Survey: Half of Americans Concerned That Electronic Health Records Will Negatively Impact Privacy

CDW Healthcare, part of the public sector subsidiary of CDW LLC, recently announced the results of a national survey on patient perceptions of electronic health records (EHRs) and the security of personal health information (PHI).

The report, “Elevated Heart Rates:  EHR and IT Security,” found that while patients trust their doctors to protect their information, 49 percent believe that EHRs will have a negative impact on the privacy of their PHI and health data.

As healthcare organizations transition to EHRs, they will be responsible for maintaining and protecting a significant amount of personal data electronically.  According to the survey, patients not only require that PHI be held securely, but also believe that healthcare organizations are responsible for protecting financial information (86 percent), personally identifiable information (93 percent) and any information provided about a patient’s family (94 percent).

“The new era of EHR brings with it a whole new set of requirements for healthcare organizations -- particularly in the area of IT security,” said Bob Rossi, vice president of CDW Healthcare.  “Digital files are not inherently less secure than paper files, but they do require a completely different set of technologies, processes and internal policies for protection.”

In fact, recent research from CDW Healthcare indicates that many physician practices have not yet prioritized IT security.  According to CDW Healthcare’s Physician Practice EHR Price Tag, 30 percent of physician practices report that they lack basic anti-virus software and 34 percent report that they do not use network firewalls.  Both elements are considered basic steps in developing a minimum IT security profile.

According to the U.S. Department of Health and Human Services, patients should expect significant benefits from the PHI included in EHRs, including:

  • The reduction of adverse drug events, medical errors and redundant tests and procedures when used in conjunction with e-prescribing.
  • The regular use of preventive services such as health screenings, which can help reduce health care costs.
  • Improved communication between patients and providers, giving patients better access to timely information.
  • The reduction of office waiting time by improving office efficiency.

Both the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act set standards for protecting PHI and create penalties for any violations.  Beyond those formal penalties, however, patients may respond to any breach of trust with a changed business relationship. 

For survey respondents who were notified of a breach of their personal data from any business or organization in the past, 33 percent changed their relationship with the offending organization, including 9 percent that severed the relationship, 12 percent that reduced spending and 12 percent that no longer trust that organization.

Ultimately, survey respondents put responsibility for the protection of their information directly on physician practices.  When asked who they hold primarily responsible for the privacy and security of their health information, 84 percent of respondents cited either a staff member at the doctors’ office by role, or the medical practice as a whole.

“For physician practices, IT security must be a primary part of any EHR,” said Rossi.  “Right now, patients trust their doctors more than anyone else to protect their personal information.  But like any relationship based upon trust, even one breach can fundamentally change the dynamic.”

CDW Healthcare conducted a survey of 1,000 respondents across the United States from January 24 to January 31.  The age and gender distribution of the survey sample match that of the overall U.S. population.  All survey respondents had been to both a doctors’ office and hospital/outpatient clinic in the previous 18 months.

A full copy of CDW Healthcare’s Elevated Heart Rates:  EHR and IT Security Report is available at



  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
  • It Happened Again

    Just yesterday (as of this writing), it happened again. A 28-year-old woman shot her way into a Christian elementary school in Nashville, Tenn., on Monday and killed three children and three adults, according to national news. AP News reports that the victims were three 9-year-old children, a top school administrator, a substitute teacher, and a school custodian Read Now

  • Let's Get to Work

    You are standing at the conference center doors just waiting to get into the exhibit hall. I know you are because I’m standing next to you. This week at ISC West has been three years in the making. Last year was encouraging, and here we are waiting for the Big Show. Read Now

    • Industry Events
    • ISC West
  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

Featured Cybersecurity

New Products

  • Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft focuses on transforming traditional professional surveillance systems into cloud connected solutions via the Videoloft Cloud Adapter. 3

  • Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls has introduced new ‘SER” surface boxes and extension rings that provide a complete solution for new construction. In addition, they provide a simple and robust solution when replacing round wired and manual push plate switches with either Camden’s wired or wireless SureWave™ no-touch switches or Kinetic™ no-battery wireless switches. 3

  • Camden Door Controls Application Spec Guide

    Camden Door Controls Application Spec Guide

    Camden Door Controls, an industry-leading provider of innovative, high quality door activation and locking products, has published a new application spec guide for specification writers designing a wireless barrier-free restroom control system. 3