Epic Systems announced July 31 that individuals can now securely share their health data with apps of their choice, CNBC reported.
For example, patients using a health coaching or medication reminder app can import their health records directly into these platforms by using their Epic login credentials.
When patients enter their Epic credentials to release their data to an app, they will encounter an educational screen, Matt Doyle, a software developer on Epic's interoperability team, told CNBC. This screen details which information is being disclosed to ensure patients are comfortable with their decision.
Since patient data is sensitive and protected by HIPAA, which requires patient consent or knowledge for third-party access, it's crucial for patients to be informed. While some apps must comply with HIPAA, many do not. Consequently, HHS has allowed apps to voluntarily participate in TEFCA, a national health exchange framework aimed at enhancing patient care and promoting nationwide interoperability, as long as they agree to comply with HIPAA, even if not legally required to do so.
Qualified Health Information Networks (QHINs) like Epic, which are part of TEFCA, can inform users whether an app is a HIPAA-covered entity, part of the federally endorsed data exchange network, or neither. Mr. Doyle emphasized the importance of patient education before data sharing.
"We're not saying the app is bad; we just don't know their policies. Patients should be informed before choosing to share," he told CNBC.
Epic customers can deploy these new features within two weeks, though widespread use of individual access services may take longer.
According to CNBC, this initiative grants patients direct control over their medical information, marking a significant shift in the management and utilization of personal health data.