Light Dark
February 4, 2016 By David Strom 3 min read
Healthcare

These days, just about every medical provider has some kind of Web-based patient portal where users can communicate with their doctors and other caregivers, keep track of prescriptions and schedule appointments. Although the portal is supposed to make a patient’s life easier, many find their options to be ailing and substandard in some areas.

Certainly, the security implications of having your personal medical history just a few browser clicks away can be an issue, but there are still good and bad portals designs from both the doctors’ and patients’ points of view. Let’s look at what can be done to ensure a better customer experience while still keeping patient information protected.

Why Does It Matter?

The idea of having secure electronic access to our doctors is appealing, especially for those of us who are comfortable using electronic communications technologies. When I was dealing with some chronic medical issues back in 2000, I actually went about choosing my specialist based on who would respond to my initial query emails. Back then, it wasn’t so common for any doctors to email, let alone want to interact with patients digitally.

The patient portal attempts to solve this by placing everyone on a level playing field: All doctors in a given practice or hospital can communicate equally and securely with all patients. But that ability is both a blessing and a curse, as we’ll see shortly.

The Ideal Patient Portal

In my own case, the design of the email system for my portal is lacking in one key feature that many of us take for granted: the ability to have threaded conversations. This is something that has been a part of most modern email systems for more than a decade, but for some reason has eluded the developers of my patient portal.

What this means is if I have a follow-up question for my doctor, I have to copy and paste the previous email text, otherwise he won’t be able to track what I am talking about. It is a small point, but a big usability feature.

Bill Howard is a contributor to industry tech sites on car technology. Based in New Jersey, his medical portal from the Summit Medical Group covers a huge practice of more than 100 doctors and hundreds more medical professionals. “I get short but useful responses from the doc within a half day,” he said. “But I am not sure how many of the doctors like it. Recently, patients got an email recently telling us to cut out the chitchat. Still, all in all, it’s a big step forward.”

Another less obvious benefit from portals is better record keeping. “I really like being able to access my most current (past few years) medical records; no issue of whether I’ve lost this or that sheet,” Howard added. “And being online has risks, but it also has rewards. One year, I missed out on the filing deadline and lost out on the last couple hundred [dollars] in funded medical savings account benefits. Now, it’s all done automatically.”

Having all medical information accessible digitally also helps doctors make better diagnoses, as Simon Carroll mentioned in a blog post on Medium. They can see more information, possible symptoms and a timeline of care to narrow down medical possibilities.

Existing Issues

Adam Kuhn, an IT manager in the Washington, D.C., area, has had frustrations with portals that “require three different logins that change every 90 days” and has experienced “trouble posting messages that sometimes don’t get through to the doctors.” This is where we can see the conflict of security and usability quite clearly. My own portal has a number of authentication methods that can be used to log in, but having too many choices is almost as bad as too few.

Dan Kusnetzky has used two different portals on opposite ends of the usability scale. The first one, in Rochester, New York, was easy to use and allowed him to effortlessly ask questions of his medical team. “I wasn’t forced to schedule a face-to-face meeting with anyone and could get an answer that day,” he explained.

When he moved to Florida, however, he was faced with a portal that “didn’t work with my chosen Web browser or the browser that came with my operating system. It wanted me to download a third browser to access their site,” he said. “They also required that I use a six-digit ID number rather than an alphanumeric username that I could remember. Their password rules were complex, and there is no way I could remember the password unless I wrote it down somewhere.”

That defeats the whole purpose of having a better password policy. He added that the Florida site developers “really didn’t understand the fact that if a site is difficult for a client to use, they won’t use it.”

So what are some takeaways on patient portals? Try striking a balance between security and usability; don’t forget that your portal has to cover a wide range of knowledge and digital comfort. Make sure the basic email-like communications is at least as functional as a contemporary webmail system. And offer training or simple video tutorials for both patients and medical staff, too.

 |  |  | 
David Strom
Security Evangelist

More from Healthcare
August 16, 2023

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

June 22, 2023

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

June 1, 2023

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature