An improvement in health technology and the use of electronic health records (EHRs) is often touted as a movement that will improve communication between physician and patient. EHRs have enabled patients to access their records online, doctors to easily access patient history remotely, and hospitals to improve patient care.
Some new devices, however, have been testing the gray area left by patient privacy and patient access laws. Under the spotlight in a recent Wall Street Journal article were new implantable defibrillators. These devices serve a dual purpose, while they can correct an irregular heartbeat in patients, new models also collect information about the patient’s heart beat for the maker of the defibrillator. This information is collected and stored onboard the implant, while wireless monitors in the patient’shome download the information and send it to the parent company for the device. The information is provided to doctors and hospitals, but not patients directly. Medical device companies are also contemplating selling the collected information to health systems or insurers so they can use it to predict diseases and lower costs.
These types of records are not covered under the 1996 federal Health Insurance Portability and Accountability Act (HIPPA), because that law only gives patients the right to access information held by hospitals and doctors. The law, which some now claim is outdated, does not cover information collected by medical device companies. In fact, one company claims that federal laws prohibit giving the data collected back to the patient, since the customers of medical device companies are doctors and hospitals.
Another privacy concern involves new smartphone health apps that have also risen in use. These apps have been praised for allowing users to do anything from collect their medical images to manage their incontinence. However, since the programs do not require FDA approval or doctor supervision, they are also not subject to HIPPA privacy or disclosure requirements.
Device and app companies contend that even if they voluntarily gave information directly to patients, the patient would likely not understand it. Implantable defibrillators collect raw data about heart rhythms, other devices or apps may report raw data to suggest a change in medication. Data of this type are typically not understood by those who have not had medical training.
This fact does not deter some patients who feel that they are within their rights to request information that is collected form their devices. Especially since as of now they are required to pay a copay and see their doctor if they want the information.
Regardless of your stance on the issues, the advice seems consistent. Be aware of what you are agreeing to when downloading smartphone apps, and work with your doctor of obtain and interpret medical device data.