New Interoperability and Privacy Analysis Provides Clarity to Doctors and Health Systems on Sharing Data with 3rd Party Health Apps

Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers and health systems across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information.

Some doctors and health systems have voiced concern about whether they may share patients’ data with the patient or the patient’s health app when the patient so directs. This hesitation impedes shared information and care coordination with patients. It impairs patients’ ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients’ family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people’s smartphones.

To help resolve these concerns and reassure doctors and health systems, Lucia Savage and Mark Savage have teamed up to publish a new resource to help doctors and health systems share data under HIPAA with patients and their third-party health apps. The article appears in the Journal of Medical Internet Research, entitled “Doctors Routinely Share Health Data Electronically under HIPAA, and Sharing with Patients and Patients’ Third-Party Health Apps Is Consistent: Interoperability and Privacy Analysis.” We hope this article can make a major contribution to shifting the ecosystem toward appropriate data sharing with patients for better care coordination and health.

It explains that sharing data electronically with patients and patients’ third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment, or with insurers for reimbursement. The paper illustrates basic principles and scenarios around sharing with patients and their third-party apps. Doctors routinely and legally share health data electronically under HIPAA, whether or not their organizations retain HIPAA responsibility. Sharing with patients and their third-party apps is no different and should be just as routine.

Mark Savage is Director of Health Policy at UC San Francisco’s Center for Digital Health Innovation. Lucia Savage is Chief Privacy and Regulatory Officer of Omada Health, and former Chief Privacy Officer at the Office of the National Coordinator for Health Information Technology (ONC) in the U.S. Department of Health and Human Services. The article also includes two graphics and a reference appendix of real-world scenarios of data sharing under HIPAA.