The Department of Health and Human Services released new rules on Monday that will make it be easier for consumers to share medical information with third-party apps, hospitals and doctor’s offices.
The move comes despite opposition from Epic Systems, a major privately held vendor of digital health records, and spells good news for technology giants like Apple, Alphabet and Microsoft, who are trying to sell technology into the health sector.
Many view the rules as a major step toward making it easier for patients to get access to their own medical records, and share that information with health app developers. It took years of work to bring from idea to regulation, health IT experts say, and countless hours of work went into it.
“It took a village,” tweeted Kenneth Mandl, professor of biomedical informatics at Harvard Medical School. “The journey began more than a decade ago.”
Privacy vs interoperability
The rules aim to make it easier for app developers to request clinical data such as lab test results or medications via standard application programming interfaces, or APIs. Health insurers backed by the government, including private Medicare plans, will also be pushed to open up claims data — the list of procedures and tests that have been billed to a patient’s insurance.
Epic’s CEO Judy Faulkner was a particularly staunch opponent to the rules, going so far as to send letters to its hospital customers to encourage them to express their concerns to the federal government. Her primary concern was that it would become easier for health developers to access — and potentially misuse — patient health information.
Epic, in a statement to CNBC, said it will read the rule carefully — it runs more than 1,000 pages — and will do so “before making any judgments.” The company said it will be looking into a few topics, in particular, including the impact to hospitals, the implementation timelines, and transparency for patients into how companies will use the data.
The American Hospital Association sided with Epic, and shared a comment on Monday that the final rule “lacks the necessary guardrails to protect consumers from actors such as third party apps that are not required to meet the same stringent privacy and security requirements as hospitals.”
But many other technology execs had come out in favor of the rules, hoping that they will reduce barriers to competition and innovation.
Cerner, one of the largest medical record companies and a competitor to Epic, acknowledged the problem in a blog post: “Despite the great strides over the past decade of digitizing health care records, barriers remain in allowing the free flow and exchange of information.”
Google Health’s executives David Feinberg and Karen DeSalvo tweeted on Monday about the positive potential. DeSalvo noted that many of her own patients had struggled to access their own medical information.
Likewise, Microsoft’s chief architect Josh Mandel tweeted that he appreciated the “clarity and pragmatism” of the rule, and offered to hash out the details via a live discussion.
Some privacy experts say these concerns are valid, but that it shouldn’t stop health care from moving in a more consumer-friendly direction.
“It was great to hear this morning on the White House call, Dr. Don Rucker (the National Coordinator for Health Information Technology) talked about smartphones and apps bringing together glucometer readings, blood pressure readings and digital scale weights to help diabetics manage their health everyday out in the world,” said Lucia Savage, the chief privacy and regulatory officer at Omada Health, a health-tech start-up based in San Francisco.
Savage said that steps can be taken to protect consumer privacy outside of the rule. Right now, she said, “there are currently about 12 bills in Congress on consumer privacy.”