and percentage) were calculated for variables of interest. We used χ2 tests to examine the associations between hospital type and the outcomes of interest as well as between proxy access and password sharing. Logistic regression was performed to examine the association between hospital type and password sharing, adjusting for proxy access. All analyses were performed from December 2018 to August 2019, using SAS, version 9.4 (SAS Institute). Two-sided P < .05 was considered statistically significant.
In total, the websites of 155 randomly selected hospitals were reviewed (Figure). Of these hospitals 70 (45%) were health system–affiliated and 85 (55%) were independent. Forty-five hospitals were excluded for not being general medical hospitals. The remaining 110 hospitals (55 health system–affiliated and 55 independent) were contacted, and an additional 8 were excluded. The final sample of 102 eligible hospitals (66% of the original 155 reviewed; 51 health system–affiliated and 51 independent) consisted of 1 health system–affiliated hospital and 1 independent hospital from each state and the District of Columbia.
In this sample, 69 of 102 hospitals (68%) offered proxy accounts to caregivers of adult patients and 26 (25%) did not. For the remaining 7 hospitals (7%), the personnel were unsure whether proxy access to patient portals was available. Hospitals that were part of a larger health system were more likely than independent hospitals to offer proxy accounts (41 of 51 [80%] vs 28 of 51 [55%]; P = .006).
Among the 69 hospitals that provided proxy accounts to caregivers of adults, only 13 (19%) allowed patients to limit the types of information seen by their proxies. More independent hospitals than system-affiliated hospitals offered information limits for proxy accounts, but the difference was not statistically significant (8 of 28 [29%] vs 5 of 41 [12%]; P = .09).
For the 69 hospitals that provided proxy accounts, the setup processes varied considerably. Overall, 21 of these hospitals (30%) required the patient and the proxy to be physically present at one of their facilities while the account was created. Another 20 hospitals (29%) expected the patient to set up the proxy account while onsite but did not require the proxy to be present. The remaining 28 hospitals (41%) approved starting the account setup from home, either by filling in and mailing a paper application or by completing an online form.
Of the 102 hospital personnel we contacted, 94 (92%) were asked about password sharing; 42 of the 94 personnel (45%) recommended that the interviewer ask her mother to share her login credentials. Approximately one-quarter (23 [24%]) were noncommittal about the best way for the interviewer to access her mother’s patient portal, neither recommending nor advising against password sharing. Only 29 staff members (31%) actively discouraged sharing login credentials. Furthermore, personnel of 19 of 25 hospitals that did not provide proxy accounts (76%) advised password sharing compared with only 23 of 69 hospitals with proxy accounts (33%; P < .001) (Table). Independent hospitals were more likely than system-affiliated hospitals to endorse password sharing (29 of 47 [62%] vs 13 of 47 [28%]; P = .002). This association remained even after adjusting for the availability of proxy access (odds ratio, 3.1; 95% CI, 1.2-7.8; P = .02).
In this sample of randomly selected hospitals drawn from every US state and the District of Columbia, almost half of the hospital personnel recommended that patients share passwords with their caregivers, either because doing so was easier than creating a proxy account or because proxy accounts were not available. However, sharing login credentials has been associated with enormous security risks because people often reuse their passwords for different accounts, such as online banking or social media.19,20 Furthermore, advising patients to share passwords could violate the Health Insurance Portability and Accountability Act Security Rule, which requires health systems to grant unique credentials to each user of an EHR system.21 Although we acknowledge that the responses of the personnel we surveyed may not reflect their respective hospital’s stated policies, at a minimum our findings indicate a need for rigorous training in proper security practices.
