Need your medical records? There’s an app for that
by Elizabeth Stawicki, Minnesota Public Radio
ST. PAUL, Minn. — If your medical records aren’t in electronic form, they will be soon.
Spurred by the Economic Stimulus Act and the federal health care overhaul of recent years, hospitals and clinics are replacing paper files with sophisticated electronic health records.
Although some systems can’t share information with each other, potentially a serious problem in an emergency, smartphones are starting to bridge that electronic gap.
Farzad Mostashari, coordinator for health information technology at the U.S. Department of Health and Human Services, knows how useful smartphone technology can be when illness suddenly strikes, as it was when his 76-year-old father visited him on Thanksgiving weekend.
“My dad comes downstairs and he has acute pain in his eye where he had cataract surgery. And I said, ‘What’s the matter, what’s the story?'” recalled Mostashari, who lives in Bethesda, Md. “And he said, ‘Well, I think they put the wrong lens in my eye, I’d gone back to the doctor and…'”
Mostashari’s father didn’t remember exactly what had happened at his last doctor’s visit, but the information was in his medical file. The problem was his father lives in Boston and his doctor’s office was closed for the weekend.
For many people, that would be a problem. How could a doctor in Bethesda, Md. access his dad’s medical record?
But it wasn’t one for Mostashari, who is leading an effort to give consumers more power over their health care with information and technology. Mostashari put his expertise to use by signing up his dad for the Medicare Blue Button, a smartphone application that downloads three years of a patient’s medical history into a simple text file. The file included names, phone numbers and addresses of physicians as well as diagnoses, lab tests, imaging studies, and medications.
He then took his father to a local doctor, and his dad was able to hand over his iPhone and say, “here’s my history.”
Mostashari predicts that soon everyone will have that kind of information at their fingertips. “Within the next 12 months if people want to, they will be able to get the same data that your doctors would send to each other to have it come to you.”
The Blue Button application is also available from the federal government for veterans as well as Medicare beneficiaries.
Before a patient can download medical information to a computer or a smartphone, the files must first be stored electronically. In Minnesota, chances of that happening are good. The state health department reports that 85 percent of the state’s 1,180 primary care clinics and 96 percent of the state’s 136 hospitals use electronic health record systems. Although only half of the clinics provide a way for patients to gain access their records online, such methods are up from 35 percent last year and expanding rapidly.
INVOLVING PATIENTS IN MANAGING THEIR OWN HEALTH
The federal health care law is designed to encourage patients to be more involved in managing their own health. Making medical records and test results accessible to smartphones is in line with those policy goals.
The floodgates have opened for patients to use technology to manage their own care particularly those that have chronic, and expensive, diseases, said Jennifer Lundblad, CEO of Stratis Health.
The non-profit organization based in Bloomington, Minn., aims to improve health care by translating research into practice.
Lundblad said smartphones and health-related applications can become powerful tools to help people monitor and improve their health.
“Some parts of health care are so complex that we need complex solutions,” she said “But some parts of health care can be simplified and with the prevalence of smartphones, let’s use the smartphone tool that that patient already has.”
But there are also risks that Lundblad and others worry about, among them the possibility that some patients may lose smartphones containing their medical information and that a company storing the health data could go out of business.
PRIVACY QUESTIONS REMAIN
To address such privacy concerns the Federal Trade Commission in February released recommendations to companies that build and sell mobile apps, not just those related to health care. Those recommendations followed a major report the FTC released about best practices for consumer privacy in 2012.
But even its most recent report noted that “many questions remain” about the applications. Among them: What information should be included in application developer’s privacy policies? What might a model short privacy notice look like? Can a single system of icons be developed to avoid consumer confusion?
Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology in Washington, D.C., said that when doctors and health plans store electronic medical information, that information is covered by federal privacy and security rules. But those rules don’t extend to medical information on a smartphone.
To protect themselves, McGraw said, consumers should look for clear statements about how the application will use the data; their rights to the information for marketing purposes; and commitments to keep data secure.
If possible, she said, consumers should find out if their device allows them to remotely delete the personal information if it’s stolen; and always use an unusual password with different kinds of symbols.
Another problem is that some physicians may not know whether records stored on a smartphone are complete, said Scott Edelstein, co-chair of Squire Sanders’ Healthcare & Life Sciences Industry Group in Washington, D.C.
“There may be some data that the patient doesn’t want to keep on their smartphone,” said Edelstein, who specializes in mobile health applications. “Maybe there’s very sensitive health information. Maybe there’s information that they don’t want other providers to know but it could be very important information for a provider to know, for example, in the event of an emergency.”
Edelstein said errors or omissions could be disastrous.
But that wasn’t the case for Farzad Mostashari’s father. The records on the smartphone turned out to be an efficient way to treat his eye and salvage the Thanksgiving weekend.
As the nation’s hospitals and medical clinics increasingly rely on electronic medical records, many patients may want to use smartphones to access their personal health information through phone apps that include Medicare blue button. But doing so carries security risks.
To help patients who use smartphone apps protect their information, Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, recommends the following:
• Determine if cellphone app makers claim rights to patients’ data for marketing purposes.
• Look for very general language that does not list in detail how your data will be used. Language such as “from time to time we will use your data…in order to improve the services we provide for you” may warrant further investigation. Graw said such language does not necessarily indicate a problem, but it does not tell consumers much.
• Look for very clear statements about how the data is used.
• Look for who owns the data, if the company will disclose it. Do you own and control your data? Or do you merely have the right to use the service, but that is the extent of your rights?
• Look for commitments on security of the data. Is the data stored on your phone or on a server?
• What are your rights to retrieve data if they cancel service? Are you permitted to have a copy of the data? What is the app provider’s right to use the data after service is cancelled? Ideally, McGraw said, companies should return all your data and not have the right to subsequently use it.
• You should use unusual passwords that employ varied symbols and numbers.
• If possible, you should be able to remotely delete data from the device if it is stolen.
SECURITY RECOMMENDATIONS FROM MEDICARE BLUE BUTTON:
• Download your data to a secure location. You may want to download your information to a CD or flash drive. Consider purchasing an encrypted flash drive for your information. You may also encrypt or require a password to access a CD.
• If you want to send your information via email, you should encrypt the message.
• Keep paper copies in a safe and secure place that you can control.
This story was part of produced through a collaboration between MPR News, NPR and Kaiser Health News.