Apple Working With Health Gorilla to Offer Comprehensive Medical Records on iPhone

I like that my doctor is the only one with my medical records. I'm curious how secure that data will be in an iOS app.

Personally, I trust my iPhone/Apple over my doctor's office as far as encryption and security go.

If you come in to the hospital and not responding, how does this help get them the info? They are still going to identify you by your id and from there search for your medical records in their database. There should be a unified database for all health providers, if this is a step in that direction, then that is great.

I'm not trying to argue that this will be useful to some for changing doctors or going to a specialist(even though you were probably recommended to go to that specialist by your family doctor) but it's still a bad idea to carry medical records on you.

I work in an emergency room and I could see this being extremely valuable in the specific scenario you mentioned, an unresponsive patient without family/friend there to give at least a bit of their medical history. Pacemaker? Allergies to medicine, blood type? History of strokes, heart attacks? On any medications? We can already add this info to the medical ID, accessible on the locksceeen without a password.

While it would great if docs had a unified system to look everyone, I’m already imagining situations where having medical records on the phone could save lives. Security is a huge issue obviously, perhaps they could utilize NFC (which they’re opening beyond Apple Pay). Store the info on the secure enclave, then you can either consent to sending it to physicians/hospitals or authorized facilities can access this info with some type of secure terminal that’s only available to emergency rooms or something. Idk how they’d implant it, but there’s definitely some interesting opportunities.

Besides I already trust apple with my credit card information, email, contacts, messages, photos, etc. I’m certainly concerned about privacy, but if any of my information were to “leak”, I’d prefer it to be my X-rays and bloodwork than my texts and pics. Some people definitely have more sensitive medical information than I, things that could be damaging to their lives, but that can’t be the majority of people though, right? And obviously it’s opt in, so no harm in giving access to the rest of us. And as someone who handles your medical records on a daily basis, whatever apple implements is likely to be more secure than what we’ve got.

Long comment, but I love medicine and I would love to see Apple take a deeper dive in this sector.
[doublepost=1497944996][/doublepost]

Sorry, but Obamacare did away with that. Doctors were forced to adopt digital records and enroll your records in a massive national database, such as EPIC, where pretty much any health care person, e.g., doctor, nurse, etc., in the country can access them. It's a very non-secure system, so I predict it will be the next major breech where we all learn that our medical records were stolen and are floating around. Without starting a political flame war, there is a price to a big brother approach. Again, sorry to be the one to break the news to you. Your privacy was good while it lasted.

Sorry, but Obamacare did away with that. Doctors were forced to adopt digital records and enroll your records in a massive national database, such as EPIC, where pretty much any health care person, e.g., doctor, nurse, etc., in the country can access them. It's a very non-secure system, so I predict it will be the next major breech where we all learn that our medical records were stolen and are floating around. Without starting a political flame war, there is a price to a big brother approach. Again, sorry to be the one to break the news to you. Your privacy was good while it lasted.

I agree with part of your sentiment, but wholly disagree with your main message. Electronic medical records are really the only logical way forward, I couldn’t imagine an alternative.

Let’s say you come to my hospital for chest pain, first you get an ekg, then some blood is drawn, then you’ll get a chest X-ray. The EKG is the only thing printed, blood is sent to the lab and results upload to our electronic chart as soon as they’ve been run, X-rays are transferred to the radiologists as soon as the pic is taken, who will then type in their interpretation on your electronic chart. I’m fairly young, so I don’t even know how hospitals used to run. Would the lab technician run the results over, would the radiologist call the information over every time (that would be a lot of phone calls and a lot of annoyed emergency docs today). Electronic is the only way forward.

Big brother is a real threat, I get that. NSA spying on citizens is terrible. The apathy towards giving major corporations access to your info, despite knowledge they will sell it, is troubling. But I don’t think we should stop progressing because of these things. Would you neglect the light bulb because it has allowed people to see in your home more easily? Terrible analogy, but you get my point. The only way forward is to to be vigilant about the use and access of all of our personal information, but to keep pursuing technology advancements that will make life more pleasant.

This is total BS. Wait a minute. This needs to go through Congress. Apple should not be allowed to create medical dossiers on people without MAJOR government oversight. PERIOD.
Oh right. We're just supposed to trust somebody because they put out a legal blurb. Don't be so naive.

