Skip to main content
PMC home page
Applied Clinical Informatics logoLink to Applied Clinical Informatics
. 2023 Apr 5;14(2):258–262. doi: 10.1055/a-2015-0964

Creating a Guardrail System to Ensure Appropriate Activation of Adolescent Portal Accounts

James Xie 1,, Adam Hogan 1, Tom McPherson 1, Natalie Pageler 1, Tzielan Lee 1, Jennifer Carlson 1
PMCID: PMC10076104  PMID: 36652961

Abstract

The parent of an adolescent patient noticed an upcoming appointment in the patient's portal account that should have remained confidential to the parent. As it turned out, this parent was directly accessing their child's adolescent patient portal account instead of using a proxy account. After investigation of this case, it was found that the adolescent account had been activated with the parent's demographic (i.e., phone/email) information. This case illustrates the challenges of using adult-centric electronic health record (EHR) systems and how our institution addressed the problem of incorrect portal account activations.

Confidentiality is fundamental to providing healthcare to adolescents. To comply with the 21st Century Cures Act's information blocking rules, confidential information must be released to adolescent patients when appropriate while also remaining confidential from their guardians. While complying with this national standard, systems of care must also account for interstate variability in which services allow for confidential adolescent consent. Unfortunately, there are high rates of guardian access to adolescent portal accounts which may lead to unintended disclosure of confidential information. Therefore, measures must be taken to minimize the risk of inadvertent confidentiality breaches via adolescent patient portals.

Our institution implemented a guardrail system that checks the adolescent patient's contact information against the contact information of their parent/guardian/guarantor. This guardrail reduced the rate of account activation errors after implementation. However, the guardrail can be bypassed when demographic fields are missing. Thus, ongoing efforts to create pediatric-appropriate demographic fields, clearly distinguishing patient from proxy, in the EHR and workflows for registration of proxy accounts in the patient portal are needed.

Keywords: adolescent confidentiality, patient portal, demographics, electronic health records

Background and Significance

The management of adolescent portal access continues to be a challenge, and there is a great degree of variability in implementation of adolescent portal access across organizations. 1 Although there are many ways to address adolescent access to their health records, the majority of commercial electronic health records (EHRs) offer a patient portal function, which will be the focus of this report. Adolescents under age 18 are still minors and generally require parent's/guardian's (referred to as “proxy” for the remainder of this discussion) consent for the majority of their medical management. However, minor adolescents are able to consent to specific, limited services (such as reproductive health or substance abuse treatment, varying by state law) with the expectation that those services remain confidential from their proxies. 2 To uphold these legal expectations while remaining compliant with 21st Century Cures Act requirements, portal accounts need to be configured to allow differential release of information to adolescents versus their proxies. 3 4 At our institution, adolescents may register for their own portal account beginning at age 12 with parental consent. The default state will eventually be that the majority of pediatric notes will be shared with both patients and their proxies. 5 As institutions are determining their portal configuration, it is critical to ensure that the adolescent account is only accessible by the appropriate individual. If this is not the case, no degree of differential, tiered access will maintain confidentiality; as such, it is essential that portal accounts be activated correctly. Only with assurance of portal account accuracy and confidentiality can the benefits of adolescent portal access be realized while mitigating risks. 6 7 8 9

Unfortunately, adolescent accounts have a high rate of potential access by individuals other than the patient which may lead to unintended disclosure of confidential information. 10 To address our institution's erroneously activated accounts, our Information Systems patient portal team developed a three-step approach to the problem: (1) clean-up existing, incorrectly activated accounts, (2) minimize opportunities to activate incorrect accounts (i.e., develop a “guardrail” for account activation), and (3) develop an ongoing, monitoring system to assess accuracy of newly activated accounts. The “clean-up” phase has been described in our previous publication. 11 Our ongoing monitoring is an extension of our “clean-up” work but focuses on newly created accounts. The current discussion will focus on the project to minimize account errors at the time of account activation.

