Health Data Security
Health Information Privacy
Apple’s announcement last week that the newest version of its mobile device OS, iOS 11.3, brings a feature for viewing medical records from iPhones has rekindled a lot of talk of health information privacy and breach concerns. Funny thing is, access to the data is not new—the only part of the feature that’s new is consolidation. Can that be bad?
This new Apple offering mimics, to some degree, an initiative that’s been in the works for years now on the institutional level, worldwide (in the United States, it’s called the Health Information Exchange, or HIE). And, Apple’s new offering uses the global HL7 FHIR (Fast Healthcare Interoperability Resources) specification to get there. The key difference between the HIE and other initiatives like it and Applie’s health application is that the consumer of the iOS Health app is the patient him or herself; the consumer of the HIE is the hospital or medical practitioner. The beneficiary, in both cases, really is the patient.
The impetus behind the HIE is better, faster, more efficient medical care—leading to better patient outcomes. The challenges to getting HIE’s off the ground have been mostly due to proprietary systems and lack of interoperability, security concerns, and more. Big hurdles. The benefits, though, are pretty clearly worth the trouble posed by transition.
As recently as five years ago, a person involved in a serious accident would likely be taken to a community hospital for initial stabilization and triage. Then, if it was determined there that the patient required higher-level care at a specialty or trauma center, that patient would be transported in a helicopter or ambulance to that trauma center with films or a CD of radiologic studies done, and other records would be faxed or carried with the patient as well. It’s easy to lose records sent in that way, and that delays care (and, ironically, raises privacy issues as well). It also can cause repeats of tests and procedures already done, costing money and compounding the risks of procedural side effects on top of that delayed care. HIE’s provide a means for access to that important information across medical care facilities and differing electronic health records systems so that clinicians have easy access to patient information where and when they need it.
The economics of health records sharing across medical providers show a pay-off as well. Repeated tests are a big deal, economically: imaging costs alone amount to more than $100 billion per year, and 10% of these exams—$10 billion worth—tend to be duplicative or unnecessary.1 And, imagine the effect that easily-shared medical records might have on the United States’ much-publicized $500 billion opioid crisis.2
Apple’s consumer-friendly medical records access consolidation will make it easier for some patients to be active participants in their medical care and treatment management; HIE’s take it to the next level, enabling access by those treating the patient so that they can make good, well-informed decisions and act on them quickly. How do we do all of this and still keep this extremely private data private? We must insist on tightly-controlled access and durable, accessible data storage to make these health information exchanges work. While laws around the world vary on retention, data should be retained as long as possible—ideally for the patient’s lifetime—to make the most of all of that valuable information.
1. Source: Frost & Sullivan, via The Data Center Journal: WHAT’S NEXT FOR THE HEALTH-CARE DATA CENTER? Morris Panner Apr 6, 2015
2. Source: The Underestimated Cost of the Opioid Crisis, the Council of Economic Advisers, November 20. 2017