Hospital executives, with some support in Congress, are lobbying for more regulation to protect health information from unscrupulous data mongers. But HHS (the U.S. Department of Health and Human Services) is pushing forward with rules that leave that responsibility in patients’ hands.
As federal rule-makers grapple with making patient data more easily shareable, some health leaders fear that their actions could lead to a proliferation of apps selling or exploiting medical data. They worry that patients are likely to sign away their rights to data — perhaps including detailed family histories — without realizing what they're doing.
“There’s going to be new apps coming online every single day,” said Steven Lane, clinical informatics director of Sutter Health and a member of ONC's HIT (Health Information Technology) Advisory Committee. Patients should be able to access their data, but "most patients who are using these tools don’t fully understand the privacy implications.”
At the same time, it's not reasonable to expect providers to vet health apps for patients, "as it is neither a priority, a mandate, nor an area where they are likely to have domain expertise," Lane said. EHR vendors often test apps before offering them in their app stores. But it will be hard for providers to do that on their own, especially when patients are sending data to apps they've discovered independently, he said.
Federal guidelines establishing exactly what health apps can do with patient data, and how they should obtain consent from patients, could be helpful, argue Lane and other advocates for more privacy oversight. When they export their data into an outside app, patients need to know that it will no longer be protected by HIPAA (Health Insurance Portability and Accountability Act), and that the data "could be sold, and could be re-purposed, and could be aggregated and disaggregated," Lane said.