New Federal Rules Will Pave the Way for Electronic Health Records on Smartphones

Bakhtiar Zein/

Officials said it’s part of a push to give Americans more control over their personal data. 

The Health and Human Services Department finalized two highly anticipated, lengthy rules this week that’ll enable Americans to download and access their personal health records and claims data on their smartphones. 

On a call with reporters Monday, agency and administration officials detailed the new regulations, which force health care providers and insurers to offer patients their critical health information in a shareable, standardized electronic format. The hope, officials said, is to help patients make more informed health care decisions by boosting the information they have at hand—and eventually spur the development of an entire ecosystem of related smartphone apps that’ll help them monitor their health in real time from information in their health records. 

“These rules are the start of a new chapter in how patients experience American health care,” HHS Secretary Alex Azar said. “Patients should have control of their records, period. Now that’s becoming a reality.”

The rules have been years in the making, though the problems they aim to solve have persisted for much longer. Three years ago the president’s son-in-law Jared Kushner and other White House officials began hosting a series of listening sessions with health care experts, clinicians, entrepreneurs, researchers and patients regarding the top health care priorities and challenges they’re facing on the contemporary care landscape. According to Matt Lira, special assistant to the president for innovation policy and initiatives, officials in the talks “consistently heard about the need for better patient access and control over their own health care records.” These insights led to an “all-hands-on-deck effort” to tackle the issues raised, and last year, HHS subsequently launched the draft rules for public comment. 

In response to the draft rules, Azar said on the call, federal officials heard from patients whose experiences with the current health care record access status quo “were not only maddening, they were harmful to their health.” In one case, a woman needed emergency surgery for a kidney stone while traveling—but her treatment was delayed four days as she waited to obtain her records from her hometown urologist who had to fax them and mail CDs.

“So how are we going to fix this? Simply put, health care providers will be required to provide easy digital access to your records at no cost,” Azar said. “Through what are known as application programming interfaces, or APIs, you will be able to use a smartphone app to have all your health records and your health claims data at hand for use by you and your doctors.”

The rules were issued separately by the HHS Office of the National Coordinator for Health Information Technology, or ONC, and the Centers for Medicare and Medicaid Services and their numerous provisions are set to take effect at different times between now and 2022. Some of their key requirements include that patients must have the ability to access and share their medical records on their smart devices at no cost of their own; that providers and developers are prohibited from “information blocking” or anti-competitive behaviors; and that all health plans doing business in Medicare and Medicaid must share health data with their patients electronically through a secure standards-based API. 

CMS Administrator Seema Verma, who was also working with Kushner and team from the beginning of these efforts added that particularly now, “when the health care system could be under stress with the handling of the [COVID-19], the urgent need for coordinated, integrated care could not be clearer.” Offering a potential, and painfully timely, use case, she added, “think of the passengers on the cruise ship, many of whom are seniors—they may be unaware of the names of all of their prescriptions or the dosage amount—having simply taken what they needed for the journey. Under this system envisioned by these rules, they could have access to this critical information and share it with their caregivers.”

Verma and Azar also both used some of their time on the call to “rally” America’s app developers to create and deliver new electronic health record-related tools to support patients across the nation. 

“We hope to see a whole ecosystem of condition- or disease-specific apps to help patients monitor and improve their health in real time, in part by using data made available from their EHR via an API,” Azar said.

Despite what the government views as apparent needs for the “transformative” rules and for enhanced interoperability between the many players, the administration’s journey from draft to finalization was not met without backlash. Two notable critics in the process were American Medical Association and information technology vendor Epic Systems, which responded to the initial drafts with comments calling for more guardrails and a boost in patient privacy protections. 

Following the finalized publication of the rules, Kevin Lancaster, the general manager of security solutions at Kaseya, an IT management software solutions provider, told Nextgov Tuesday that what will likely follow is deeper partnerships between health care vendors and tech giants that are already “very good at securely storing large amounts of data at low cost,” and providing strong and trusted data-sharing tools that can be leveraged to provide improved patient care. But Lancaster also noted that it’s still currently “unclear who will ultimately be responsible for any [protected health information] data security vulnerabilities under these rules—the provider, the patient, the third-party apps they’re sharing their data with, or a mixture of all three.” 

“HHS leaders will need to advise on questions like these, but at the same time, companies should take as many precautions as possible to protect both their companies and their patients’ privacy in the meantime,” he said.