Health record advisory groups divided over patient data control
A pair of federal advisory committees approved privacy recommendations amid debate over whether patients or practitioners should control the sharing of health data.
The federal government's push to move health data to electronic platforms is based in part on the premise that consumers should have control over their own information.
But deep in the policy weeds, there's some dispute among practitioners, vendors and developers about how much control patients should exercise over their health information.
The Health IT Policy and Standards committees, which act as advisers to leaders at the Office of the National Coordinator for Health IT (ONC), narrowly approved a set of recommendations that provide a path to regulate and, to a certain extent, standardize how qualified health records and user-facing apps share data via application programming interfaces, which are pieces of software that conduct transactions between data sources and applications.
The committees' API Task Force said the recommendations are confined to read-only disclosures of patients' health records via mobile applications, and they seek to balance privacy and the input of a medical professional with a patient's autonomy over personal information.
Of the 28 eligible voters, 13 voted in favor of the recommendations, 10 voted against, and five abstained.
The co-chairs of the task force, Josh Mandel and Meg Marshall, said the recommendations give specialists the chance to provide their professional input in the shared decision-making process, but patients should ultimately have control over their own health records.
"The patient has a right to access and...a provider has a right to educate and to warn," Mandel said.
However, those who voted against the recommendations argued that if health care providers believed certain apps could cause harm, they should be allowed to block patients from sharing medical information via those apps.
Health IT Policy Committee Co-Chair Paul Tang said not empowering health care providers to override patients’ attempts to share information via apps made him nervous. "There are lots of things we do in the public's interest because it's too complex" to expect consumers to make informed decisions, he added, and drew a parallel to requiring airbags in cars.
Paul Egerman, a member of the Health IT Policy Committee, also expressed concern about giving too much responsibility to patients in an area outside their expertise. "Provider organizations should be able to block any app that we simply think is not beneficial to the patient," he said.
An open-data exchange doesn't mean health apps would be unregulated. Such tools are governed by a web of legal and regulatory compliance demands that are enforced by the Food and Drug Administration, the Federal Trade Commission, the Department of Health and Human Services' Office for Civil Rights and more. In fact, the report advocates that ONC look for ways to streamline legal obligations into "a single, simple, comprehensive oversight framework mechanism that would address the needs of the patient-directed API ecosystem."
ONC is under no obligation to accept the recommendations of the task force, some of which, such as a regulatory refresh, would require legislation to fully implement.
Dissenters on the Health IT Policy Committee plan to issue a minority report that will state their objections for the record.