Although 68% of the hospitals we surveyed allowed proxy access, simply permitting proxy accounts is insufficient if the process for creating them is cumbersome. This finding is similar to results of other studies that have reported a substantial variation in the setup process, ranging from being created online to requiring an in-person visit.13 The setup process can also be complex. A recent usability study of 23 patients with chronic illness showed that almost none of them could establish a proxy account from within the patient portal.22 These barriers may explain why half of the caregivers in a large health system reported using the patient’s login credentials rather than creating a proxy account.10
Parallels can be seen between proxy accounts for caregivers of adults and proxy accounts for parents of children and adolescents. In a recent report, all 20 hospitals surveyed provided proxy access to parents of juvenile patients,16 but not all of these hospitals provided proxy access to caregivers of older adults. This finding suggests that the lack of proxy access to adult portals is associated with factors other than the technical limitations of EHR systems. Similarly, adolescent patients may have greater privacy protections compared with adult patients. Parents frequently have limited access to information in their child’s electronic record.23-25 In contrast, the present study found that only 19% of hospitals with proxy accounts gave adult patients the capability to limit the types of information shared with their caregivers. A study found that many patients were unaware of the full extent of information available on their portals11; furthermore, family members who served as caregivers noted that proxy accounts could divulge information that their loved one had previously withheld from them.26
Although this study highlighted the unintentional privacy risks of caregiver access to patient portals, eliminating all caregiver access would be a grave mistake. Research has demonstrated that caregiver access to patient portals can substantially improve the patient’s care,8-11 and thus caregiver access should be encouraged. We recommend that hospitals and EHR vendors work to expand the availability of secure proxy accounts and to simplify the setup process.
This study has some limitations. First, because we stratified the hospital sample according to ownership, whether independent or system-affiliated, the results are reflective of practices within these strata but are not nationally representative overall. Second, the results reflect the knowledge of the patient portal support staff member who answered our survey questions and may not reflect the hospital’s official policies.
This cross-sectional study found that almost half of surveyed hospital personnel appeared to endorse password sharing for accessing patient portal accounts and that few hospitals that allowed proxy access to those portals enabled patients to limit the types of information shared with their caregivers. Because caregiver access to patient portal accounts can improve care, this research demonstrated the need for hospitals and EHR vendors to improve the availability and setup process of proxy accounts, which would enable caregivers to access relevant health information without violating patient privacy.
Accepted for Publication: February 5, 2020.
Corresponding Author: Celine Latulipe, PhD, University of Manitoba, E2 - Chancellor's Circle, Winnipeg, MB R3T 2N2, Canada (email@example.com).
Published Online: May 4, 2020. doi:10.1001/jamainternmed.2020.0515
Author Contributions: Ms Talton and Dr Miller had full access to all of the data in the study and take responsibility for the integrity of the data and the accuracy of the data analysis.
Concept and design: Latulipe, Bertoni, Arcury, Miller.
Acquisition, analysis, or interpretation of data: Latulipe, Mazumder, Wilson, Talton, Quandt, Miller.
Drafting of the manuscript: Latulipe, Mazumder, Wilson, Talton, Miller.
Critical revision of the manuscript for important intellectual content: Latulipe, Mazumder, Bertoni, Quandt, Arcury, Miller.
Statistical analysis: Talton, Miller.
Obtained funding: Arcury.
Administrative, technical, or material support: Latulipe, Wilson, Bertoni, Arcury, Miller.
Supervision: Latulipe, Miller.
Other - Data collection: Mazumder.
Funding/Support: This research was supported by grant R01 HS021679 from the Agency for Healthcare Research and Quality (Dr Bertoni). This study benefited from use of the Study Coordinator Pool of the Wake Forest Clinical and Translational Science Institute, which is supported by the National Center for Advancing Translational Sciences National Institutes of Health through grant award number UL1TR001420.
Role of the Funder/Sponsor: The funder had no role in the design and conduct of the study; collection, management, analysis, and interpretation of the data; preparation, review, or approval of the manuscript; and decision to submit the manuscript for publication.
Conflict of Interest Disclosures: Drs Talton, Quandt, Arcury, and Miller reported receiving grants from the Agency for Healthcare Reseach and Quality during the conduct of the study. No other disclosures were reported.
Create a personal account or sign in to: