Medical groups are warning that new federal data-sharing rules, enabling people to get their health records through a smartphone, could lead to invasions of privacy.
Apple’s Health Records app lets people send a subset of their medical data to their iPhones from more than 300 health centers.
Americans may soon be able to get their medical records through smartphone apps as easily as they order takeout food from Seamless or catch a ride from Lyft.
But prominent medical organizations are warning that patient data-sharing with apps could facilitate invasions of privacy — and they are fighting the change.
The battle stems from landmark medical information-sharing rules that the federal government is now working to complete. The rules will for the first time require health providers to send medical information to third-party apps, like Apple’s Health Records after a patient has authorized the data exchange. The regulations, proposed this year by the Department of Health and Human Services, are intended to make it easier for people to see their medical records, manage their illnesses and understand their treatment choices.
Yet groups including the American Medical Association and the American College of Obstetricians and Gynecologists warned regulators in May that people who authorized consumer apps to retrieve their medical records could open themselves up to serious data abuses. Federal privacy protections, which limit how health providers and insurers may use and share medical records, no longer apply once patients transfer their data to consumer apps.
Tech executives are promoting data-sharing in health care. From left, Taha Kass-Hout of Amazon, Aashima Gupta of Google and Peter Lee of Microsoft attended a conference in July for Medicare’s Blue Button system.CreditMicrosoft
Without federal restrictions in place, the groups argued, consumer apps would be free to share or sell sensitive details like a patient’s prescription drug history. And some warned that the spread of such personal medical information could lead to higher insurance rates or job discrimination.
“Patients simply may not realize that their genetic, reproductive health, substance abuse disorder, mental health information can be used in ways that could ultimately limit their access to health insurance, life insurance or even be disclosed to their employers,” said Dr. Jesse M. Ehrenfeld, an anesthesiologist who is the chair of the American Medical Association’s board. “Patient privacy can’t be retrieved once it’s lost.”
There are now many electronic medical records that allow smartphone access, such as Epic (MyChart), DrChrono, Kaiser and countless others. When retrieving medical records directly via a desktop computer your records are secure. For EHRs that are HIPAA compliant, the vendor must show compliance for desktop retrieval. If you are using a smartphone and the app provided by the institution it should also be HIPAA compliant.
Dr. Don Rucker, the federal health department’s national coordinator for health information technology, said that allowing people convenient access to their medical data would help them better manage their health, seek second opinions and understand medical costs. He said the idea was to treat medicine as a consumer service, so people can shop for doctors and insurers on their smartphones as easily as they pay bills, check bus schedules or buy plane tickets.
The new rules are emerging just as Amazon, Apple, Google, and Microsoft are racing to capitalize on health data and capture a bigger slice of the health care market. Opening the floodgates on patient records now, Dr. Rucker said, could help tech giants and small app makers alike develop novel consumer health products.
The regulations are part of a government effort to push health providers to use and share electronic health records. Regulators have long hoped that centralizing medical data online would let doctors get a fuller, more accurate picture of patient health and help people make more informed medical choices, with the promise of better health outcomes.
In reality, digital health records have been cumbersome for many physicians to use and difficult for many patients to retrieve.
Americans have had the right to obtain copies of their medical records since 2000 under the federal Health Insurance Portability and Accountability Act, known as HIPAA. But many health providers still send medical records by fax or require patients to pick up a paper or DVD copies of their files.
The new regulations are intended to banish such bureaucratic hurdles.
Dr. Rucker said it was self-serving for physicians and hospitals, which may benefit financially from keeping patients and their data captive, to play up privacy concerns.
“The moment our data goes into a consumer health tech solution, we have no rights,” said Andrea Downing, a data rights advocate for people with hereditary cancers. “Without meaningful protections or transparency on how data is shared, it could be used by a recruiter to deny us jobs,” or by an insurer to deny coverage.
When Apps Get Your Medical Data, Your Privacy May Go With It - The New York Times: