It’s one of those unhappy holiday surprises — a visiting family member gets sick. That happened to Dr. Farzad Mostashari last Thanksgiving.
“My dad comes downstairs and he has acute pain in his eye where he had cataract surgery. And I said, ‘What’s the matter, what’s the story?'” recalled Mostashari, who lives in Bethesda, Md. “And he said, ‘Well, I think they put the wrong lens in my eye, I’d gone back to the doctor and…'” His father didn’t remember exactly what had happened at his last doctor’s appointment and the office was closed anyway.
How could a local doctor in Maryland access his dad’s medical record in Boston? Through Medicare Blue Button, a computer program that allows patients to download their medical history into a simple text file on their smartphones and personal computers. Then third-party applications that you download help organize this information.
Mostashari certainly knew how to handle his dad’s problem. After all, he’s the coordinator for health information technology at the U.S. Department of Health and Human Services, and it’s his passion and profession to promote electronic health records.
And, he had signed his dad up for Blue Button, which downloads three years of a patient’s medical history, as well as the Humetrix iBlueButton, a smartphone app that translates and displays the information in a simple-to-understand way. The file includes names, phone numbers and addresses of physicians as well as diagnoses, lab tests, imaging studies, and medications.
So when Mostashari took his father to a local doctor, his dad was able to hand over his iPhone and say, “Here’s my history.”
Mostashari predicts that soon everyone will have that kind of information at their fingertips: “Within the next 12 months if people want to, they will be able to get the same data that your doctors would send to each other to have it come to you.”
The Blue Button service is available from the federal government for veterans as well as Medicare beneficiaries.
Before a patient can download medical information to a computer or a smartphone, the files must first be stored electronically. And while electronic health record advocates note that there has been a sharp increase in the number of hospitals and doctors using EHRs, they acknowledge that a complete electronic system is a long way off. According to a 2012 CDC survey, while 72 percent of office-based physicians are using some sort of electronic system in their practice, only 40 percent of practices meet the definition of a “basic” system.
Power In The Hands Of The Patients?
The federal health law is designed to encourage patients to be more involved in managing their own health. Making medical records and test results accessible to smartphones is in line with those policy goals.
The floodgates have opened for patients to use technology to manage their own care particularly those that have chronic, and expensive, diseases, said Jennifer Lundblad, CEO of Stratis Health, a nonprofit organization based in Minnesota, which aims to improve health care by translating research into practice.
Lundblad said smartphones and health-related applications can become powerful tools to help people monitor and improve their health.
“Some parts of health care are so complex that we need complex solutions,” she said. “But some parts of health care can be simplified and with the prevalence of smartphones, let’s use the smartphone tool that that patient already has.”
But there are also risks that Lundblad and others worry about, among them the possibility that a company storing the health data could go out of business or that some patients may lose smartphones containing their medical information.
Protecting Your Data
To address privacy concerns, in February the Federal Trade Commission released recommendations to companies that build and sell mobile apps, not just those related to health care. Those recommendations followed a major report the FTC released about best practices for consumer privacy in 2012.
But even its most recent report noted that “many questions remain” about the applications. Among them: What information should be included in application developer’s privacy policies? What might a model short privacy notice look like? Can a single system of icons be developed to avoid consumer confusion?
Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, notes that when doctors and health plans store electronic medical information, that information is covered by federal privacy and security rules. But those rules don’t extend to medical information on a smartphone.
“When you take possession of it and share it, stick it in an app, share it on the web, a social networking site, it’s not going to be protected beyond what’s in the privacy policy for the app or what’s the privacy policy for the social networking site. And you need to read that,” McGraw said. “Be aware before you share.”
McGraw provides some tips for consumers who want to protect themselves:
• Determine if cellphone app makers claim rights to patients’ data for marketing purposes.
• Look for very clear statements about how the data is used. Language such as “from time to time we will use your data…in order to improve the services we provide for you” may warrant further investigation.
• Look for who owns the data, if the company will disclose it. Do you own your data? Or do you merely have the right to use the service, but that is the extent of your rights?
• Look for commitments on security of the data. Is the data stored on your phone or on a server?
• What are your rights to retrieve data if they cancel service? Are you permitted to have a copy of the data? What is the app provider’s right to use the data after service is canceled? Ideally, McGraw said, companies should return all your data and not have the right to subsequently use it.
• You should use unusual passwords that employ varied symbols and numbers.
• If possible, you should be able to remotely delete data from the device if it is stolen.
And Medicare Blue Button has these security recommendations:
• Download your data to a secure location. You may want to download your information to a CD or flash drive. Consider purchasing an encrypted flash drive for your information. You may also encrypt or require a password to access a CD.
• If you want to send your information via email, you should encrypt the message.
• Keep paper copies in a safe and secure place that you can control.
Another problem with smartphone medical records – not related to security – is that some physicians may not know whether the records stored there are complete, said Scott Edelstein, co-chair of Squire Sanders’ Healthcare & Life Sciences Industry Group in Washington, D.C.
“There may be some data that the patient doesn’t want to keep on their smartphone,” said Edelstein, who specializes in mobile health applications. “Maybe there’s very sensitive health information. Maybe there’s information that they don’t want other providers to know but it could be very important information for a provider to know, for example, in the event of an emergency.”
Edelstein said errors or omissions could be disastrous.
But in the case of Dr. Farzad Mostashari’s father, the records on the phone had pointed to the problem: “He had dry eye; that was the diagnosis.”
Then, it was an easy treatment that salvaged the Thanksgiving weekend.
This story is part of a collaboration that includes MPR News, NPR and Kaiser Health News.