So far, 2021 has brought in new regulations around patient data and interoperability designed to open up patient data access in a way that could potentially transform the patient experience for the better permanently. However, there are concerns around patient interest, privacy, and security to overcome before health data (and health care in general) can truly become more patient-centric.
The changes 2021 brought us
Providing patients with easier access to their health data has been a long-standing challenge in health care. This year, as new policy makes easier access into more of a reality, there are still several obstacles remaining that might prevent any truly impactful change.
Let’s begin with an overview of the recent changes to health data policy. Patients have had legal access to their data since the early 2000s thanks to HIPAA, but there were hurdles preventing easy access, namely information blocking and inconvenient data storage. To help address these barriers, CMS and the Office of the National Coordinator for Health IT (ONC) created final rules on interoperability, patient data access, and information blocking that went into effect on April 2021.
Pertaining to patient data, the rules require (among other things) that patients be able to easily access and download their health data through third-party consumer apps at no cost with the use of FHIR-standard Application Programming Interfaces (APIs). The patient can then take their data to any provider, making data patient-centric as opposed to provider-centric. Consumer apps such as Apple Health Record, CommonHealth, and others are already in the market for this purpose.
There are potential benefits to open access for providers, patients, and researchers. Easy access to patient data can allow providers to be more efficient and accurate with patient care, lowering misdiagnoses and duplicate testing. Patients and caregivers can feel more involved in the care journey, which is a strong predictor of health outcomes. Researchers can also benefit by letting patients easily opt in to sharing their data and samples with studies, contributing to faster and more economically efficient solutions.
However, there are still major obstacles preventing the full benefits of patient-centered data from being realized. Here are several potential challenges that health industry leaders should consider as they move forward.
1. Patient awareness
Even if patients legally have access to this data, they may not end up using it. Many patients won’t think to access their data because they are not aware of their HIPAA rights. This study found that most patients did not use Apple PHR to access their data, even when they were able to – only about 0.7% of people logged into their patient portal downloaded medical records to their device. However, patient awareness could improve through the future with the increased popularity of telemedicine and other digital health tools.
2. Privacy, security, and literacy
Patient data on third-party apps have the potential to be sold or used for marketing. In 2020, organizations like the American Medical Association and the American College of Obstetricians and Gynecologists warned that letting apps handle medical records could lead to potential misuse. Consumer apps are not regulated by HIPAA, so it is unclear how they would use patient data once they have access to it. Privacy around app use would depend on each individual apps’ terms of service. This is a concern because many users don’t properly read terms and conditions or might not understand the language of the terms. To remedy this, groups are developing a Model Privacy Notice, to help developers clearly instruct users on privacy policies.
All consumer apps are vulnerable to malicious hacks or security breaches, which provider partners have little control over. Health systems could face negative consequences such as bad press or loss of patient trust if the apps they partner with experience hacking or misuse.
4. Provider hesitancy to use patient data
Providers may potentially be liable for negative outcomes related to third-party data brought to them by patients. Therefore, we expect many providers may be hesitant to upload any data into their EHR from other sources, which further limits the long term usefulness of easier patient access to the data.