- Healthcare technology continues to loom large as a key part of the present-day healthcare puzzle. But as medical professionals employ EHRs and other tools to ideally make their jobs easier, the question of supporting patient data access has become incumbent.
Healthcare technology is advancing in such a way that favors the patient, according to Micky Tripathi, CEO of the Massachusetts eHealth Collaborative (MAeHC). As technology has matured, as has health IT interoperability and health information exchange, and that has done nothing but improve patient data access.
“We’re now finally at the point where patients are starting to have access to a set of tools that allows them to exercise the right that they’ve always had,” Tripathi said in an interview with PatientEngagementhIT.com.
Patient data access is indeed a right patients have always had under HIPAA. The HIPAA privacy rule states that healthcare organizations must grant patients access to their own medical records in a reasonable amount of time for a reasonable, labor-based fee.
“But that’s a painful process in a paper-based world,” Tripathi pointed out. “That involves going to the medical records department and getting a stack of papers. What are you going to do with that information? It’s not really useable in any way. It’s certainly not portable, except that you can put a stack of papers in the trunk of your car and then go do whatever you’re going to do with it. But it’s not really meaningful from that perspective.”
Interoperable EHRs and patient portals have streamlined this process, making patient data access almost entirely digital and opening up opportunities in the patient engagement space.
Patient portals, for example, have become increasingly popular in recent years. Portal benefits span more than just the reimbursement dollars hospitals earn from patient data access, as patients become more activated and involved in their care when they can see their health information.
About 90 percent of clinicians and hospitals offer patient portal access, and although subpar patient adoption presents a challenge, industry leaders are eagerly working on what’s next for patient data access, Tripathi said.
Case in point: the emerging news related to Apple Health Records.
“We’re in a great position where both the technologies are in place and the work has been done on the standards to make that data available in a more or less uniform way,” Tripathi explained. “We are starting to see involvement from market players that we’re very well used to in other walks of life, like Apple.”
In January 2018, the technology giant announced that it will make patient health data available in an encrypted app as a part of the iOS suite. The app will work similarly to a personal health record, where patients can download all of their health information using application programming interfaces (APIs). This data may include patient portal data or patient-generated health data from mHealth apps.
These capabilities are made possible by the work done on standards such as FHIR, the Fast Healthcare Interoperability Resources standards, Tripathi noted.
The advancements on Apple Health Records may also remedy burdens some patients face when they have multiple patient portals. A patient with complex chronic health needs may have a patient portal for their primary care provider and numerous specialists, an issue Tripathi said might be cumbersome for some patients.
Although he acknowledges that this is not the biggest hurdle – after all, patients with complex health needs may face 30 seconds of frustration followed by endless care coordination and patient data access support from multiple portals – he does maintain that this issue warrants address.
“It’s a convenience issue, and it’s something that we need to solve,” he said, noting that Health Records can streamline a patient’s multiple portals through use of plug-and-play interoperability standards.
“And there’s no reason this is limited to the iPhone,” Tripathi added as a caveat. “The great thing about what Apple did is they based that on open standards,” meaning that other smartphone developers can follow suit.
This is one way to solve the multiple patient portals problem, Tripathi said. Health Records and the inevitable software that will follow allow patients to download records onto the system of their choice, and then the patient can aggregate that data and do what they want with it.
But there are still more pieces to the puzzle, Tripathi cautioned. It is indeed a positive step that patients can download their medical records onto a patient-facing device, but that is all this is. Like the stack of paper records sitting the trunk of a car, health information now sits in an app until the patient decides to send the data to another provider.
This, too, will open doors to innovation and patient activation, Tripathi predicted.
“Now we’re going to see over the next few years all sorts of app developers and others who are going to say, ‘Well, now that a patient has access, we can develop a cool set of apps and things that let patients actually do something that’s meaningful to their lives using that data,’” he said.
But as patients assume more ownership of their own health data, especially via their own devices, careful consideration must be made for accountability and data privacy.
Currently, a significant amount of patient health data is considered protected under HIPAA. When a covered entity – in most cases a healthcare organization – mishandles and breaches that information, they face legal and financial consequences.
“But the minute that data gets outside of the provider organization and onto your phone, for example, now it’s in the patient’s hands. It’s no longer protected by HIPAA,” Tripathi explained.
There are few regulatory safeguards that would protect patient data should it fall into the wrong hands. For example, if a patient unwittingly allowed a third-party app to access data stored on a medical records app, there would be limited accountability.
It is up to industry leaders to develop those standards, Tripathi added.
“It may take industry leaders like Apple, for example, setting a standard that says we are going to abide by a certain set of principles that are not going allow apps to have information available from medical records that are on the phone,” he stated. “That hasn’t developed yet, but that’s an important consideration.”
The healthcare industry will continue to connect patients with their own health data with the least amount of friction. Currently, mobile options such as the Health Records app or mobile-optimized patient portals hold the most promise. It will be essential for industry leaders to create safeguards that account for those tools.
“We need to figure those issues out and patients need to be aware that their information is not protected in a way they might think it’s protected by HIPAA,” Tripathi concluded. “Once data is in their hands, it’s absolutely not protected.”