“Apps frequently do not provide patients with clear terms of how that data will be used,” the American Medical Association wrote in a letter to the ONC. The American Hospital Association wrote, “We do not believe that patients should have to sacrifice data protections and data privacy in order to receive easy access to their health information.”
In a world where systems, software and data are ever more connected, figuring out how to keep health data in the right hands has become an increasingly arduous task.
The American Medical Collection Agency in June disclosed that a hacker had gained access to its web payment system, compromising demographic and financial information of more than 20 million individuals. That may have come as a shock to patients who received services from LabCorp or Quest Diagnostics, which may not have realized their data was being held by the billing collections vendor.
In November, details emerged on a partnership between one of the largest health systems—Ascension—and consumer technology giant Google, triggering a federal probe and a national conversation about patient privacy. While it appears the deal didn’t violate HIPAA, it’s opened a broader discussion on how health systems should responsibly use and share patient data.