top of page

Doctors Now Required to Share Medical Records with 3rd Party Apps

Brooke Thomson

Apr 23, 2021

Most Americans have experienced the angst of a doctor’s office that can’t return a phone call or a fax that didn’t go through. Many have wondered how medical offices are still using fax machines in 2021. The passing of this bill allows 3rd party tech companies to assist in this struggle, but as is often the case with evolving technology the patient is forced to choose between convenience and privacy. The current patient portal software is archaic but medical history is one of the last private databases we haven’t completely turned over to Silicone Valley.

A key step of the 2016 Cure Act was put into motion on its scheduled enactment date April 5th 2021. The Information Blocking Ban (yes, that is an intentionally confusing double-negative) places slightly more convenience in the hands of the patient, but also comes with a set of risks and trust in big tech companies who would be providing the new services. Currently most hospitals and doctors already provide online patient portal systems where they share records with patients. Under HIPPA a doctor cannot withhold records from a patient. This part of the Cure Act is a departure from the norm because now health care professionals can’t withhold records from tech & insurance companies.

This is a bureaucratic step towards a gradual shift that is now legal for tech & app developers to be involved in our health care system on a new level. Very few people have time to set aside to read every tech company’s Terms and Conditions, as of now shifting through Terms and Conditions is the only notice most patients are receiving of this change. The shift will be slow and largely unnoticeable as most patients aren’t aware of the changes and no one is responsible for telling patients of the changes. The language around the enactment is confusticating at best (hence the title) and difficult to see immediate repercussions.

Here is the “Quick List” of implications of the changes recently in effect:

  • HIPPA: Once patients give permission for a 3rd party app to access their information, the patient’s HIPPA rights no longer apply. For example, if a patient downloads & opts into a Google app to access their records, the doctor is required to share records to the app and Google is not tied to HIPPA confidentiality. Google can then sell medical data to insurance or pharmaceutical marketing companies

  • Doctor’s Discretion: It will likely create a new relationship between doctor, patient, insurance companies, and now technology companies. It may gradually and subtly remove a doctor’s discretion on how and when sensitive information is shared.

  • What Will It Look Like: The healthcare industry isn’t going to adapt to this overnight. It’s the tech companies chomping at the bit who will likely take initiative to “widen the door that’s just been cracked open”. Companies like Amazon have already been pushing into TeleHealth services.

  • Patient vs Profit: It could also shift the patient into a more consumer role. A consequence of pharmaceutical marketing is patients are encouraged to ask their doctor for a prescription instead of the doctor prescribing based on their expertise. Opening the door to third parties like Amazon will increase the mentality that a patient is a consumer/customer over being a patient.

  • Security: A key problem on the technology side is confirming a patient’s identity via apps. There is also a risk of security breech, hackers, patient confidentiality, information sharing, data tracking, and validity of the software

  • Patient Education: It’s not specifically anyone’s job to make sure the patient is educated about this change in privacy & confidentiality

  • Exceptions (when information can be withheld): It does include 8 Exceptions. These exceptions are written with broad language and terms, making it unclear in real life what examples fall under Exceptions to the Ban or not.

  • Disclosure: This is not a Disclosure Law. Meaning enforcement and determining if a violation even happened outside the Exceptions to the ban will be on a case-by-case basis with intention being a key component to determine accountability

While prospect of accessing all health data on a smart phone does sound nice this is the beginning of uncharted territory concerning patient privacy. It is a small step towards eroding the last space of privacy not already saturated by Silicon Valley tech.

Since the dawn of this tech age, most people have been conditioned to share private information on tech platforms for the sake of efficiency, convenience, and social pressure to keep up. Medical information may sound mundane compared to the photos, voice commands, location services, and intel tech companies already collect but this does open the door for another level of tech infiltration into daily life.

To start: consider the type of medical records. A prescription for birth control may sound meaningless, but a prescription for Zoloft may trigger a different advertising campaign for that individual. Hypothetically, going off of a birth control prescription could trigger an ad algorithm around at home fertility tests. Most importantly it bypasses any patient confidentiality that's been in effect when it comes to insurance companies.

The April 5th 2021 deadline was set back in 2016, long before COVID became a factor. Coincidently, in 2021 tech companies have been racing to develop a COVID Vaccine passport. This Information Blocking Ban could in theory create a scenario where a medical professional “has to” provide patient information to a technology in order to comply with a travel ban. Travel bans have been enacted in the past for diseases such as AIDS, this could be a building block towards using an individual’s medical history (possibly but not specifically COVID) to determine where that person has access to be.

As this stands, it is perfectly legal for a patient to give permission to a big tech company to complete access and now the doctor’s discretion can’t be a barrier. The government may not be able to impose restrictions on individuals based on health records as it creates a huge human rights conflict, but private companies (insurance and otherwise) can demand verification from an app to allow those who meet certain health credentials basic rights such as entering a business, grocery store, travel, etc.

Sources and Further Reading:

1. Three Key Issues to Watch as Information Blocking Ban Goes Into Effect

2. Why Experts Say the Information Blocking Ban will be Game Changing for Patients

3. HIPPA and Information Blocking

4. Impact of Information Blocking Ban on HIEs (Health Information Exchangest)

bottom of page