Patient Portal Proxy Access: A Common Failure In Patient Portals

Updated on January 25, 2021.

Patient portal proxy access allows caregivers or legal guardians to access their dependents’ patient portals. Studies[¹] have shown that patients generally saw benefits once caregivers had access to the information and functions within their patient portal, such as health literacy assistance and help in times of medical emergencies. Proxy patient portal access is most commonly used in these scenarios:

  • A parent accessing their child’s patient portal account
  • A child accessing their elderly parent’s patient portal account
  • A nurse or caretaker accessing their patient’s account, when that nurse or caretaker is not affiliated with the healthcare organization providing the patient portal account
  • A partner accessing their significant other’s patient portal account

“Parents are amongst the most active patient portal users. Therefore, providing parents with the ability to manage their children’s care from a patient portal or mobile app easily is an incredibly powerful feature,” explains John Deutsch, founder, and CEO of Bridge Patient Portal. Patient portal systems can help caregivers better manage care for the patient. However, patients have shown concern about providing caregivers with information regarding stigmatized conditions and financial billing information.

Providing patient proxy portal access impacts a patient’s privacy and security in multiple ways.

Patient Portal Proxy Access

Patient Portal Proxy Access Protects Patients’ Privacy

Patient proxy portal access promotes better healthcare for minors, the elderly, and others that may struggle to manage their health independently, without infringing on privacy. Everyone has the right to privacy and the right to withhold information they consider sensitive. In one study, almost half of US hospitals[²] failed to protect their patients’ data as they endorsed the sharing of login credentials. The sharing of login credentials should be against hospital policy and may invalidate the solution as being a HIPAA compliant patient portal. Caregiver proxy access protects patients’ privacy by allowing patients to decide what information and functionality a care partner can access.

Furthermore, while it may make practical sense that a parent creates a login for their child, which uses the parent’s email address as the username, it will eventually become a problem when the child reaches the age of majority, and the child then takes over the account.

Track Changes Made Within The Portal

Logging in as the patient allows third-parties full access to the healthcare portal and the ability to make changes on behalf of the patient. Healthcare organizations often assume incorrectly that the patient is making these requests/changes. This makes it difficult to track the true identity of the person making changes in the portal, as it may appear that the patient has authorized those changes. A caregiver portal software can prevent changes from being made by anyone other than the patient, or caregiver/proxy changes can be flagged as such, making it easier to trace modifications made within the portal.

Digital Front Door
Prevent Patients From Being Locked Out

The sharing of login details can result in patients being locked out of their own accounts. Losing access is not always due to malicious intent, as caregivers may lock patients out of the portal by mistake. Secure caregiver portal software has protocols in place to flag suspicious activity such as multiple active logins, logins from unknown devices, or too many failed logins. Caregiver portal solutions provide access to the patient portal using their own login; usernames and passwords no longer need to be shared between patients and caregivers. Caregivers simply enter unique key identifiers that are cross-referenced with data on the source system (Electronic Health Record, Revenue Cycle Management, Practice Management). Once authenticated, caregivers can log in and implement two-factor authentication (2FA) using biometric face or fingerprint recognition.

Honor Age Of Majority Laws

The sharing of login details allows for permanent access unless the patient changes their password. This may prove to be an issue when children become legal adults, but their parents still have access to their health information or in any situation where a patient would like to revoke access. The patient portal proxy access should support the state-specific age of majority laws. Once the child reaches the age of majority, the parent or guardian’s access to the dependent’s portal is automatically unlinked.

Stop Security Breaches

With regards to patient portal security, research has shown that people often use similar passwords across multiple systems; patients may not be aware that they are opening themselves to a massive security risk by using just one password. A proxy patient portal allows patients and caregivers to access the account using unique logins, respectively. Logins are authenticated as the patient and caregiver’s information is compared to the data found in the source system. Once authenticated, users can quickly and securely log in using two-factor authentication in the form of either biometric face or fingerprint recognition.

Limit The Amount Of Access

Patient portal proxy access is vital to our most at-risk population. The best solution would allow patients to give access to caregivers at a level they deem appropriate. Patient portals should provide patients with a default proxy account configuration that includes access to most information and functions but requires an opt-in for the complete medical record, billing, and insurance information. Portals could also provide a simple checklist of access controls to help patients decide what information or functionality to grant the caregiver.

Easy Registration

Registering for a proxy account can frequently prove difficult, and in many cases, requires the caregiver to go in person to the hospital or clinic. Patient portal self-registration is a valuable feature allowing patients and caregivers to register on their own with very little to no staff assistance required.

As patient portal proxy access continues to gain momentum, hospitals and Electronic Health Record (EHR) vendors need to seek a patient portal solution that allows caregivers to care for patients without violating their privacy or placing them at risk of security breaches.

  1. Latulipe, C., Quandt, S.A., Melius, K.A., Bertoni, A., Miller Jr, D.P., Smith, D. and Arcury, T.A. (2018). Insights Into Older Adult Patient Concerns Around the Caregiver Proxy Portal Use: Qualitative Interview Study. Journal of Medical Internet Research, 20(11), p.e10524.
  2. jamanetwork.com. (n.d.). Validate User. [online] Available at: https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2764648 [Accessed 8 Dec. 2020].
Kirsty Watson
Kirsty Watson

Community Manager at Bridge Patient Portal. Kirsty is an experienced marketer with a demonstrated history of working in the medical and software industry. She is skilled in digital marketing, including SEO copywriting. Kirsty marries her passion for healthcare with her experience in digital marketing.