Patient Portal Proxy Access: A Common Failure in Patient Portals

Updated on March 22, 2023

Patient portal proxy access allows caregivers or legal guardians to access their dependents’ patient portals. Studies¹ have shown that patients generally see benefits once caregivers have access to the information and functions within their patient portal, such as health literacy and medical emergency assistance. Proxy patient portal access is most commonly used in these scenarios:

• A parent accessing their child’s patient portal account
• An adult child accessing their elderly parent’s patient portal account
• A nurse or caretaker accessing their patient’s account (when not affiliated with the healthcare organization providing the account)
• A partner accessing their significant other’s patient portal account

“Parents are amongst the most active patient portal users. Therefore, providing parents with the ability to manage their children’s care from a patient portal or mobile app easily is an incredibly powerful feature,” explains John Deutsch, founder and CEO of Bridge Patient Portal. Patient portal systems can help caregivers better manage care for the patient. However, patients have shown concern about providing caregivers with information regarding stigmatized conditions and financial information.

Providing patient proxy portal access impacts a patient’s privacy and security in multiple ways.

Patient Portal Proxy Access Protects Patients’ Privacy

Patient proxy portal access promotes better healthcare for minors, the elderly, and others that may struggle to manage their health independently without infringing on privacy. Everyone has the right to privacy and to withhold information they consider sensitive. In one study, almost half of U.S. hospitals² failed to protect their patients’ data by endorsing the sharing of login credentials. This sharing should be against hospital policy and may invalidate HIPAA compliance. Caregiver proxy access protects patients’ privacy by allowing patients to decide what information and functionality a care partner can access.

Additionally, while parents creating a login for their child using the parent’s email address makes practical sense, this will present a problem when the child reaches the age of majority and takes over the account. 

Track Changes Made Within the Portal

Logging in as the patient allows third parties full access to the healthcare portal and the ability to make changes on the patient’s behalf. Healthcare organizations often assume incorrectly that the patient is making these requests/changes. This makes it difficult to track the true identity of the person making changes in the portal, as it may appear that the patient has authorized those changes. Caregiver portal software can prevent changes from being made by anyone other than the patient or flag caregiver/proxy changes, making it easier to trace any modifications.

Prevent Patients From Being Locked Out

Sharing login details can result in patients being locked out of their own accounts. Losing access is not always due to malicious intent, as caregivers may lock patients out of the portal by mistake. Secure caregiver portal software has protocols in place to flag suspicious activity such as multiple active logins, logins from unknown devices, or too many failed logins. Caregiver portal solutions provide caregivers access to the patient portal using their own login, eliminating the need for shared login details. Caregivers simply enter unique key identifiers that are cross-referenced with data on the source system (Electronic Health Record, Revenue Cycle Management, Practice Management). Once authenticated, caregivers can log in and implement two-factor authentication (2FA) using biometric face or fingerprint recognition.

Honor Age of Majority Laws

Sharing login details allows permanent access unless the patient changes their password. This may prove problematic when children reach legal adulthood and their parents can still access their health information, or in any situation where a patient would like to revoke access. The patient portal proxy access should support the state-specific age of majority laws. Once the child reaches the age of majority, proxy patient portal software can automatically unlink the parent or guardian’s access to the dependent’s portal.

Stop Security Breaches

With regards to patient portal security, research has shown that people often use similar passwords across multiple systems, not realizing they are opening themselves to massive security risk by using similar or identical passwords. A proxy patient portal allows patients and caregivers to access the account using their own separate logins. Logins are authenticated as the patient and caregiver’s information is compared to the data found in the source system. Once authenticated, users can quickly and securely log in using two-factor authentication in the form of either biometric face or fingerprint recognition.

Limit the Amount of Access

Patient portal proxy access is vital to our most at-risk populations. The best solution would allow patients to give access to caregivers at a level they deem appropriate. Patient portals should provide patients with a default proxy account configuration that includes access to most information and functions, but requires an opt-in for the complete medical record, billing, and insurance information. Portals could also provide a simple checklist of access controls to help patients decide what information or functionality to grant the caregiver.

Easy Registration

Registering for a proxy account can frequently prove difficult, and in many cases, requires the caregiver to go in person to the hospital or clinic. Patient portal self-registration is a valuable feature, allowing patients and caregivers to register on their own with little to no staff assistance required.

As patient portal proxy access continues to gain momentum, hospitals and Electronic Health Record (EHR) vendors need to seek a patient portal solution that allows caregivers to care for patients without violating their privacy or placing them at risk of security breaches.

1. Kelly, T. G., Danielle, P., Aleksandra, W., et al. (2022) Patient Portals to Support Care Partner Engagement in Adolescent and Adult Populations: A Scoping Review. JAMA Netw Open [online] Available at: https://jamanetwork.com/journals/jamanetworkopen/article-abstract/2799954.
2. Celine, L., Syeda, M., Rachel, RKW., et al. (2020). Security and Privacy Risks Associated With Adult Patient Portal Accounts in US Hospitals. JAMA Intern Med. [online] Available at: https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2764648.