This past January Apple announced yet another innovation: a Health Records section in the Apple health app that will allow users to gather and view all of their medical records. With this new innovation, healthcare organizations that have partnered with Apple, such as John Hopkins Medicine, can push data directly to patients’ iPhones and iPads. This is a shift away from the onus of patients to 1. enter their own health data into their smartphone or tablet. Instead their health information is being brought to them. And 2. Protecting e-health data within the hospital and payer systems.

Like any new development, there are pros and cons to this shift. On the one hand, it provides patients with a lot more autonomy and control over their health records – especially in electronic form. It also will likely give rise to further innovations in healthcare technology to support continued ease of access and convenience. On the other hand, it raises a series of questions about privacy and security.

It’s All About Convenience – Right?

A key implication of this shift is that patients will be able to more easily access healthcare outside of the systems they normally frequent. This shift will make life easier for patients by letting them track their own information in a single place—for example, patients who have a lot of lab results and want to track cholesterol or other blood levels from one visit to another.

With their health information available in a single place, patients won’t have to go through the exhaustive process of trying to track down records over the phone, emails and by submitting forms to have copies mailed or faxed. Improved access to information will also contribute to more fruitful telemedicine experiences with third-party vendors such as Teladoc or AmericanWell which let patients talk to a licensed doctor using video chat. The ability to share medical history with the doctor directly rather than trying to recount from memory can be vital to an accurate diagnosis and more aggressive care plan.

As mentioned above, this shift will also likely lead to a rise of innovations in healthcare technology. With change, comes new ideas. Companies, such as those that provide genetic testing as an example, will be able to deliver personalized interpretations of results to customers directly to their phones verses through the mail or only to a lab. Think of where apps such as can do with this? Do you see the problem here?

Wait a Minute – That Information is Private.

The problem is – many will not think past the desire to have the information they are seeking. The announcement about iPhone health records quickly raised questions about privacy and security in general. This is not surprising, considering health apps’ poor track records on user’s privacy and the extent to which people’s medical information has been exposed through breaches of late. A recent study found that only 70% of the top 100 health and fitness apps had a privacy policy and only 61% included links to their privacy policy on the app listing page. And since late 2009, over 155 million Americans’ medical information has been exposed without their permission through approximately 1,500 breaches. So WHY exactly would anyone actually WANT to use their iPhone again to do this?

Apple states that the health data does not touch Apple’s servers and comes straight from health providers—the medical records are also encrypted in transit and at rest. It is then up to the individual to protect their information – ie. Password protect their phone, never logon to a non-secure wi-fi, and never share information with others via SMS text or email. Apple has also stated that they will not be able to view your information unless the user chooses to share it with the company. Again another share on information that is notoriously hard-to-read that users commonly allow —and unless Apple makes it easy for users not to share their information, many may inadvertently share personal health records with the company. Point being – there are many points of potential failure for an individual to trip into that can expose their sensitive and private health information.

And then there is the question of iCloud. Medical records can be kept on an iCloud account but a user can choose to keep their medical records off of iCloud—keeping the data local to device. However, as history has shown with the 2014 hack of celebrity iCloud accounts, there is NO guarantee that data is completely secure on the iCloud. Bottom line – People may be at risk of targeted phishing from those with malicious intentions eager to gain access to their health records. With health records at the top of the ‘desired’ list of bad actors, this should not be under-estimated.

What’s in Store for the Future?

While this feature has been unveiled by Apple, for iPhone users, the data-messaging standards used in this system are open, so it’s likely that other platforms will be able to replicate this development—making this feature available to users with Androids and mobile operating systems. It’s quite possible that within a few years, a significant number of smartphone users will be carrying around their medical history on their smartphone. Again, while I see the huge advantage of this for first responders, ER visits, vacations and many other scenarios – the information governance, security, privacy questions take over and I cannot fathom this information being that accessible without key security measures to protect the information. How is this information shared? Is secure messaging technology used? How do we employ those safeguards in the right order? So many questions…

There is no doubt that this innovation will change how some people correspond during their daily lives, and yet it is another reminder that people need to be cautious about privacy and security. Remember the following when considering innovations for healthcare:

  1. Always make sure that your smartphone has a lock code on it and can’t be accessed by someone other than you.
  2. Read the terms and conditions of any application or program so that you know what information is being shared and with who it is being shared. Protect the privacy of your information – especially your PHI and PII.
  3. Any communication about sensitive information such as healthcare—whether for personal or professional reasons—should be avoided via SMS or email which are notoriously unsecure.
  4. Utilize secure communication channels such as secure messaging platforms like Vaporstream to communicate PHI and PII to protect your privacy.

As the world and technology continues to evolve, people’s privacy will continue to be affected – likely in both positive and negative ways. It is important to remain proactive to ensure security of your information and maintain your privacy to avoid any unwelcome surprises – both in business and personally.

To learn more about how Vaporstream keeps sensitive information secure, visit our website or contact us today.

Contributor: Kristi Perdue Hinkle