Abstract
Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient’s data upon the patient’s request to the patient or the patient’s health app. This hesitation impedes shared information and care coordination with patients. It impairs patients’ ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients’ family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people’s smartphones. This paper explains that sharing data electronically with patients and patients’ third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients’ third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients’ third-party apps is no different and should be just as routine.
Highlights
Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals
As the nation transitions to electronic health records (EHRs), electronic information exchange, and health apps that patients choose to help them manage their health and health information, some doctors and health systems have voiced concern about whether they may transmit a patient’s data upon the patient’s request to the patient or the patient’s health app
Even though the app developer’s conduct was outside the terms of the business associate agreement (BAA), the covered entity may retain some liability for having failed to oversee its app developer or to take action on some activity it should have known was a misuse of the protected health information (PHI)
Summary
Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. For many, there is concern and uncertainty about transmitting a patient’s data to a health app of unknown security and privacy protection and whether the physician or covered entity may be liable if the patient’s app or its developer subsequently breaches or improperly uses or discloses the data Doctors’ sharing with others for purposes of treatment, payment, and operations is permitted under the Privacy Rule [17], but doctor’s sharing with patients and patients’ third-party apps upon patients’ request is required by law [18,19] While this analysis should reassure, we must note a caveat. By “unaffiliated,” we mean entities or persons that are not legally affiliated under HIPAA, perhaps because they are an independent covered entity or an independent covered entity’s business associate
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
