In the absence of federal regulations specifically governing the collection and use of patient-generated health data, providers tend to rely on more general rules and guidelines about handling medical information.
The Health Insurance Portability and Accountability Act, which became law more than a quarter-century ago, restricts providers’ authority to share patient data with other entities and guarantees patients access to their own information upon request.
The 21st Century Cures Act of 2016 requires health systems to allow patients on-demand, fully online access to their data, including the clinical notes in their electronic health records.
But state laws with stricter rules about how healthcare data are managed, stored and transmitted complicate matters, said Aaron Miri, senior vice president and chief digital and information officer of Jacksonville, Florida-based Baptist Health. Miri is co-chair of the Health and Human Services Department’s Health Information Technology Advisory Committee.
Moreover, many companies that market consumer health informatics tools, including wearables, aren’t subject to the HIPAA regulations that traditional health information technology vendors must follow, Miri said.
Mismatched rules and the lack of comprehensive privacy and security regulations are obstacles to health systems endeavoring to incorporate patient-generated health data into clinical operations, he said.
Some health systems and software vendors are using the Fast Healthcare Interoperability Resources standard to inform how patient-generated health data sources such as scales, monitors and fitness trackers connect to clinical workflows and EHRs, he said.
Health Level Seven International, a standards development organization, created FHIR to harmonize data formats and application programming interfaces for exchanging information between systems.
In 2015, HHS’ Office of the National Coordinator for Health Information Technology initiated a project to identify gaps, best practices and opportunities for progress in the collection and use of patient-generated health data in care delivery and research. The agency is also developing a policy framework for data collected by patients. New rules on this front could be transformative, Miri said.