Case Presentation

The parent of an adolescent patient was accessing the EHR's portal account for her daughter and noticed an upcoming appointment with the “Teen Health Clinic”–a clinic the parent was not aware her daughter was attending. To clarify the scheduling concern, the parents consulted with her child's provider. Alarmed by what should have been an appointment only visible to the adolescent, the provider filed a help desk ticket to determine the source of inappropriate information sharing. Upon investigation, it appeared that the parent had been directly accessing their child's “Adolescent” account, which had been activated with the parent's phone and e-mail information, instead of using the appropriate “Proxy” account. Because the parent was incorrectly assigned an adolescent portal account, she was able to see the confidential appointment types that should only be visible to an adolescent-aged patient. How could this have happened and how could it be prevented?

Case Resolution and Attempted Solutions

Investigation of the source of erroneous accounts revealed issues with how demographic information (i.e., email address or phone number) is utilized for the account activation workflow. At our institution, the majority of account activation occurs through an “instant activation” workflow in which all patients and proxies are offered a registration link that is sent to an individual's email or mobile phone for them to complete the portal account activation (approximately 100 such enrollment offers occur per week). We have been offering adolescent patient accounts since our go-live with this EHR in 2014. In the instant activation workflow, the individual's contact information is prepopulated into the contact field for the account. These demographic workflows are built into the EHR vendor's foundation and not able to be altered at the institution level. While this vendor workflow may be very effective for adult patients whose demographic information typically belongs to the adult individual, it is a challenge in pediatrics where the demographic information is often populated with the information for the adult proxy and not the pediatric or adolescent patient. Thus, when an adolescent account is being activated, the prepopulated demographic information flowing into the registration field frequently belongs to the proxy and not the patient. Unless the demographic information is double-checked and corrected, an adolescent account will be created with the proxy's contact information.

In the hopes of reducing the activation of erroneous accounts, our patient portal team identified clinics and sites where the greatest number of errors was occurring. Specific education (tip sheets, job aids, multiple presentations at medical assistant, and front desk council meetings) and direct feedback were provided to clinics and sites regarding how to correctly activate adolescent accounts. After this education, subsequent account activation error rates were noted to remain consistently high (in the 40–60% per week range); thus, showing that the targeted education did not reduce the error rate. As a next step, our team sought to interrupt the automatic extraction of proxy information into the portal account instant activation workflow. However, due to the foundation-level nature of this function, there was no way to redirect this process. The team looked for opportunities to enable a best practice advisory to alert staff and clinicians when proxy information was being used incorrectly during an adolescent account registration. Unfortunately, there were no clear or consistent workflows to allow this process to occur in all registration workflows.

Finally, the team looked to interrupting the “instant activation” workflow itself. A logic-based rule, “the guardrail,” was created to compare the pending account contact information against the contact information stored for the proxy. This guardrail rule compares the email or telephone information on file for any guarantors, emergency contacts, or existing proxy connections to the email or telephone information that is being used to activate a patient's portal account. If there is a match between any of the fields, then the activation will not be allowed to proceed. Instead, alternate messaging indicating that the account's demographic information needs to be reassessed for accuracy will be sent to the proxy via email or mobile text with a link to more detailed instructions ( Fig. 1 ). The alternate messaging consisted of: “Your MyChart request needs additional verification. Please follow the link: <link to PDF guide > .” This process change had a minimal impact on clinic staff but did encourage them to update the patient's contact information to be the patient's instead of the proxy's.

Fig. 1.

Fig. 1

Open in a new tab

Explanatory text if there is an attempt to create an adolescent account with a proxy's contact information.

