Patient Portal Proxy Access: A Common Failure In Patient Portals
- Posted On June 5th
- In Patient Portal
Patient portal proxy access allows caregivers or legal guardians to access their dependents’ patient portals. Studies have shown that patients generally saw benefits once caregivers had access to the information and functions within their patient portal, such as health literacy assistance and help in the time of medical emergencies. Proxy patient portal access is most commonly used in these scenarios:
- A parent accessing their son or daughter’s patient portal account
- A son or daughter accessing their elderly parent’s patient portal account
- A nurse or caretaker accessing their patient’s account, when that nurse or caretaker is not affiliated with the healthcare organization providing the patient portal account
- A husband or wife accessing their significant other’s patient portal account
“Parents are amongst the most active patient portal users. Therefore, providing parents with the ability to manage their children’s care from a patient portal or mobile app easily is an incredibly powerful feature,” explains John Deutsch, founder and CEO of Bridge Patient Portal. Patient portal systems can help caregivers better manage care for the patient. However, patients have shown concern about providing caregivers with information regarding stigmatized conditions and financial billing information.
Providing proxy portal access impacts a patient’s privacy and security in multiple ways.
Patient Portal Proxy Access Protects Patients’ Privacy
Proxy portal access promotes better healthcare for minors, the elderly, and others that may struggle to manage their health independently, without infringing on privacy. Everyone has the right to privacy and the right to withhold information they consider sensitive. In one study, almost half of US hospitals failed to protect their patients’ data as they endorsed the sharing of login credentials. The sharing of login credentials should be against hospital policy and may invalidate the solution as being a HIPAA compliant patient portal.
Track Changes Made Within The Portal
Logging in as the patient allows third-parties full access to the healthcare portal and the ability to make changes on behalf of the patient. Healthcare organizations often assume incorrectly that these requests/changes are being made by the patient. This makes it difficult to track the true identity of the person making changes in the portal, as it may appear that those changes have been authorized by the patient.
Prevent Patients’ From Being Locked Out
The sharing of login details can result in patients being locked out of their own account. Losing access is not always due to malicious intent as caregivers may lock patients out of the portal by mistake. Secure software has protocols in place to flag suspicious activity such as multiple active logins, logins from unknown devices, or too many failed logins.
Honor Age Of Majority Laws
The sharing of login details allows for permanent access unless the patient changes their password. This may prove to be an issue when children become legal adults, but their parents still have access to their health information, or in any situation where a patient would like to revoke access. The patient portal proxy access should support state-specific age of majority laws so that once the child reaches the age of majority, the parent or guardian access to the dependent’s portal is automatically unlinked.
Stop Security Breaches
With regards to patient portal security, research has shown that people often use similar passwords across multiple systems; patients may not be aware that they are opening themselves to a massive security risk by using just one password.
Limit The Amount Of Access
Patient portal caregiver access is vital to our most at-risk population. The best solution would allow patients to give access to caregivers at a level they deem appropriate. Patient portals should provide patients with a default proxy account configuration that includes access to most information and functions, but requires an opt-in for the complete medical record, billing, and insurance information. Portals could also provide a simple checklist of access controls to help patients decide what information or functionality to grant the caregiver.
Registering for a proxy account can frequently prove difficult, and in many cases, requires the caregiver to go in person to the hospital or clinic. Patient portal self-registration is a valuable feature allowing patients and caregivers to register on their own with very little to no assistance required.
As patient portal proxy access continues to gain momentum, hospitals and electronic health record (EHR) vendors need to seek patient portal systems that allow caregivers to care for patients without violating their privacy or placing them at risk of security breaches.