美国医院成人患者门户账户相关的安全与隐私风险。

Security and Privacy Risks Associated With Adult Patient Portal Accounts in US Hospitals.

作者信息

Latulipe Celine, Mazumder Syeda Fatema, Wilson Rachel K W, Talton Jennifer W, Bertoni Alain G, Quandt Sara A, Arcury Thomas A, Miller David P

机构信息

Department of Computer Science, University of Manitoba, Winnipeg, Manitoba, Canada.

Department of Software and Information Systems, The University of North Carolina at Charlotte, Charlotte.

出版信息

JAMA Intern Med. 2020 Jun 1;180(6):845-849. doi: 10.1001/jamainternmed.2020.0515.

DOI:10.1001/jamainternmed.2020.0515

PMID:32364562

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC7199170/

Abstract

IMPORTANCE

Patient portals can help caregivers better manage care for patients, but how caregivers access the patient portal could threaten patient security and privacy.

OBJECTIVE

To identify the proportions of hospitals that provide proxy accounts to caregivers of adult patients, endorse password sharing with caregivers, and enable patients to restrict the types of information seen by their caregivers.

DESIGN, SETTING, AND PARTICIPANTS: This national cross-sectional study included a telephone survey and was conducted from May 21, 2018, to December 20, 2018. The randomly selected sample comprised 1 independent hospital and 1 health system-affiliated general medical hospital from every US state and the District of Columbia. Specialty hospitals and those that did not have a patient portal in place were excluded. An interviewer posing as the daughter of an older adult patient called each hospital to ask about the hospital's patient portal practices. The interviewer used a structured questionnaire to obtain information on proxy account availability, password sharing, and patient control of their own information.

MAIN OUTCOMES AND MEASURES

The primary outcome was the proportion of hospitals that provided proxy accounts to caregivers of adult patients. Secondary outcomes were the proportion of hospitals with personnel who endorsed password sharing and the proportion that allowed adult patients to limit the types of information available to caregivers.

RESULTS

After exclusions, a total of 102 (51 health system-affiliated and 51 independent) hospitals were included in the study. Of these hospitals, 69 (68%) provided proxy accounts to caregivers of adult patients and 26 (25%) did not. In 7 of 102 hospitals (7%), the surveyed personnel did not know if proxy accounts were available. In the 94 hospitals asked about password sharing between the patient and caregiver, personnel in 42 hospitals (45%) endorsed the practice. Among hospitals that provided proxy accounts, only 13 of the 69 hospitals (19%) offered controls that enabled patients to restrict the types of information their proxies could see.

CONCLUSIONS AND RELEVANCE

This study found that almost half of surveyed hospital personnel recommended password sharing and that few hospitals enabled patients to limit the types of information seen by those with proxy access. These findings suggest that hospitals and electronic health record (HER) vendors need to improve the availability and setup process of proxy accounts in a way that allows caregivers to care for patients without violating their privacy.

摘要

重要性

患者门户网站有助于医护人员更好地管理患者护理，但医护人员访问患者门户网站的方式可能会威胁患者的安全和隐私。

目的

确定为成年患者的医护人员提供代理账户、认可与医护人员共享密码以及允许患者限制其医护人员可查看信息类型的医院比例。

设计、设置和参与者：这项全国性横断面研究包括一项电话调查，于2018年5月21日至2018年12月20日进行。随机抽取的样本包括来自美国每个州和哥伦比亚特区的1家独立医院和1家隶属于卫生系统的综合医院。专科医院和那些没有患者门户网站的医院被排除在外。一名冒充老年患者女儿的访员致电每家医院，询问该医院的患者门户网站做法。访员使用结构化问卷获取有关代理账户可用性、密码共享以及患者对自身信息控制的信息。

主要结局和衡量指标

主要结局是为成年患者的医护人员提供代理账户的医院比例。次要结局是有人员认可密码共享的医院比例以及允许成年患者限制医护人员可获取信息类型的医院比例。

结果

排除后，共有102家医院（51家隶属于卫生系统，51家独立医院）纳入研究。在这些医院中，69家（68%）为成年患者的医护人员提供代理账户，26家（25%）未提供。在102家医院中的7家（7%），接受调查的人员不知道是否有代理账户。在被问及患者与医护人员之间密码共享情况的94家医院中，42家医院（45%）的人员认可这种做法。在提供代理账户的医院中，69家医院中只有13家（19%）提供了能让患者限制其代理人可查看信息类型的控制措施。