How portal friction affects patients, providers, and care teams

Patient portals are meant to give people access to their records around the clock and a secure way to message their providers. The problem sets in when the systems become a choke point because of the challenges that come with portals. Long login processes, among other things, can leave patients at a standstill, making patient portals an unnecessary headache. When providers and staff need to focus on other tasks, they help out by triaging portal questions by phone or email. The results indicate a series of portal frictions that slow everything down.

What is portal friction?

The phrase portal friction is used to describe any additional step or complication that gets in the way of a patient getting the information or service that they need. The reason behind it could range from confusion in navigating the portal itself to poor mobile devices that hinder patients without desktops or laptops.

A JMIR Human Factors study of 734 adult portal users across 20 care settings found 1,589 qualitative comments, including 179 comments about difficulties using portal functions. About a quarter of participants described problems with portal use, including delayed eMessage responses, difficulty finding information, and uncertainty around communication features. The same study found eMessaging was the most preferred portal feature, yet also the most mentioned source of difficulty, a useful warning for healthcare teams relying on digital communication as a default workflow.

Among participants who reported portal difficulties, about 12% struggled to find test results or visit summaries, while 4.2% specifically mentioned the log-in process as a problem. The researchers also found that users who experienced difficulties had lower perceived usability scores.

How portal friction lands on patients

In another JMIR qualitative study of low-income and limited-English patients, 88% of participants expressed interest in using a portal prototype, yet they also named major barriers: security worries, lack of tech skills, and a preference to talk in person. A recent survey on the patient experience with MyChart found that among non-users of a new MyChart portal, 59% said they simply weren’t aware it existed, and 32% said registration was too difficult. Encouragingly, 54% of those non-users said they would consider using MyChart if they had more help or information.

Portal problems, unfortunately, might make a diabetic patient skip a non-urgent refill request, or it might turn a quick question into an appointment or ER visit. Vulnerable populations suffer the most. It has repeatedly been shown that older adults, people with limited English or health literacy, and those without internet access use portals far less.

For instance, in a journal article Insights Into Patient Portal Engagement Leveraging Observational Electronic Health Data, looking at 250,000 patients over age 50 with chronic conditions, only 61% activated their portal and 54% ever logged in. One particular finding was interesting: “Portal engagement was significantly lower among patients 65 years and older, Black patients, and non-English speakers (Somali, Spanish, Hmong) compared with younger, White, and English-speaking patients.”

See also: Patient portals vs. email: Comparing security, costs and implementation

Why does the workload shift to clinicians and staff

Portals can replace some clinic tasks, but often at the cost of creating new ones. A good example is how the volume of secure messages goes up as more patients get portals, as shown in the study, The impact of secure messaging on workflow in primary care. In a large system, the study found that the total number of patient emails to doctors nearly tripled over a few years as portal use increased (though the per-patient rate actually leveled off). Clinics that don’t have a plan for this end up with flooded inboxes.

The MyChart study showed that physicians saw the potential of portals: 62% of providers agreed that portals could improve patient safety by keeping patients informed. But only 42% said portals really helped improve care, and many were concerned about the added workload. Portals can enhance communication for some patients, but they can also be a double-edged sword for nurses and receptionists, adding their own coordination work behind the scenes.

The real way this affects care

Ascension’s May 2024 cyberattack reportedly started when an employee accidentally downloaded a malicious file that disrupted systems, including MyChart. The operational impact was felt later with staff having to manually track procedures and medications, non-emergent procedures being placed on hold, and emergency services re-routed to avoid delays.

Paubox’s 2025 Healthcare Email Security Report analyzed 180 email-related healthcare breaches from 2024 and found that 43% involved Microsoft 365, ransomware attacks targeting healthcare had increased 264% since 2018. One malicious file or compromised workflow can be more than an IT problem. In healthcare, it can quickly affect access to records, ordering of prescriptions, patient communication, scheduling, and emergency operations.

Where HIPAA compliant email fits into the picture

A landmark study of older patients with limited tech comfort found that setting up a new portal or app felt complex to them, while nearly half (46.6%) checked their email at least weekly. Sending a patient a HIPAA compliant email (like through Paubox) means no new account and no new password. The patient simply receives a link or encrypted message in their regular inbox, the way they’d get a bank alert or billing statement.

From a clinical standpoint, email also lets providers write longer responses or attach files (like a completed after-visit summary) that might be awkward in portal interfaces. And because each message arrives without login friction, patients are less likely to miss it. Staff still record the communication in the EHR, which prevents HIPAA violations and smooths the patient experience.

FAQs

Does HIPAA require all patient communication to happen through a portal?

No. HIPAA does not require patient communication to happen only through portals.

Is HIPAA compliant email safer than a patient portal?

Patient portals can be secure, especially when built into certified EHR environments. HIPAA compliant email can also be secure when it uses appropriate safeguards for electronic protected health information (ePHI).

Can a provider send PHI by regular unencrypted email if the patient asks for it?

Yes, in specific access situations. An individual has a right to receive a copy of their PHI by unencrypted email when they request access in that manner.