Majority of teen patient portals accessed by guardians, raising privacy concerns

Majority of teen patient portals accessed by guardians, raising privacy concerns

A study published this week in the Journal of the American Medical Association Network Open found that more than half of adolescent patient portal accounts with outbound messages were accessed by guardians.  

The findings, say the researchers, could be useful in guiding health system approaches to protecting confidentiality with regard to patient portals.  

“Confidential communication is necessary for many adolescents to feel comfortable seeking care for sensitive health needs,” read the study.  

“Although further studies with more data and control for confounders are warranted, our preliminary observation raises questions whether adolescents may be less willing to share sensitive health topics via the portal when aware that their guardians have access to their portal accounts,” it continued.  


The researchers explained that many health systems allow adolescents to access their electronic health records through a patient portal, which supports appointment scheduling, record sharing, and communication with clinicians.  

Systems also often offer proxy portal accounts for legal guardians, with separate login credentials, to access selected portions of the adolescent accounts and communicate with their adolescents’ clinicians separately.  

But, this study suggests, guardians may be using the adolescent account instead – leading to concerns about patient confidentiality.   

“Compliance with federal regulations, such as the 21st Century Cures Act, and state-specific consent and confidentiality laws for adolescents requires a reliable mechanism to share protected health information with adolescents without guardian knowledge,” said the researchers.  

The team used an algorithm to examine outbound messages sent from patient portal accounts of patients aged 13 to 18 years old at three institutions (with which the team members are affiliated): Stanford Children’s Health, Rady Children’s Hospital and Nationwide Children’s Hospital.  

All three institutions allow adolescents to have their own MyChart accounts through the Epic EHR.  

“The algorithm flagged messages if the message contained any of the following features: (1) a third-person reference to the adolescent; (2) phrases such as my son, my daughter, or my child; or (3) the signature matched the name of a guardian on file,” read the study.  

Out of 3,429 eligible accounts, the sensitivity – and specificity-adjusted algorithm found that 64% at Rady Children’s Hospital, 70% at Stanford Children’s Health and 76% at Nationwide Children’s Hospital had been accessed by guardians.  

The percentage of flagged accounts decreased as patients aged.  

Researchers hypothesized several reasons for guardian access of adolescent portal accounts:   

  • Institutional workflow issues, including errors during portal sign-up
  • Misunderstanding of portal account design by adolescents and their guardians
  • Adolescents voluntarily sharing their portal access
  • Guardians coercively or surreptitiously accessing the adolescent’s account  

Regardless, they emphasized the importance of protecting young people’s sensitive health information.  

“It is necessary to educate adolescents and their guardians on the concepts of patient portals and proxy accounts, as well as the benefits and limitations of electronic communications, especially given that many adolescents are not familiar with patient portals,” read the study.   

“Dedicated staff for portal sign-up could help ensure contact information associated with the account belongs to the adolescents instead of the guardians. Clinician training related to confidentiality within the electronic record is also necessary to protect sensitive information for adolescents,” it continued.  


The Office of the National Coordinator for Health IT released updated recommendations this past year for pediatric health IT.  

Some of the recommendations acknowledged the potential complications and privacy concerns around providing children care, particularly when it comes to potentially sensitive health data.  

“Adolescents may be allowed by law or practice to sequester access to information, such as sexual and behavioral health history in their health record,” according to ONC’s recommendations.” Meanwhile, where portals are concerned, stakeholders have flagged potential security issues for years.  


“Based on these findings, it may be useful for healthcare systems to examine the current use of adolescent patient portals by guardians and develop strategies to promote proper portal access,” wrote the researchers in the JAMA Network Open study.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article