Light Dark
February 4, 2016 By David Strom 3 min read
Healthcare

These days, just about every medical provider has some kind of Web-based patient portal where users can communicate with their doctors and other caregivers, keep track of prescriptions and schedule appointments. Although the portal is supposed to make a patient’s life easier, many find their options to be ailing and substandard in some areas.

Certainly, the security implications of having your personal medical history just a few browser clicks away can be an issue, but there are still good and bad portals designs from both the doctors’ and patients’ points of view. Let’s look at what can be done to ensure a better customer experience while still keeping patient information protected.

Why Does It Matter?

The idea of having secure electronic access to our doctors is appealing, especially for those of us who are comfortable using electronic communications technologies. When I was dealing with some chronic medical issues back in 2000, I actually went about choosing my specialist based on who would respond to my initial query emails. Back then, it wasn’t so common for any doctors to email, let alone want to interact with patients digitally.

The patient portal attempts to solve this by placing everyone on a level playing field: All doctors in a given practice or hospital can communicate equally and securely with all patients. But that ability is both a blessing and a curse, as we’ll see shortly.

The Ideal Patient Portal

In my own case, the design of the email system for my portal is lacking in one key feature that many of us take for granted: the ability to have threaded conversations. This is something that has been a part of most modern email systems for more than a decade, but for some reason has eluded the developers of my patient portal.

What this means is if I have a follow-up question for my doctor, I have to copy and paste the previous email text, otherwise he won’t be able to track what I am talking about. It is a small point, but a big usability feature.

Bill Howard is a contributor to industry tech sites on car technology. Based in New Jersey, his medical portal from the Summit Medical Group covers a huge practice of more than 100 doctors and hundreds more medical professionals. “I get short but useful responses from the doc within a half day,” he said. “But I am not sure how many of the doctors like it. Recently, patients got an email recently telling us to cut out the chitchat. Still, all in all, it’s a big step forward.”

Another less obvious benefit from portals is better record keeping. “I really like being able to access my most current (past few years) medical records; no issue of whether I’ve lost this or that sheet,” Howard added. “And being online has risks, but it also has rewards. One year, I missed out on the filing deadline and lost out on the last couple hundred [dollars] in funded medical savings account benefits. Now, it’s all done automatically.”

Having all medical information accessible digitally also helps doctors make better diagnoses, as Simon Carroll mentioned in a blog post on Medium. They can see more information, possible symptoms and a timeline of care to narrow down medical possibilities.

Existing Issues

Adam Kuhn, an IT manager in the Washington, D.C., area, has had frustrations with portals that “require three different logins that change every 90 days” and has experienced “trouble posting messages that sometimes don’t get through to the doctors.” This is where we can see the conflict of security and usability quite clearly. My own portal has a number of authentication methods that can be used to log in, but having too many choices is almost as bad as too few.

Dan Kusnetzky has used two different portals on opposite ends of the usability scale. The first one, in Rochester, New York, was easy to use and allowed him to effortlessly ask questions of his medical team. “I wasn’t forced to schedule a face-to-face meeting with anyone and could get an answer that day,” he explained.

When he moved to Florida, however, he was faced with a portal that “didn’t work with my chosen Web browser or the browser that came with my operating system. It wanted me to download a third browser to access their site,” he said. “They also required that I use a six-digit ID number rather than an alphanumeric username that I could remember. Their password rules were complex, and there is no way I could remember the password unless I wrote it down somewhere.”

That defeats the whole purpose of having a better password policy. He added that the Florida site developers “really didn’t understand the fact that if a site is difficult for a client to use, they won’t use it.”

So what are some takeaways on patient portals? Try striking a balance between security and usability; don’t forget that your portal has to cover a wide range of knowledge and digital comfort. Make sure the basic email-like communications is at least as functional as a contemporary webmail system. And offer training or simple video tutorials for both patients and medical staff, too.

 |  |  | 
David Strom
Security Evangelist

More from Healthcare
October 29, 2024

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

September 26, 2024

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

September 18, 2024

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature