Study Reveals Patients Don’t Completely Trust Healthcare Providers to Protect PII and Payment Data

In 2019, it was scary to have over 1 healthcare data breach report daily. In 2021, certain months had over two healthcare data breaches per day. With data breaches occurring so often and ransomware attacks impacting healthcare programs, it is not unusual that many patients no longer completely believe in their healthcare providers in regards to protecting sensitive personally identifiable information (PII).

Based on a new study done by Dynata for Semafone, 56% of patients at private practices stated they don’t believe their healthcare providers could safeguard PII and payment data. Smaller healthcare companies have little budget to spend for cybersecurity compared to bigger healthcare organizations, yet belief in big hospital networks is considerably less. Just 33% of patients of big hospital systems believed in them to be capable of protecting their PII.

The HHS’ Office for Civil Rights, the principal agency that imposes HIPAA compliance, has observed HIPAA compliance more in the last years and is issuing a growing number of financial penalties for breach of the HIPAA Privacy and Security Rule. The study reported that patients want healthcare companies to be penalized when they don’t secure the privacy of healthcare data. 9 of 10 patients agree to penalize healthcare organizations that fail to use proper safety measures to prevent healthcare data breaches.

In addition, when data breaches occur, patients want to change providers. 66% of patients stated they will change to another healthcare company if their PII or payment detail was compromised in a data breach that occurred due to the inability to perform appropriate security processes. Another 2021 survey, performed on behalf of Armis, acquired a similar outcome. 49% of patients mentioned they will switch healthcare companies in the event their PHI was breached during a ransomware attack.

The pandemic has intensified the danger patients face due to healthcare data breaches. Before the COVID outbreak, numerous patients paid their hospital charges in person or through the mail, nevertheless, the Semafone survey showed both payment methods declined because patients are now choosing to pay digitally. Mail-in payments dropped by 17% and in-person payments dropped by 28%. As healthcare companies likely saved financial information, the possibility of financial difficulties because of a data breach has increased substantially.

Semafone exhibited in its 2021 State of Healthcare Payment Experience and Security Report that as a result of increased healthcare data breaches, patients became more aware and attentive to what their healthcare providers do to protect their information. Semafone advocates healthcare organizations, and specifically big hospital systems, to be focused on the digital transformation actions they do to protect sensitive information.

No matter what size, the entire healthcare sector ought to do far better at handling and preventing data breaches, explained Gary E. Barnett, the CEO of Semafone. There are alternatives that provide security and support to meet compliance requirements, nevertheless a lot of organizations today still count on outdated processes for daily operations. It isn’t acceptable to claim they don’t know there are efficient and automated methods available for saving time, money, and hassle. Healthcare organizations should look for suitable technologies and procedures to protect patients.

Though most patients (75%) said they feel confident that their healthcare organizations are doing good at telling how they protect payment information, just 50% mentioned they know where their payment data was held. Taking into consideration the big number of men and women who don’t know where their data is stored, providers get an opportunity to teach and converse with patients more to, eventually, improve the experience and trust of the healthcare providers starting now.

About Christine Garcia 1312 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at