70% of patients unaware of changing HIPAA Security Rule

As digital health records grow in scale and sophistication, so do patient concerns — particularly in smaller practices, which often adopt EHR systems, patient communication tools, and automation platforms to stay competitive with larger health systems. With HIPAA Security Rule updates likely happening this year, Tebra surveyed over 1,100 Americans, including healthcare professionals from a range of care settings, to learn what people know about healthcare data privacy, who they believe should protect it, and how they feel about new technologies in the mix.

HIPAA (the Health Insurance Portability and Accountability Act) was created to safeguard patients' personal health information. The upcoming changes to the HIPAA Security Rule are the most significant in over a decade, aiming to strengthen protections against modern cybersecurity threats. For private practices, staying informed and communicating clearly with patients will be essential to building trust as data security rules and expectations shift.

HIPAA remains the foundation of patient data protection in the United States, but many feel it's falling behind the pace of digital healthcare — especially as more care is delivered through cloud-based systems and technology-supported practices. 

Only 10% of patients had ever asked how their provider protects their health data, but more than two-thirds reported feeling concerned about the security of their information. Additionally, 7 in 10 were completely unaware of upcoming HIPAA Security Rule changes. Another 21% didn't know that HIPAA protects their information from being shared with third parties or advertisers. 

Fewer than half of patients said they've received clear communication from their providers about how their health data is collected, stored, or shared — a finding echoed in broader research showing that trust in digital health tools is closely tied to provider transparency and communication. Other researchers have pointed out that "dimensions of trust may play different roles in ensuring good communication between patients and providers, in patients' use of healthcare services, and for adhering to treatment."

Awareness about the 2025 HIPAA changes among healthcare workers was also low. Just 35% were familiar with them, and only 2 in 5 said they had received formal training on it. Others (19%) said training was coming soon, and only 16% felt confident explaining the changes to others.

When asked what posed the biggest risk to patient data, healthcare workers pointed to human error (37%). Patients, on the other hand, said outdated systems (44%) were the primary problem. Overall, 41% of Americans believe HIPAA isn't keeping up with today's cyber threats.

Many patients are experiencing the real consequences of healthcare data insecurity, and they want providers to do more when breaches occur.

Nearly 1 in 3 Americans reported having their health data breached in the past 3 years. Among those, more than half said the incident damaged their trust in their provider — a reminder that trust in healthcare often hinges on transparent communication, especially in community-based or independent care settings Yet, even with this breach of confidence, two-thirds stayed with the same provider after the incident.

One-third of breach victims said they never received any kind of follow-up communication. For those who did, the number one thing they wanted was a clear explanation of how it happened and what data was exposed. Others desired financial compensation or free credit monitoring and identity protection.

Patients who haven't experienced a breach tend to be more hopeful. Over half (54%) said they think future breaches can be prevented. In contrast, those who had already experienced a breach were 1.5 times more likely to believe future breaches are inevitable.

New technology is reshaping health data security, but how do people feel about advancements like blockchain and AI?

Seventy percent of Americans reported moderately to completely trusting blockchain systems to help protect their medical data, and 56% felt the same about AI tools.

AI tools, however, were seen as more than twice as risky as blockchain for managing sensitive health data, and nearly half of Americans said they wouldn't feel reassured by a "HIPAA Compliant – Verified by AI" badge displayed by a provider.

When asked who they trusted most with their health information, Americans ranked hospitals as No. 1, followed by tech companies and insurers. About a quarter of Americans said they trust no one at all. Still, 1 in 4 would allow their provider to share health data with an AI-powered tech company.

Currently, 1 in 5 healthcare workers' organizations are using AI or blockchain tools. Two-thirds of all respondents believe technology is evolving faster than regulators can ensure its safety or privacy protections. That perception puts added pressure on providers to clearly explain what tools are in place, why they're being used, and how they're keeping data safe.

Patients and providers both want stronger safeguards for health data, but their views on what works, what's risky, and who's responsible don't always align. As HIPAA evolves and new technologies like AI and blockchain enter the conversation, private practices have a chance to build trust by communicating clearly, addressing breaches transparently, and staying informed. Investing in strong data practices isn't just good compliance — it's good care.

Tebra surveyed 1,105 Americans who currently have a healthcare provider to explore their views on upcoming HIPAA Security Rule changes, the impact of data breaches, privacy concerns, emerging technologies, and who they believe is responsible for protecting patient data. The average age of respondents was 40; 53% were female, 45% were male, and 2% were nonbinary.

We also compared the perspectives of healthcare workers to patients. The breakdown of respondents was as follows: 76% were patients only, while 24% were also healthcare workers. The data was collected in May 2025.

Tebra, headquartered in Southern California, empowers independent healthcare practices with cutting-edge AI and automation to drive growth, streamline care, and boost efficiency. Our all-in-one EHR and billing platform delivers everything you need to attract and engage your patients, including online scheduling, reputation management, and digital communications. 

Inspired by "vertebrae," our name embodies our mission to be the backbone of healthcare success. With over 165,000 providers and 190 million patient records, Tebra is redefining healthcare through innovation and a commitment to customer success. We're not just optimizing operations — we're ensuring private practices thrive.

If you'd like to share or reference this information, you're welcome to do so for noncommercial purposes. Please include a link to Tebra with proper attribution.