WavebreakMediaMicro - Fotolia


Medical records privacy a concern with increased mobile use

More consumers are using their mobile devices to access their medical records, but there are concerns about the security and privacy of health data stored on these devices.

When Apple, Google and Samsung decided to assert their dominance in the smartphone marketplace and introduce healthcare-related apps and services, the results were predicted to increase patient engagement since millions of consumers use their devices. Having dominated the mobile market for several years, these companies can take advantage of their position and benefit from delivering healthcare apps to their users to add value and attract more customers. However, this increased use of mobile devices to interact with health data is raising serious concerns around medical records privacy. Questions about security may impact what path patients take when it comes to whether or not they will use their mobile devices to maintain their health data.

PHR platforms emerge, but fail to catch on

Today, EHR platforms are likely to have a portal that allows patients to interact with their health data through the web. This functionality has finally reached a level where almost all patients can request and access their medical records in a digital format. However, due to health organizations using different EHR platforms, a patient may interact with several different web portals and data formats across the different physicians or health organizations they receive care from. To address that, a number of online services like personal health record (PHR) portals were introduced to manage and consolidate patient data coming from multiple sources in one platform, giving the patient a centralized repository for their data.

Unfortunately, in the past PHR platforms did not gain significant traction due to a lack of interoperability and unified standards among extracted health records. Patients relied mostly on their hospital or doctor's office web portal to interact with their chart. In recent years, due to the push from the Affordable Care Act and other federal programs in healthcare, EHR vendors have been encouraged to meet interoperability requirements. Large players like Cerner, Allscripts, Epic and others have all actively built connectors with FHIR to enable seamless connectivity and health information exchange across multiple systems.

Vendors offer health record access

As a result of the new integration capabilities, Apple and others have decided to take advantage of those flexibilities and formed partnerships with some of the large health systems in the U.S. in order to have access to the newly available data -- with patient consent -- and bring it down to their device.

Today, an iPhone user can request a copy of their data through Apple's native Health app and receive their record from one or multiple healthcare organizations by following a few easy steps that confirm their identity and the location of their records. Once the information is processed, it is then organized into different sections such as labs, vitals, notes and other areas. The app also keeps patients up to date when new data is available as a way to alert them of any relevant changes to their condition or data. Samsung and others offer similar functionality within their devices and apps, in addition to supporting data collected from wearables and other health devices that can connect to the smartphones.

Concerns around privacy of medical records

To ensure compliance with HIPAA and meet security requirements that address medical records privacy, Samsung, Google and Apple have all implemented encryption around the health data being used. In Apple's case, all the data relating to the health app is encrypted during transport and at rest to further ensure medical records privacy.

However, there are concerns about medical records privacy when storing health data on a mobile device, especially when there have been reports around devices like the iPhone not being hackproof. There have also been instances where government agencies have used software to unlock mobile devices of users. While health data in the hands of a government entity may be not a major problem, the technology used to do so can have a much bigger impact if it falls into the wrong hands. This not only puts health data at risk of exposure, but also other data like social media, passwords, financial data and so forth.

Another concern around medical records privacy comes from the potential risks associated with healthcare data being stored with the likes of Apple, Samsung and others, which can pose a bigger threat if a data breach occurs. In recent months, the data breach experienced by MyFitnessPal sent shockwaves to sports enthusiasts who relied on the service to track their fitness activities and diet. The breach affected roughly 150 million users, causing significant concerns around the company's ability to safeguard personal information and also raising concerns of the possibility of other apps that store health data being targeted.

With less technical obstacles around data exchange and interoperability, sharing health data regardless of its source or EHR with patients through mobile devices and web portals will encourage patient engagement with their data and healthcare provider. But as health records find a second home on mobile devices and in the cloud, medical records privacy and security concerns will continue to be one of the biggest concerns and challenges for those deciding on whether or not a copy of their data should be sent to their smartphones.

Next Steps

Learn about the concerns and benefits surrounding Project Nightingale

Dig Deeper on Healthcare IT systems and applications

Cloud Computing
Mobile Computing