Medical Record Apps Could Pose a Risk to Consumers


New consumer applications are trying to make your medical records more accessible through your smartphone. Since 2000, Americans have had the right to access their medical records with the enactment of the Health Insurance Portability and Accountability Act. However, many providers and health systems have created barriers to accessing records such as requiring patients to pick the records up in person on paper or on a CD. Now, new smartphone applications would reduce some of these inconveniences by having patients authorize physicians to send their medical records straight to third-party applications created by large corporations like Amazon, Microsoft, Google, and Apple. The United Stated Department of Health and Human Services (HHS) National Coordinator for Health Information Technology, Don Rucker, M.D., noted that easy access to medical records can help patients better manage their health, seek second opinions, and understand their costs. A comprehensive record of a patient’s medical history could also allow doctors to get a more accurate view of a patient, make a better diagnosis, and foster overall better health outcomes.

However, many prominent groups like the American Medical Association have warned that these third-part applications create privacy concerns and may put patients at risk of data breaches. Notably, health data is no longer protected under federal law when it is shared with a third-party application which means a third party is no longer restricted on how they use patient data. Unrestricted sharing of medical data could have negative repercussions on a patient such as increased insurance premiums or job discrimination, particularly when the data shared involves sensitive information such as mental health, substance use, or reproductive history.

HHS recently proposed two new rules to increase access to medical records as required by a provision in the 2016 21st Century Cures Act. One rule would require all vendors of electronic health records to use software known as application programming interfaces, or APIs instead of their current platforms. APIs allow the records to be transmitted straight to applications. The other rule, proposed by the Centers for Medicare and Medicaid (CMS), would require Medicare, Medicaid, and private insurers participating in the federal marketplace to adopt APIs so that patients could use the applications to access their insurance claims and benefits information. The rules also contain steep penalties for providers that block or restrict access to records; a practice known as “information blocking.” The rules are expected to be finalized this year and would give providers two years to come into compliance.

To read more visit:


Comments are closed.