Survey Says: Patients and Employees Agree – No Privacy, No Go

CynergisTek, a leading cybersecurity firm helping more than 1,000 hospitals navigate emerging security and privacy issues, today released survey results highlighting growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was not being properly protected. And as many employers seek to welcome staff back into physical workplaces, nearly half (45 percent) of Americans expressed concerns about keeping personal health information private from their employer.

“With the enactment of key regulations including CCPA and GDPR, we are seeing the convergence of security and privacy come to the forefront at national, state and corporate levels. As healthcare systems and corporations continue to grapple with data challenges associated with COVID-19 – whether that’s more sophisticated, targeted cyber-attacks or the new requirements around interoperability and data sharing, concerns around personal data and consumer awareness of privacy rights will only continue to grow,” said Caleb Barlow, president and CEO of CynergisTek.

Patients Contemplate Cutting Ties Over Privacy

While many still assume personal data is under lock and key, roughly 1 in 5 Americans (18 percent) are beginning to question whether personal health data is being adequately protected by healthcare providers. In fact, nearly half (47.5 percent) stated they were unlikely to use telehealth services again should a breach occur, sounding the alarm for a burgeoning telehealth industry predicted to be worth over $260B by 2026.

While 3 out of 4 Americans still largely trust their data is properly protected by their healthcare provider, tolerance is beginning to wane with the vast majority (67 percent) stating they would change providers if it was found that their data was not properly protected. When drilling deeper into certain age groups and health conditions, the survey also found that:

• Gen X (73 percent) and Millennials (70 percent) proved even less tolerant compared to other demographics when parting ways with their providers due to unprotected health data.
• Nearly two-thirds (66 percent) of Americans living with chronic health conditions stated they would be willing to change up care providers should their data be compromised.

According to Privacy Affairs, 70 percent of Americans were impacted by a healthcare data breach between 2009-2019. A real wake-up call for patients and care providers. In CynergisTek’s Annual Security Report, Moving Forward: Setting the Direction, data shows that health systems who have not invested the time, money and resources to keep pace with the ever-changing threat landscape are falling behind. Of the nearly 300 healthcare facilities assessed, less than one half met National Institute of Standards and Technology (NIST) Cybersecurity Framework guidelines.

Over 1 in 3 Concerned About Sharing COVID-19 Health Data Upon Returning to Work

As pressures mount for returning employees to disclose COVID-19 health status and personal interactions, an increasing conflict between ensuring public health safety and upholding employee privacy is emerging. This is increasingly evident with nearly half (45 percent) stating a preference to keep personal health information private from their employer, shining a light on increased scrutiny among employees with over 1 in 3 expressing concerns about sharing COVID-19 specific health data, e.g. temperature checks. This highlights that office openings may prove more complicated than anticipated.

“The challenges faced by both healthcare providers and employers during this pandemic have seemed insurmountable at times, but the battle surrounding personal health data and privacy is a challenge we must rise to,” said Russell P. Branzell, president and CEO of the College of Healthcare Information Management Executives. “With safety and security top of mind for all, it is imperative that these organizations continue to take the necessary steps to fully protect this sensitive data from end to end, mitigating any looming cyberthreats while creating peace of mind for the individual.”

Beyond unwanted employer access to personal data, the survey found that nearly 60 percent of respondents expressed anxieties around their employer sharing personal health data externally to third parties such as insurance companies and employee benefit providers without consent. A stark contrast to Accenture’s recent survey which found 62 percent of C-suite executives confirmed they were exploring new tools to collect employee data. A reminder to employers to tread lightly when mandating employee health protocols and questionnaires.

“COVID-19 has thrown many curveballs at both healthcare providers and employers, and the privacy and protection of critical patient and employee data must not be ignored,” said David Finn, executive vice president of strategic innovation of CynergisTek. “By getting ahead of the curve and implementing system-wide risk posture assessments and ensuring employee opt-in/opt-out functions when it comes to sharing personal data, these organizations can help limit these privacy and security risks.”

Survey Methodology

CynergisTek’s survey was conducted between June 24-26 2020, and includes 5,005 U.S. adults, ages 18+.

About CynergisTek

CynergisTek is a top-ranked cybersecurity firm dedicated to serving the information assurance needs of the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations. The company has been recognized by KLAS as a top-performing firm in healthcare cybersecurity and was awarded the 2019 Top Healthcare Cybersecurity Consultants in Black Book IT Advisory Outcomes Survey.

Forward-Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek that can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “may” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including uncertainties relating to product/service development, long and uncertain sales cycles, the ability to obtain or maintain patent or other proprietary intellectual property protection, market acceptance, future capital requirements, competition from other providers, the ability of our vendors to continue supplying the company with equipment, parts, supplies and services at comparable terms and prices and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in our Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.

View source version on businesswire.com: https://www.businesswire.com/news/home/20200924005138/en/