The problem with patient portals

Patient portals seem like the logical next step for a healthcare system that’s becoming increasingly more reliant on electronic health records and other various digital constructs.

But not everything is as it seems. Portal technology has yet to definitively prove its worth, according to a recent review from the Journal of Medical Internet Research.

While compiling and evaluating the existing research available on patient portals published between 2011 and 2014, analysts from Texas State University discovered that “very few studies associated use of the patient portal, or its features, to improved outcomes.”

Thus, despite the fact that most of the research from the aforementioned three-year timespan suggested improvements in patient loyalty and communication as a result of portal adoption, some questions remain unanswered. Due to the lack of randomized control trials and because so few attempts have been made to empirically measure quality indicators, there is sure no way of knowing how much the technology really benefits hospitals and practices.

Of course, there’s the possibility that this isn’t just a research shortfall: Maybe we don’t know how much patient portals benefit healthcare because they simply aren’t all that effective.

“The market has been slow to adapt, and as a result, the maturity of the portal is not where it needs to be in order to improve quality of care and more deeply involve the patient in the medical decision,” the study authors state.

Patient problems
Experts like Art Gross, CEO of HIPAA Security Now, think the shortcomings of patient portals have less to do with a hesitant provider market and more to do with the folks who are ultimately being marketed to: patients.

“The top challenge that we hear from clients is that a practice may spend a significant amount of time and money to implement a patient portal but they struggle to get patients to use the portal. The challenge is magnified with practices that specialize in areas that have a large older population,” Gross told Medical Practice Insider.

Many older patients, particularly those falling between the ages of 50-80, are not particularly computer savvy, Gross said, and therefore will not utilize portals or will become increasingly frustrated by them if they do. With one of the largest generations, Baby Boomers, coming of that age currently, providers have been having a tough go of it getting patients to opt-in to portals, let alone email.

“We worked for over two weeks calling every patient begging them to give us an email but the majority were too old to use email or to poor to have the option,” commented a Medical Practice Insider reader regarding the struggle that the practice she works for has faced when implementing its patient portal.

What’s more, if patients do sign up for a practice portal, there’s always the potential for the technology to be utilized incorrectly.

“There is a real risk that patients will misuse a patient portal for emergency situations,” Gross said. And although “most portals have disclaimers that urge patients to call the practice or 911 in the event of an emergency … we will most likely hear of situations where patients used a portal to request emergency care and the request was not attended to with the normal emergency diligence,” he added.

Patients aren’t the only ones to blame when it comes to the current plateau of portal adoption. Security and ease of use, as is so often the case with emerging technology, can trip up development as well.

“Patient portals tend to sound a lot better in theory than they are in practice,” said Asaf Cidon, the inventor of a secure file-sharing tool called Sookasa. “They’re plagued by security problems and many are very hard to use and deploy. Taken together, these challenges defeat the point of patient portals.”

A practice can adopt one of the most soundly developed patient portals out there. It can internally tick off all the HIPAA and HITECH requirements laid out before it and ensure that providers are using secure devices. But because portals by their nature are sending information to patients, who are most likely using unsecure devices outside of the practice network, there will always be a risk with such technology.

“The primary concern is related to the security of the data itself,” Cidon said. “Though patient portals do use protections such as passwords, user authentication methods, and SSL, which encrypts the network traffic from the browser to their website, portals don't encrypt individual patient files. So even with their existing protections, patient portals essentially create an additional entry point that could pose a security risk.”

These challenges can potentially be assuaged by implementing separate file-sharing encryption software or by encrypting the files themselves, Cidon said.

“Patient portals need to be secured and kept up to date with security patches,” added Gross. “In addition, vulnerability and penetration tests should be performed on the portal to ensure that known vulnerabilities are discovered and remediated to minimize the chance of hackers accessing information. Strong password policies need to be implemented to ensure that patients are not using passwords that are easy to guess or crack.”

Overall, the issues with portals vary in severity depending on whom you ask. But most experts agree on one solution area when it comes to security and engagement: education and simplification.

“Education of patients on when to use the portal and when not to use the portal is critical to ensuring that tragedies are avoided in the event of a real patient emergency,” said Gross. “The challenge is educating patients as well as ensuring that patient portals are designed to be as easy to use as possible. As with most technologies, it takes a few iterations to refine a product so that it has the most usability.”

Cidon agreed: “Healthcare providers have to communicate to patients that portals are an important way to transfer bulk amounts of information efficiently, but they are no substitute for direct communication with the healthcare provider in case of an emergency.”

“We find physicians are able to work with patients when data interactions are as easy for them as possible,” Cidon noted.

Related articles:

Providers scurry to complete attestation but face $200 million in adjustments

Where meaningful use is headed from here

Doctors' favorite prescribable apps