I read your quote and another more famous quotes came to mind.
"The greatest enemy of knowledge is not ignorance, it's the illusion of knowledge." You're quote is written as if you know something that's relevant to the topic. Apparently, you took no time to actually research what the company does and what the relationship with Apple means.

Apple is not creating medical dossiers on anyone. Apple is attempting to provide people with a quick access repository for their health data. It's entirely voluntary. No one has to avail themselves of the service. The medical information is only aggregated and shared among your doctors if you 1. sign up for the service. 2. have doctors that use the service. 3. give explicit permission for your data to be aggregated and shared. The key here is you have to choose to do this. Apple can't make you and neither can Health Gorilla. Why on earth would this need to go through Congress? Are you telling me we need congressional approval to use an aggregation app? That's absurd.

Oh, and no btw. You're not supposed to trust somebody because they put out a legal blurb. You're supposed to actually research the available information out there and make an informed decision regarding whether or not this is something you'd be interesting in doing. What you're not supposed to do is use Facebook logic and ALL CAPS to make an invalid point about a nonexistent issue. All that's missing from your quote is a factually inaccurate meme .jpg.

I like that my doctor is the only one with my medical records. I'm curious how secure that data will be in an iOS app.

Bravo, Apple. This is heading in the right direction with iOS. The car can wait, but all things health can & will be a game changer if you can get this implemented pronto as in before Sammy steals it!

If you come in to the hospital and not responding, how does this help get them the info? They are still going to identify you by your id and from there search for your medical records in their database. There should be a unified database for all health providers, if this is a step in that direction, then that is great.

I'm not trying to argue that this will be useful to some for changing doctors or going to a specialist(even though you were probably recommended to go to that specialist by your family doctor) but it's still a bad idea to carry medical records on you.

It isn't a question of the extreme case of being non-responsive. It's a matter of a fully-conscious patient being unable to explain (for instance) all the drugs they are currently taking, and their doses. Or to describe, in with some medical detail, the surgery they had four years ago. Or drug allergies. For an older person with multiple medical issues the numbers of drugs they are taking and the procedures they may have had can easily number in the dozens.

It is utterly ridiculous that hospitals expect patients to remember this at all, let alone be able to relate it when they are probably in the worst state to recall it accurately. Because of this lack of information hospitals are often attempting to reconstruct a medical history and they often end up giving patients drugs they are not prescribed for a reason. If you've spend a lot of time with the medical system, or has/had an older parent who did, then you will know exactly what I am saying.

As for being non-responsive, last I checked your fingerprint still works when you are unconscious.
[doublepost=1497980103][/doublepost]

I work in an emergency room and I could see this being extremely valuable in the specific scenario you mentioned, an unresponsive patient without family/friend there to give at least a bit of their medical history. Pacemaker? Allergies to medicine, blood type? History of strokes, heart attacks? On any medications? We can already add this info to the medical ID, accessible on the locksceeen without a password.

I wish I'd seen this before I responded. You said it all, and a lot better than I did.

Your info, if they use any kind of modern EMR software, is almost certainly on a central server somewhere and not in his/her office. And I think Apple has a pretty good track record handling sensitive info, which would be encrypted. We've seen what intelligence officials have had to do to even try to unlock the home screen of a terrorist's phone...not easy at all. Certainly and obviously would be able to not opt in to do this, if/when this comes about, too.

Yeah I know, I'll be able to opt out. Still think it's an unnecessary risk to have that info stored on you at all times.

My doctor is old school, but I'm sure you are right about it being on a server somewhere. I wasn't talking about remote security though, I meant on device security. You can think the gov hacked the iPhone 5 and didn't go any further, I don't believe that. And that was 1 company contracted to hack 1 device. I doubt that hacking into an iPhone is as hard as they propped it up to be(have to justify the $1,000,000 price that company charged). Security patches also stop as the phone gets older.

I would imagine some older people don't even have pass codes on their phones.

I don't know about everyone else, but I'm not comfortable with gorillas -- regardless of their education -- having access to my medical info.

Not something to worry about.. The way HI

I never understood how all these hospitals use Epic/MyChart for their digital/online medical records, yet they all have a different app or website. Seems like it wouldn't be that difficult to have one MyChart app/website that you just add approved/allowed providers to, and that would aggregate your Epic records from all those providers.

