Apple's New EHR Move Puts Security Onus On Patients

By Justin Sotomayor, CompleteRx

The debate between accessibility and data privacy is not a new discussion, especially as technology continues to advance and develop. Since medical records were first digitized and the first EHR system was developed, the health care sector has had to manage and respond to issues facing health care coverage, privacy and security.

Fast forward to 2018, health care executives and chief information officers are now facing new challenges due to Centers for Medicare and Medicaid Services (CMS) regulations that dictate hospitals. Those eligible to participate in the Medicaid EHR Incentive Program must find solutions to make it easier for patients to view their health information electronically. Hospitals are, of course, motivated to meet these regulations in order to receive their full reimbursement for Medicare and Medicaid patients.

Apple has taken a lead role in providing a potential solution for health care facilities to meet these regulations with the launch, earlier this year, of an update to its health app that allows patients at select health care facilities to view and access their medical records via personal mobile devices. Prior to this app, hospitals had the absolute responsibility of compiling and either emailing or mailing this information to patients. Now, Apple’s updated app automates this process and allows patients to access a full range of their health information from a list of allergies, medications, immunizations and lab results in one location.

A recent study by a health tech startup found nearly 62.8 percent of respondents to an 800-person survey revealed they don't know where their medical data is kept or who has access to it. Since it seems many health care consumers in the U.S. have no idea where their medical data is kept, this new technology certainly has the potential to help hospitals and patients keep track of an individual’s health care data.

Currently, Apple’s health app is only linked to a selection of health care facilities; however, the push for patients to have increased access to their health records is only expected to surge, especially as hospitals are subjected to regulations that require it.

While improved access to health information across multiple providers from the convenience of an individual’s mobile device is welcomed, the advancement means patients are required to take on greater responsibility in the medical health records process, a move that could lead to compromised security or even patient harm.

As hospitals and health systems navigate the inevitability of a more automated health records process, here are five points to keep top of mind.

1. Benefits of outsourcing – This latest offering by Apple demonstrates why partnering with a third-party technology company can be the best option to assist health care facilities in meeting compliance objectives more easily. As eligible hospitals are required to comply with the Medicare and Medicaid EHR Incentive Programs – and one of the Stage 3 Objectives and Measures stipulates patients must be provided with timely electronic access to their health information and wouldn’t require an in-house custom app to be built, saving hospitals time and money.
2. More active role for patients – Viewing all of their health information in one place is, of course, easier and more convenient for patients than gathering disparate data from multiple health care facilities and providers. A potential downside in this shift of responsibility is that patients may be under more pressure to manage their own accounts at. Apple’s upgraded health app requires each patient to create a unique account (with password) for each health care facility with which he or she interacts; a failure to update account details could mean a patient won’t receive up-to-date health care information, such as test results or changes in medication, and there is no mechanism currently in place to flag this breakdown in communication with the hospital.
3. Cyberbreach protection – Information is only as secure as one’s iPhone. If an individual’s iPhone password is compromised, then his or her protected health information (PHI) would be available to anyone who could access the patient’s mobile device, leading to potential data security breaches; given that some older users might not even have an iPhone password, this becomes a viable concern. On the plus side, this technology model focuses on gathering all of the relevant information in one place and doesn’t allow patients to edit medical information, which is an important stipulation that should be maintained as further technology advancements are made.
4. Potential for slow adoption rates – According to CMS, in 2015, 55 million people were enrolled in Medicare, and the majority of those enrolled were aged 65 and older. That this population is not known for being technologically savvy should be a key consideration for health care providers as they investigate and consider how this technology should be rolled out at their specific facilities. As this technology is implemented more widely, potential take-up rates may not be high, as a selection of the population may struggle to adopt this technological advancement.
5. Limited technology – Apple is currently the only provider with the software that is conjugating the health information to one place. Until Google, Android and other companies create similar apps or options, the app’s users are limited to iPhone or iPad owners. As the need for centralized access to one’s health information will only grow, other providers will soon start offering alternative options.

About The Author

Justin Sotomayor, PharmD, serves as pharmacy informatics director at CompleteRx, a leading pharmacy management company. In his role, Justin works with hospital and health executives across the country to upgrade their information systems, while mitigating the rise in security threats.