Its interesting that the opponents to the proposal are those that have a stake in the status quo. No consumer group has voiced a disagreement to the proposal.
3
I disagree. If hospital groups such as were to weigh in, you could argue they benefit from the status quo. Doctor groups on the other hand, including AMA and ACOG, are generally supportive of patients having easier access to their own data. And it's not unusual for them to take stands in support of patient rights and medical ethics more broadly. I suspect that consumer privacy groups just haven't seen this particular issue on their radar, in part because healthcare is seen as a small niche in the IT world.
5
No one is (credibly) arguing against letting patients control access to their own medical information. The problem is that given current technology, law and business practices, personal control of online information is an illusion. End-user licensing agreements are incomprehensible, de-identification is easily reversible, and business models are explicitly based on exploiting private information. There’s a safe way to connect personal health information into the app economy, but it would require an approach similar to what’s in place for medical research. First, true informed consent at an 8th grade reading level, rather than EULAs written in legalese. Second, robust mechanisms for additional protections of vulnerable populations (children, elderly, etc.). Third, extreme transparency and auditability of corporate use of data (marketing might be ok with patient consent, but use for insurance actuarial purposes wouldn’t). Finally, prohibitions on data trafficking (resale of data). The current app marketplace isn’t remotely close to any of this.
33
Here, here! Well said.
2
Once again we are presented with a false dichotomy. Either reveal everything to everybody, or make no progress against healthcare price chicanery. This arises from a political process where lobbyists set the rules for legislators. If we do not reign in this process it soon won’t matter who we elect- they will all be controlled by political contributions. We must have publicly financed campaigns of limited, defined duration if we are ever going to eliminate this sort of erosion of democracy.
14
I was wondering about the privacy policies of companies like Quardio Arm, which allows you to send BP information to your Physician remotely.
I had considered purchasing one but now it gives me pause. How can we know for sure that they aren’t selling our medical information beyond the fine print in their privacy policies?
That’s one issue the article didn’t really seem to answer.
7
The reason that the medical community opposes sharing of medical records with the true owners of the data - us patients - is the same reasons that FaceBook won’t share their algorithms. Data is power; data is money; data is control. When a doctor or hospital has a patient’s records the patient has to go to that healthcare provider for care. “Patient Engagement” means owning a revenue stream.
If you have a complex disease requiring multiple providers, try getting everyone to share your care plan and labs across offices - even in the same health system. Good luck.
It is almost impossible to coordinate care because electronic health records are purposely not interoperable - they don’t talk to each other. Epic is the #1 hospital EHR. Epic keeps their application programming interface (API) closed to prevent data sharing across systems.
Oh, and it would certainly be interesting to see the insurance billing and adjudication records that detail the money trail.
Security concerns and HIPAA regulations are designed to protect the patient, not to prevent patients from accessing and coordinating their personal health (and healthcare) information.
Richard Purcell
President
DNA Healthlink, Inc.
Red Bank, NJ
7
Yeah, nice argument. I’d rather not share my personal health data with your form nor any other Facebook type app based organization, this includes your affiliated dna data mining company.
17
What this article fails miserably to point out is that HIPAA does not apply to any third party app chosen by a consumer to receive his or her health records and thus there is no HIPAA-like protection for our health data once downloaded or into a third party app chosen by the consumer. These apps will be "free" to consumers because the money in having access to "big data" is made on the backend. Google, Microsoft and the 100s of app developers who will be offering consumer health records apps are very eager to have access to our most private health information. There is no federal law that prohibits these third party apps from sharing the health information downloaded by the consumer into these apps with any other third party. Likewise, there is no federal law like the HIPAA Security Rule that subjects these apps to fines for a lapse in security. I, for one, am not about to share my gynecologist medical records with a third party consumer health app. Sharing my heart rate, exercise and sleep data with Fitbit is one thing but sharing my actual medical history with a third party not subject to HIPAA is quite another. As a data privacy and security lawyer, I'm alarmed at how the federal government is putting the cart ahead of the horse, i.e., not first ensuring there are adequate federal data privacy and security protections in place to require the tech industry to protect our data from access by additional parties without express authorization by the consumers.
26
If there was any doubt about the movites of the medical organization reasons for being agaisnt this, here is the proof:
"Physicians’ organizations and others said the rules failed to give people granular control over their data. They added that the regulations could require them to share patients’ sensitive medical or financial information with apps and insurers against their better judgment.
The current protocols for exchanging patients’ data, for instance, would let people use consumer apps to get different types of information, like their prescription drug history. But it is an all-or-nothing choice. People who authorized an app to collect their medication lists would not be able to stop it from retrieving specific data — like the names of H.I.V. or cancer drugs — they might prefer to keep private."
The physicians and medical organizations have been preaching for YEARS that being HIV positive is not something to be ashamed of ..
YET. Here they are reversing themselves.
For my part, I would really LOVE to be able to get ALL my health information and test results particularly in the same place so there would no longer be any need for new blood work at every specialist visit. The money savings from just this alone would be staggering.
