New HHS Rules Ease Access to Digital Patient Health Data

New federal rules issued by two agencies within the U.S. Department of Health and Human Services (HHS) will make sharing personal health data with apps, doctors, and hospitals easier for patients.

Under these new rules, app developers and other authorized parties will be able to digitally connect with hospitals and doctors’ offices to pull data such as medications, vital signs, and lab test results. One rule includes a provision requiring hospitals that wish to participate in the Medicare program to provide digital notifications to other health-care providers when enrollees are admitted, transferred, or discharged starting April 1, 2022.

Other changes may force more disclosure about apps’ privacy policies to consumers, who might be able to collect information from their insurers and all the doctors and health care centers they visit in a single smartphone tool. “This will allow [patients] to have their complete medical record at their fingertips,” said Centers for Medicare and Medicaid Services Administrator Seema Verma.

“It will be absolutely transformative,” Kenneth Mandl, MD, MPH, Harvard Professor and Director of the Computational Health Informatics Program at Boston Children’s Hospital, told The Wall Street Journal. “No one can get data out of [electronic health records] into applications in a standardized, effective way, so we don’t get innovation at scale.”

However, hospital trade groups objected to the rules’ privacy provisions, which they say leave patients vulnerable to misuse of their data. “Hospitals are held to high standards to protect our patient privacy and security,” Chip Kahn, MPH, CEO of the Federation of American Hospitals, said in a statement. “Apps should be too.”

Unlike physicians and health-care organizations, tech firms that access consumer health data directly aren’t subject to HIPAA but are generally overseen by the Federal Trade Commission. “There is a legitimate concern that people will be sharing their sensitive health information with organizations that can use and sell that information however they want,” said Joy Pritts, JD, a consultant and former federal health-privacy official.

“We do not think appropriate guardrails have been put in place,” said Ashley Thompson, Senior Vice President of Public Policy Analysis and Development at the American Hospital Association. “[These are] patients’ most sensitive health data.”

Sources: The Wall Street Journal, March 9, 2020; HHS press release, March 9, 2020.