The Trump administration recently proposed new rules to give consumers greater access to their health information. The rules could become final later this year and they are intended to help unlock digital data held in hospitals’ health records as well as some health insurance claims. “It is removing friction points in a lot of different ways,” said Karen DeSalvo, a professor at the University of Texas at Austin. “It’s a big signal to the health sector.”
The use of electronic health records to connect consumers to their health records is a significant trend. The Wall Street Journal has reported that starting in 2011 the U.S. government spent an estimated $40 billion in stimulus money on health care information technology, according to McKinsey, encouraging doctors and hospitals to install electronic medical records systems.
The effort has not been without its problems, however. There are multiple incompatible systems, making data sharing difficult to impossible. Even hospitals in the same system may use different versions of electronic medical records and may not have agreements to share data, according to Noga Leviner, co-founder of PicnicHealth. People want complete medical records information—not just records from only one of their six doctors. “The government spent $40 billion on this and they failed” to bring those records together, Ms. Leviner said.
Maintaining the confidentiality of medical information is another issue. Many people assume that all of their health data is protected by a federal health-privacy law known as the Health Insurance Portability and Accountability Act (HIPAA). However, tech firms that get health data directly from consumers—or when they get information from hospitals or doctors on behalf of consumers—aren’t generally subject to HIPAA. Their use of consumer data is overseen primarily by the Federal Trade Commission, which focuses largely on whether companies live up to their own privacy policies.
Researchers at the University of Piraeus analyzed 20 of the top mobile health apps and “identified a large number of potential security flaws including unsecure programming practices, lack of protection of sensitive data transmission and lack of adequate encryption for protection of this data.”
Ultimately, protecting the privacy of their health data on health apps will be the responsibility of the consumer. “The patient who downloads this information absolutely must secure their device to protect their own records,” said John Kravitz, chief information officer at Danville, Pa.-based Geisinger, one of the first health systems to link its records with Apple’s Health Records app.
Apple said it won’t receive any health-record data for users of its Health Records app. Users will import their records directly from their health provider to the device. The company said the system is the same it uses for corporate email, allowing information to go from a corporate server directly to the phone without Apple ever seeing it.
If it works, Health Records could ease a burden on patients according to Dr. Richard Milani, a physician at Ochsner Health System. He envisions a future where an iPhone user on vacation away from home and needing medical treatment can pull his health records up on a phone rather than requiring the medical facility to request them.
“This is a consumer-empowerment move,” Dr. Milani said. “You’ll have all the information about you and you’ll control it, and that’s exactly who should control it.”