5
@Blank Ballot: Your point is not well taken. The example that refers to H. I. V. drugs comes from the author of the piece, not from the physicians's organizations referenced in the previous paragraph. And there is nothing inconsistent between a physicians group stating that being H. I. V. positive is nothing to be ashamed of and an individual patient wanting to keep portions of their medical records private. Even a person who is not ashamed of a medical condition can still be discriminated against because of that condition. I agree that it would be helpful to get all of one's health information in one place, but nothing about recommendations for more granular control over information sharing would prevent that. And while greater sharing could reduce costs (and improve care) it also opens the door--as this piece so clearly points out--to theft of personal data, invasion of privacy, and discrimination of multiple kinds. I think we should take those problems seriously. It's not clear yet that the information technology industry can deliver an effective solution for medical data sharing and we're likely to lose control over our personal information well before they get it figured out.
7
The Apple Health app may have some particular problems, but they are a wisp in a hurricane. Privacy as we have known it in American culture has been based mostly on physical secrecy - and that no longer exists. Some degree of anonymity might be gained if medical data were entirely demonetized: that is, if there were no money to be made by knowing about your sickness or health. This could be attained within third-party payment systems by mandatory community rating or by single payer; fat chance that. And that still doesn't address discrimination by employers and the like. As long as data have monetary value, our market-based economy will make data accessible.
Sorry. Get used to it. Find ways of subverting its consequences, if you can. Or stop worshiping St. Market.
10
My local doctor's office tries to have me sign up to get access to my medical records by email. Duh!
They keep saying it's a password protected site and the data is secure. Duh!
I just tell them my computer is not secure no matter how secure they think their system is. The high school diploma educated staff don't know squat about computer security.
11
Why does anyone think that the current state of healthcare data stewardship is good? Healthcare providers, networks, ACO's, insurers, etc. all monetize our healthcare data. They make decisions on coverage and treatment from patient healthcare data (much of which the patient never sees). Clearinghouses and billing companies routinely package and sell patient data down to the specific procedure, medication and doctor's office. The only people that can't get their data easily are the patients. Hospitals and insurers are being hacked daily with millions of patient records exposed each year, and they are our bastions of security? I think not... I'm all in favor of privacy regulation, and that should happen in parallel, but this constant administrative burden placed on patients to easily access their records has to be addressed, and apps based on uniform standards is a good way to start.
8
Not sure that this article is fair to Apple's Health app and the Health records feature, based on their business model and privacy policies. Do you know of ways in which this app is actually dangerous vs other apps? Why single out Apple who have made privacy a core offering of their products vs data monetising Google? The article is to be commended for pointing out the need to limit some of the worst practices insurance and drug companies and employers. But what it is missing is actual examples were third party apps are sending data against their user's desires to parties that might abuse it based on their unequal market power. Further, nothing hear about the weak security that can be found in most doctors or hospitals and their IT providers that have caused some of the worst abused and loss of identity and sensitive data?
7
This will continue until we hold our politicians accountable for failing to pass a universal privacy law banning unwarranted surveillance.
9
All my doctors have online portals where they post test results or examination or procedure summaries. They all urge me to post additional information or fill in various fields. But they are all incompatible, or at least cannot exchange data with each other. Each one is operated by a different service company, and as far as I know they are totally unscrutinized regarding privacy or security. The doctors post information there without my specific consent, since they're the clients of these systems. My pharmacy is in another system. Frankly I don't believe much of this is reliable or secure, because I'm the only stakeholder who would care, and I don't have any control. And if they sell my information (some of which is erroneous), I'll never even know.
17
Medial record privacy- I don’t get it. The hysteria about secrecy has made my life as a patient and as a physician much harder. Consider the huge industry which has grown as a result of the perceived danger- it is enormous, and it substantially interferes with the sharing of information among several providers. If unscrupulous people misuse it somehow, let’s make laws to go after them, but right now the feared misuse is much worse than the actual injury.
7
@Albert Stroberg The hysteria? Because if I'm a prospective employer who gets access to sensitive information about my employees or potential employees I'll totally do the honorable thing and not factor that into hiring decisions, right?
22
@Helene or if I'm an insurer who can gain access to records older than 10 years (as is prohibited by law), I'm not going to use it to make insurance completely unaffordable or just outright deny you coverage?
14
@Albert Stroberg I completely agree. Patients do not realize how much research is being held back by data privacy laws that have hamstrung researchers. How many people are dying because nobody got to make a discovery due to data privacy.
Does anyone ever consider that cost?
3
How surprised would you be to learn that HHS's point man for the new rules, Dr. Don Rucker, is a Trump administration appointee with strong ties to the medical Big Data biz via Datamedic and Siemens?
37
@JL Williams Even Trump appointees can be correct occasionally. What exactly are the agendas of the crowd blocking this? Jus a tiny bit of self-interest by hospitals and the AMA?
Surprise, surprise, the gators are filling the swamp.
(I think it's, at this point, unethical to continue using the "Dr." title for people who willingly serve the loser's anti-science, un-American, pro-corporate regime. I will only call him "Rucker"—or perhaps "pharma lackey".)
7
If anyone thinks that tech companies will not try to monetize the information they collect, regardless of their "privacy" policies I have a gently-used bridge to sell you.
39