After implementation of the guardrail rule, the number of erroneous account activations in which a proxy's contact information was used for an adolescent's account markedly decreased and remained below baseline levels ( Fig. 2 ). While the number of incorrectly activated accounts decreased from 40 to 50% to below 15% from week to week, several accounts with incorrect contact information (account registered to a proxy's contact) were still able to be activated. When these accounts were analyzed, the most common reason the guardrail rule failed was when no information was populated in the patient's contact demographic fields (e.g., missing contact or guarantor records) to be used for comparison. There is an ongoing institutional effort to ensure that the guardian/guarantor contact is not recorded in the patient's own contact fields. Additionally, some accounts were activated manually by staff outside of the instant activation workflow, which bypassed the guardrail rule entirely. The mean number of adolescent account activations decreased from 17 to 15 per week (over a 4 week average) after the guardrail intervention.

Fig. 2.

Fig. 2

Open in a new tab

Percentage of patient portal accounts signups activated with an email or phone number that corresponds to a proxy before and after implementation of a rule-based check.

Lessons Learned

EHRs that were primarily designed for adults often face challenges adapting to pediatric workflows. We faced such challenges when attempting to implement multiple portal account types (i.e., adolescent vs. proxy) with differential access to EHR data. Looking for the root cause of the problem and determining a viable solution at the local institution level can run up against vendor-specific factors that are not easily modified, such as how demographic fields are used for portal account activation. Unsurprisingly, relying on educating staff and providers was an ineffective method for correcting activation issues. In our institution's case, a logic-based rule built into the EHR portal's activation workflow to serve as a “guardrail” at the time of registration helped decrease portal account activation errors.

Ultimately, institutions need to re-evaluate their registration practices to ensure that proxy contact information is not inappropriately put into adolescent patient contact fields. EHR vendors will need to help support how demographic relationships are handled for pediatric patients so that portal account registration workflows can more easily facilitate proxy accounts. This not only benefits pediatric patients, but also adult patients who may have diverse proxy preferences.

Notably, addressing this aspect of portal registration does not take into account other opportunities for adolescent accounts to be inappropriately accessed by proxies—either through voluntary or involuntary sharing of the adolescent account passwords. However, it provides an opportunity for health care providers, adolescent patients, and their guardians to have conversations around the roles and responsibilities each person plays in engaging with the patient's health care. As adolescents mature and take a more active role in their own health care management, these conversations can be invaluable. EHR rules and registration fixes are all part of a host of sociotechnical solutions that are necessary but not sufficient to address patient portal confidentiality issues. Thus, ongoing collaborative work among patients, families, informaticians, policy makers, and EHR vendors is needed to navigate the unique risks and benefits of increasing electronic access to medical records for patients of all ages. 12

Clinical Relevance Statement

Confidentiality is a cornerstone of providing health care to adolescents. To ensure adolescent patient portal accounts are activated with contact information that only the adolescent has access to, we created a guardrail system that reduces the rate of erroneous portal account activation.

Multiple-Choice Questions

  1. What challenges exist to ensuring adolescent confidentiality in the health care setting?

    1. Adolescent confidentiality laws vary from state to state.

    2. Electronic health records are generally designed for adults.

    3. Patient portals default to sending activation links to the listed contact in a patient's demographics fields.

    4. All of the above.

    Correct Answer: The correct answer is option d. All of the above are reasons why ensuring adolescent confidentiality in health care is challenging.

  2. Why is creating a guardrail which checks account activation contact against a patient's listed guarantor or emergency contact inadequate to prevent all inappropriate access of an adolescent patient's portal account?

    1. The adolescent patient's emergency contact or guarantor information may not have been entered.

    2. The adolescent patient may have (willingly or unwillingly) given their account login credentials to their guardian.

    3. The adolescent patient and their guardian/proxy may share an email account or phone number.

    4. An activation link may be inappropriately manually sent to a proxy.

    Correct Answer: The correct answer is option d. All of these are reasons why the guardrail may not be sufficient to prevent inappropriate access of adolescent portal accounts by a guardian/proxy.

Acknowledgment

The authors would like to acknowledge the hard work and dedication of all the members of our Information Systems patient portal team.

Funding Statement

Funding The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Conflict of Interest None declared.

Protection of Human and Animal Subjects

Not applicable. The case report is presented as part of a broader quality improvement initiative to ensure adolescent confidentiality in the patient portal which was reviewed and exempted by the institutional review board.

Authors' Contributions

All authors contributed to the manuscript conception and design. The draft of the manuscript was written by J.X. and J.C. and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.

References

  • 1.Sharko M, Wilcox L, Hong M K, Ancker J S. Variability in adolescent portal privacy features: how the unique privacy needs of the adolescent patient create a complex decision-making process. J Am Med Inform Assoc. 2018;25(08):1008–1017. doi: 10.1093/jamia/ocy042. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 2.Sharko M, Jameson R, Ancker J S, Krams L, Webber E C, Rosenbloom S T. State-by-state variability in adolescent privacy laws. Pediatrics. 2022;149(06):e2021053458. doi: 10.1542/peds.2021-053458. [DOI] [PubMed] [Google Scholar]
  • 3.Bedgood M, Kuelbs C L, Jones V G, Pageler N. Organizational perspectives on technical capabilities and barriers related to pediatric data sharing and confidentiality. JAMA Netw Open. 2022;5(07):e2219692. doi: 10.1001/jamanetworkopen.2022.19692. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 4.Bayer R, Santelli J, Klitzman R. New challenges for electronic health records: confidentiality and access to sensitive health information about parents and adolescents. JAMA. 2015;313(01):29–30. doi: 10.1001/jama.2014.15391. [DOI] [PubMed] [Google Scholar]
  • 5.Bialostozky M, Huang J S, Kuelbs C L. Are you in or are you out? Provider note sharing in pediatrics. Appl Clin Inform. 2020;11(01):166–171. doi: 10.1055/s-0040-1701679. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 6.Lee J A, Holland-Hall C. Patient portals for the adolescent and young adult population: benefits, risks and guidance for use. Curr Probl Pediatr Adolesc Health Care. 2021;51(11):101101. doi: 10.1016/j.cppeds.2021.101101. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 7.Society for Adolescent Health and Medicine . Gray S H, Pasternak R H, Gooding H C. Recommendations for electronic health record use for delivery of adolescent health care. J Adolesc Health. 2014;54(04):487–490. doi: 10.1016/j.jadohealth.2014.01.011. [DOI] [PubMed] [Google Scholar]
  • 8.Kanungo S, Barr J, Crutchfield P, Fealko C, Soares N. Ethical considerations on pediatric genetic testing results in electronic health records. Appl Clin Inform. 2020;11(05):755–763. doi: 10.1055/s-0040-1718753. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 9.Murugan A, Gooding H, Greenbaum J. Lessons learned from OpenNotes learning mode and subsequent implementation across a pediatric health system. Appl Clin Inform. 2022;13(01):113–122. doi: 10.1055/s-0041-1741483. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 10.Ip W, Yang S, Parker J. Assessment of prevalence of adolescent patient portal account access by guardians. JAMA Netw Open. 2021;4(09):e2124733. doi: 10.1001/jamanetworkopen.2021.24733. [DOI] [PMC free article] [PubMed] [Google Scholar]
  • 11.Xie J, McPherson T, Powell A. Ensuring adolescent patient portal confidentiality in the age of the cures act final rule. J Adolesc Health. 2021;69(06):933–939. doi: 10.1016/j.jadohealth.2021.09.009. [DOI] [PubMed] [Google Scholar]
  • 12.Council on Clinical Information Technology ; Committee on Medical Liability and Risk Management ; Section on Telehealth care . Webber E C, Brick D, Scibilia J P, Dehnel P. Electronic communication of the health record and information with pediatric patients and their guardians. Pediatrics. 2019;144(01):e20191359. doi: 10.1542/peds.2019-1359. [DOI] [PubMed] [Google Scholar]

Articles from Applied Clinical Informatics are provided here courtesy of Thieme Medical Publishers

RESOURCES