The U.S. Department of Health and Human Services has its hands full with this whole containing a disease outbreak thing.
Which meant that the release of its new rules to modernize access to medical records — controversial, much anticipated, and delayed for over a year — dropped Monday not with a bang, but a plop.
The new rules are supposed to improve the ability of patients to access their medical records. They’re intended to clear a path for common sense innovation in healthcare — such as smartphone apps for patients to manage and access their own records — by standardizing the way medical institutions store and share data.
The rules were supposed to come out in February of 2019. But amid outcry from medical companies like Epic, which is currently a major manager of medical records, the final version was more than a year late.
The new rules require four major things that medical institutions, and the creators of medical IT software, must do to be in compliance with federal standards:
Institutions can’t restrict sharing screenshots and videos of records. This is called “information blocking,” which some systems were doing because of allegedly proprietary intellectual property.
Establishes a standardized way healthcare institutions organize their data (this is called “interoperability”).
Requires some institutions to create APIs, which is the way external app-makers access data within a system.
Mandates that hospitals communicate with each other as patients move through the healthcare system.
Much of the controversy around the rules centered around access versus privacy. For example, the rules would make it easier for apps like Apple Health to access electronic health records (EHRs), which patients could then take with them from doctor to doctor.
However, when EHRs leave the care of medical institutions, they no longer get the same stringent privacy protections that they have under medical privacy law HIPAA. HIPAA mandates that medical institutions keep information about their patients confidential when they store and transmit data.
However, because it governs the way that health institutions act — not the data itself — once data leaves the hands of a hospital and goes to, say, an app, it won’t have the same federally mandated privacy protections. Some privacy advocates say that puts patient data at risk.
Speaking of tech companies, the rules are a boon to the efforts of Silicon Valley giants like Apple and Google, and healthcare startups. Streamlined access to patient data smooths the way for apps that serve patients, as well as business relationships between big tech and hospitals.
With the new rules, healthcare might finally have a chance to catch up technologically with the rest of the world. As long as we’re not all too busy hiding from an outbreak.