Largest medical records holder is against making data more accessible

There’s a tug of war playing out between the government and medical record companies over your doctor’s notes, and the winner could emerge any day.

The head of the largest company that manages doctor records has just officially spoken out against a landmark rule years in the making meant to modernize our healthcare system and open up medical data.

Over the past three years, the FDA and the Department of Health and Human Services (HHS) have been working to create and implement new rules that would allegedly make it easier for patients, as well as health and technology companies, to access patient records. 

Improving access to this medical data, also known as “Electronic Health Records” (EHR), could help patients get a comprehensive look at a sometimes diffuse picture of their health spread among a lifetime of doctor’s visits; that’s a concept called “interoperability.” 

The rule mandating interoperability would also supposedly enable technology and health companies to develop new tools — from search portals to cancer-detecting algorithms — that they say will modernize healthcare. One rule from the HHS could go into effect in early February. 

Not everyone is thrilled, though. Judy Faulkner is the CEO of one of the largest medical record companies, Epic Systems. According to CNBC, on Wednesday,  Faulkner sent a letter to the presidents and CEOs of her company’s clients — such as hospitals, doctors’ offices, and research institutions — imploring them to tell the HHS that they are against the rule.

Faulkner objects to the rule because of patient privacy concerns, as well as the burden it would put on EHR companies like hers.

“We are concerned that health care costs will rise, that care will suffer, and that patients and their family members will lose control of their confidential health information,” Faulkner wrote. “Let’s prevent the unintended consequences of this rule and make sure the final rule is a good one that is modified to help, not harm, healthcare organizations and patients.”

Faulkner objects because of the way the system is designed: Making one patient’s data portable would also transfer all of the family’s data. She views this as a privacy violation that could be covered by HIPAA.

But the situation could be more complicated than just privacy concerns. Epic has its own interoperability platform called Care Everywhere, which, as a standard for EHR, Faulkner says already accomplishes the goals of making data accessible. Epic is also notoriously secretive about its intellectual property, and the way the new rule works could jeopardize that. 

Of course, allowing access to the public’s data through APIs (which is what the rule demands) has not always worked out well. Facebook learned that lesson first-hand after its open APIs caused the Cambridge Analytica scandal, which resulted in the sale of millions of its users data. A breach like that on the medical side could be more catastrophic, since it’s information about our health, not our Facebook likes.