The Cyberization of Personal Health – Do New Apps Pose a Threat?

A look ahead to the unification of healthcare and how patients access their information.

It has been announced that Apple is expanding its HealthKit application to make it possible for a person to view their own health records on their mobile devices. According to Apple, it is strange that people routinely can see their financial information, but are unable to find out about their personal health. The company now is experimenting with Johns Hopkins Medicine and Cedars-Sinai to work out the bugs. The health applications being pioneered by Apple and others are making it possible for people to keep track of their body fat, monitor their hearts, link into their exercise machines, and more.

The promise is that people can live healthier lives. Already my Apple device nags me when I have been sitting at my desk for too long, reminds me to go sleep on time, and gently wakes me up after eight hours, but only on the weekends.

This trend towards the “cyberization of personal health” was started with standalone applications, but inevitably, these systems can work best only when connected into the giant information systems containing patient data.

Information technology revolutionized back-office processing in hospitals, first in billing, then in purchasing and more complex transactions. Now, electronic health records (EHR) are an essential component of the “information infrastructure”. What were at first internal standalone systems eventually grew into the giant inter-organizational billing and health logistics systems that we see today. Health systems link together insurance companies, government payers, intermediary processing companies, auditing companies, pharmacy benefit management organizations, public health officials, and even law enforcement.

In an evolutionary sense, the trend toward the proliferation of health-related apps and supporting specialized health monitoring is a continuation of this trend. Just as new forms of treatment will rely increasingly on personalized medicine, these apps create a custom-made information environment tailored specifically for the patient being served.

And apart from Apple, there are other efforts involving information technology-based innovation. For example, the Amazon announcement of a giant healthcare offering promises the creation of a better system of record-keeping and glittering efficiency, as with its one-click shopping.

But like every innovation in our healthcare system, we can expect that it will eventually be bogged down in the swamp of interfaces, and delays, and disputes, and audits, and litigation, and a nightmare of obstruction that will increase costs and kill off any promised efficiencies.

The Burden of Complexity

The basic problem is that the United States has created a vast monster of a healthcare system in which the amount of money spent on information processing probably exceeds what is actually spent on patients. This is because more and more resources are being drained into efforts required to service the processing of information. The relative cost is incredible.

We can be sure that the amount of patient contact hours is only a fraction of the time spent by clerks in processing the data associated with any sickness, small or large. We know that insurance companies are eager to stopwatch the minutes a doctor spends with a patient. But do they also limit the time spent on each patient by the bureaucracy? Perhaps if they did, it would stimulate a wave of innovation in the back office.

One driver of the overwhelming complexity that we see is the lack of a single unified healthcare system. In today’s system, in the United States, different hospitals, different insurance companies, and different health plans all have variations in coverage, coding, and data definitions.

We have created a giant Tower of Babel in which systems barely talk to one another, and when they do, it is only after the investment of a huge effort in building translators, converters, lookup tables, and all of the other paraphernalia necessary to keep incompatible systems from working with each other.

A few visionaries dream of a single unified information healthcare system for the nation. Everyone speaking the same language, all of the data compatible, files and records that remain with a person their entire life – imagine. With “cradle to grave” record-keeping, it always would be immediately possible to assess the entire health history of a patient.

The benefits for research would be staggering. Having a unified database with all patient data, their entire health records, every prescription ever taken, every disease suffered, and the relationships with other family members and ancestors would provide a giant platform for statistical analysis, multilinear regression, social network modeling, and other techniques of big data analysis. When genetic data is included, the benefits of such a system of data would be incalculable.

In addition, we would see enhanced efficiency and speed in processing of health information, because the entire system would rest upon a shared understanding of standards and procedures.

Security

Security continues to be a concern for the healthcare profession. As you recall, in 2017, IT security in healthcare already was in the spotlight. Healthcare system security breaches went up 24 percent, but ransomware incidents went up 89 percent. In May 2017, the WannaCry ransomware hit thousands of information systems. That attack was followed by NotPetya, which took down Merck and Nuance. By June, the Health Care Industry Cybersecurity Task Force released a number of security frameworks, and the number of cybersecurity training programs shot up.

By August, professionals were worrying about the Internet-of-things (IoT), including malware infection of medical devices or even pacemakers active within patients’ bodies. We can be sure that these same worries extend to the world of smart phones and the apps they are running.

In Stockholm, at the October ITechLaw conference, practicing attorneys expressed concerns that there is no legal standard defining an organization’s level of due diligence in management of their information systems. Organizations are being held responsible by government regulators, but with no objective standard of security. Without an accepted standard, organizations will remain unable to protect themselves from litigation claiming negligence in their data management.

Hackers, terrorists, non-state actors, and even state actors all continue to be antagonists to the global cyber infrastructure. What’s important is that ransomware is what the U.S. intelligence community calls an “advanced persistent threat.” In 2018, the tsunami of ransomware will continue to do damage to thousands of healthcare providers, both public and private.

This is the reality: there is no secure information system. It just doesn’t exist. Do you think if foreign governments can break into Sandia National Labs and download all of the technical details of America’s thermonuclear weapons, as they have, that your medical records are secure?

We know that Apple is taking many steps to protect the security of personal health information. All of the data is encrypted. This means that there is no copy of health data kept anywhere, not even on Apple servers, or any other server.

Will this be enough? We hope so, but if the past is any indicator of the future, these new apps will be compromised, just like all of the other healthcare systems.

Print Friendly, PDF & Email
Facebook
Twitter
LinkedIn

Edward M. Roche, PhD, JD

Edward Roche is the director of scientific intelligence for Barraclough NY, LLC. Mr. Roche is also a member of the California Bar. Prior to his career in health law, he served as the chief research officer of the Gartner Group, a leading ICT advisory firm. He was chief scientist of the Concours Group, both leading IT consulting and research organizations. Mr. Roche is a member of the RACmonitor editorial board as an investigative reporter and is a popular panelist on Monitor Mondays.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.

April 9, 2024
2024 Observation Services Billing: How to Get It Right

2024 Observation Services Billing: How to Get It Right

Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.

March 21, 2024
Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Explore the top-10 federal audit targets for 2024 in our webcast, “Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets,” featuring Certified Compliance Officer Michael G. Calahan, PA, MBA. Gain insights and best practices to proactively address risks, enhance compliance, and ensure financial well-being for your healthcare facility or practice. Join us for a comprehensive guide to successfully navigating the federal audit landscape.

February 22, 2024
Mastering Healthcare Refunds: Navigating Compliance with Confidence

Mastering Healthcare Refunds: Navigating Compliance with Confidence

Join healthcare attorney David Glaser, as he debunks refund myths, clarifies compliance essentials, and empowers healthcare professionals to safeguard facility finances. Uncover the secrets behind when to refund and why it matters. Don’t miss this crucial insight into strategic refund management.

February 29, 2024
2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

HIM coding expert, Kay Piper, RHIA, CDIP, CCS, reviews the guidance and updates coders and CDIs on important information in each of the AHA’s 2024 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.

April 15, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

SPRING INTO SAVINGS! Get 21% OFF during our exclusive two-day sale starting 3/21/2024. Use SPRING24 at checkout to claim this offer. Click here to learn more →