On September 9, 2014, Apple unveiled its new iPhone 6 and iPhone 6 Plus as well as several new health applications (apps) meant to provide a plethora of health services, communication, and tracking options for Apple users. While these apps were designed to bridge the patient-client divide and advance the health care options of users, will users also expose themselves to privacy and information stealing data in the process? Although Apple has explained the means these apps employ to overcome privacy and confidentiality concerns, do these measures, especially when considering the recent security breaches in the health information industry, go far enough?
New Apple Apps and Devices
Along with the release of the new Apple phones, the company introduced a smartwatch that has been reported to “double as a fitness device that can track steps, calories, and heart rate, among other things.” Additionally, the new operating system that is slated to be introduced with the new versions of the iPhone, the IOS 8, will include an app called Health, which will serve as a “dashboard for health and fitness information such as heart rate, calories burned, blood sugar, and cholesterol, plus lab results and medications.” Finally, HealthKit, the new tool for developers, allows them to share users’ health care data, if the user so chooses, according to Apple.
According to a CBS report on the new Apple device and app launch, the introduction of these systems have the potential to “revolutionize health care.” HealthKit, which was designed by Mayo Clinic doctors, is expected to be able to collect information for use in many different formats over long periods of time. Dr. John Wald, one of the creators of Healthkit, described the use of the tool in this way: “The grand vision would be once the information is contained within HealthKit, patients can take that on their iDevices or eventually Android and transfer that to wherever they are in the world or country.”
Privacy Guards, Risks
While the Wall Street Journal (WSJ) reported that Apple announced the policy of not allowing developers to use data gathered from HealthKit for advertising or data-mining, it also noted that some experts believe that the Apple policy “leaves room for interpretation.” Specifically, “the Apple guidelines don’t specifically require app companies to account for any disclosures they make,” and according to Deborah Peel, the founder of Patient Privacy Rights Foundation, instead, “users should be able to see exactly how these apps are using their data.”
Moreover, the WSJ discussed how Apple has partnered with “Epic, a large provider of electronic medical records to feed data into HealthKit,” and further noted that “few details of that arrangement have been disclosed.” In turn, the WSJ piece posed the question of whether Apple will sell the data collected by its Health apps, which would be highly sought after by medical researchers and insurers. Finally, the article noted the privacy laws that these apps could be subject too, specifically the Health Insurance Portability and Accountability Act (HIPAA) (P.L. 104-191), and discussed the extent Apple would have to comply with these measures. While the WSJ stated that “Apple hasn’t said whether it will apply HIPAA protections to the sensitive data it collects,” Dr. Wald was quoted as confirming that HIPPA safeguards were in place and were ultimately the responsibility of the user: “There are extra screens for users to view their HIPAA authorizations, view their privacy and to educate them a little bit about how to secure their device. Once the information leaves our establishment, it’s their responsibility.”
Despite the fact that there is evidence that Apple is attempting to ensure privacy compliance, the question of whether the information would not be appropriately secured so as to prevent a breach of confidential personal medical records is less clear. In light of the recently reported hacked medical reports in health information systems across the country, this could be the largest threat posed by the newest devices, apps, and tools in the health industry.
For a discussion of the FDA’s regulation of mobile medical device apps, please see House Committee Grills FDA on Regulation of Mobile Medical Devices and Mobile Applications as Medical Devices.