Read Advisory Board's take: Why patients are losing trust in sharing their data

Only about 11% of patients are willing to share their health data with big technology companies, according to a recent survey from Rock Health.

Key findings

For the survey, researchers from Rock Health, which conducts research and invests in health tech companies, asked 4,000 people who they'd be willing to share their health data with. Physicians overwhelmingly were the most trusted source, with 72% of respondents saying they'd be willing to share their health data, while tech companies were the least trusted source.

Rock Health then dove deeper into the views of the 11% of respondents who said they'd trust their health data to a tech company to find out which companies they trusted most. Google was the most-trusted company, while IBM was the least.

Reaction

These results aren't "too surprising," the Rock report authors wrote. Generally, tech companies have scored lower than health companies, physicians, and government organizations when it comes to consumer trust and health data, according to the report.

This is in part due to scandals that have hit major tech companies. For example, a group of patients and health data experts in a complaint to the Federal Trade Commission (FTC) that was made public Tuesday allege Facebook is misleading users in regard to how their health information can be used without their explicit permission.

In the complaint, the group alleges that Facebook encourages users to join online medical support groups that are advertised as private or confidential, when in reality the data shared with those groups can be shared with third parties. The groups allege in their complaint that Facebook does not make this clear to users.

In response, a spokesperson from Facebook said, "It's intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community."

CNBC's Christina Farr predicts, "[A]s tech companies push into new areas where alternatives already exist and trust is valued at a premium, these privacy scandals could have far-reaching effects."

For example, Anne Wojcicki, CEO of 23andMe, theorized that her company's slower-than-expected sales could be due to privacy concerns from users, which she referred to as the "effect" from Facebook (Day/Zweig, Rock Health report, Birnbaum, The Hill, 2/19; Farr, CNBC, 2/13).

Advisory Board's take

Peter Kilbridge, Senior Research Director and Andrew Rebhan, Consultant, Health Care IT Advisor

The most interesting finding to me in this report was that respondents in 2018 were less willing to share their data with health care providers than they were in 2017. This is likely a spillover result from the endless string of data breaches that have recently occurred across different industries.

For example, the high-profile Cambridge Analytica scandal that rocked Facebook likely explains why tech companies ranked dead last in consumer willingness for sharing data. Facebook has raised alarm in other attempts to collect user data without proper consent, such as when it tried to collect anonymized patient data in 2017 for a proposed research project to aid in the prevention and treatment of heart disease. More recently, Facebook has started to use computer algorithms to scan its users' posts, comments, and videos for any indications of suicide risk, which can result in visits from law enforcement or potentially a forced hospital visit. And, of course, Facebook isn't the only tech company to face scrutiny for how it handles user data – Google's Deepmind encountered its own scandal a few years back (and it's still ranked as the most trusted tech company in this survey).

It's not just big tech companies that are facing these challenges—patient data privacy and security issues are evolving across numerous channels. Last year, a breach exposed 92 million DNA-testing accounts. We've seen in our research how some patients may face discrimination by insurers if they request genetic screening data that reveals increased risk for disease, while some personal genomics services like 23andMe may sell consumer data to pharma groups for marketing campaigns. We've also seen employer wellness programs raise some privacy concerns as employees begin sharing their wearables data in order to achieve discounted insurance premiums or other reductions in health care costs.

The ongoing security breaches in the health care industry have revealed that many providers still have much to learn about cybersecurity and data governance—a problem only compounded by the many new data sources flooding into health systems (e.g., genomic, patient-generated, or social determinants of health data) and the growth in vendors looking to take advantage of the market's increasing business opportunities.

With all this change, concerns about liability, privacy, and security are inevitable. Health providers should set explicit, patient-consented expectations for what data they collect, who will have access to it, and if (or how) it will be shared with or used by third parties. Health systems must store and transmit all new sources of patient-generated data with the same rigor as other, more standard protected health information. Keeping this process transparent with patients should help alleviate concerns around privacy and security, while also establishing a greater sense of trust between patients and their care providers.

To learn more about patient-generated health data (PGHD) and how to approach PGHD initiatives (and their associated security risks) in your hospital, download our new Connected Care Series: PGHD Report. Then, to learn more about what executives leaders need to know about cybersecurity, download out Cybersecurity Cheat Sheet Series.

Download the Report Get the Cheat Sheets

Learn more about patient-generated health data

Learn trends related to patient-generated health data (PGHD), get an outlined vision for connected care, read about different use cases, and get the first steps for how to approach PGHD initiatives in your organization.

Download Now