I work for a company that supplies the underlying database to some of these EMR companies and in the end sadly it is greed. They don't want to share your records. They want to make everyone buy their EMR. This way they make the money and if a hospital wants to share to another EMR or system well they charge for the access. As always everything is driven by money. One can only hope at some point they are forced to share, but it really hasn't changed for many years now.
[doublepost=1497921311][/doublepost]

If you had any idea how wide spread your medical records were distributed and how poorly they were secured you would never have written this. The smaller the healthcare facility the more likely they are using off-shore coders, billers, cloud based EMR's, someone else's Health Information Exchange system etc... All this data is sent across the internet via flat files in email (worst case) up to encrypted HL7 interfaces (best case). The data at rest isn't likely to be encrypted even if it is transmitted in a secure manner.

Read this and tell me again you feel safe with your doctor having your medical records.

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf - HHS.gov Wall of Shame
[doublepost=1497920682][/doublepost]


Healthcare providers are better? Have you looked up the number of breaches over 500 patients? That is the threshold for reporting... guess how many go unreported?

You are right it isn't as secure as it should be even though the company I work for tells every one of our clients they should be encrypting their patient data.

I feel that Apple will at the very least make sure every part of the data is encrypted. Also since you should be the only one with access to your phone. As for the cloud I'm sure that with the new security that they have added that it will be safer then most records now. I'm sure two factor will be the minimum for those who wish to have their records in the cloud.

There's a lot of what if's and I think's in this thread. For those truly interested, start with their FAQ ('https://www.healthgorilla.com/home/company/about/faq/'). Then maybe peruse their Privacy Policy ('https://www.healthgorilla.com/home/company/legal/privacy-policy/'). The info is not all encompassing, but it's a far cry better than assuming things that may or may not be true.

tl;dr The data is stored on Amazon’s HIPAA compliant infrastructure. Apple is specifically mentioned in their privacy policy:
APPLE HEALTH, HEALTHKIT

* Health Gorilla will not use or disclose to third parties data gathered in the health, fitness, and medical research context—including from the HealthKit API, Motion and Fitness, or health-related human subject research—for advertising or other use-based data mining purposes other than improving health management, or for the purpose of health research, and then only with permission.
* Health Gorilla will not write false or inaccurate data into HealthKit or any other medical research or health management apps, and may not store personal health information in iCloud.

Dave
[doublepost=1497970974][/doublepost]
Yeah, so pretty much none of what you wrote is true. EMR use was mandated by the HITECH act, not the ACA ("Obamacare"). There is no national database. And no, not every "health care person" can access Epic - they can only access whatever version of EMR they're using for their local system. Sorry.

Dave

Dave, you can be an apologist for whomever you want, but your aren't entitled to your own set of facts and to mislead other readers about the dangers of electronic health records. To begin with,
the HITECH Act enacted by President Obama in 2009, was but the precursor for the massive expansion of government control of health care under Obamacare, which strengthened and expanded mandates for EHR's. Here's but one source discussing the mandate for the electronic health records in Obamacare.

Just FYI, trolling is not something people like on this forum.

This is something I have first-hand knowledge of, having to deal with the regulations of the ACA and HITECH on a daily basis. I was subject to HITECH and its requirements for EMR before the ACA was even passed into law, and had to go through the excruciating transition from paper records. Again, to address your original claim before you went into "government control of health care" - EMRs were mandated by HITECH, not ACA. Please read the actual legislation rather than "watchdog.org", or talk to someone who actually works under the system.

Next, there are certainly, there is a de facto national database formed by the integration of these systems, and they are growing. And you are dead wrong about broad access to the nation's largest system, EPIC.

So, where is this national database, that I may access it? It would certainly make my life a lot easier.

Reality is that if someone sees another doctor, I have to get their signed HIPAA-compliant consent in order to ask that other doctor for records, which then may or may not be faxed or mailed to me, and may or may not include the information I need.

As for Epic, most doctors do not have access to Epic, myself included - if I wanted to access, I would have to pay an exorbitant fee and the data would be in a ****** incompatible format. And I would suggest you talk to an Epic user, rather than rely on press releases from the company, in determining how accessible records are that are outside of a local system.

I don't know if your misstatements were intentional or simply negligence, but please stop spreading false information.

Yeah, so please, if you want to have a discussion, leave the insults out.

Cordially.
Dave