Apple makes promise of more health bits

Digital giant raises privacy and security worries in the process
By Evan Schuman
10:39 AM

Apple touted its work with Mayo Clinic and EHR vendor Epic, as it rolled out HealthKit, a software framework built into Apple's iOS8. It pieces together healthcare information from many third-party apps – including one from Mayo – to give consumers a comprehensive medical view on a mobile device.

HealthKit, unveiled at Apple's Worldwide Developers Conference last month, is impressive in its ability to present patients and doctors with a holistic view of medical data. The power of HealthKit, though, relies on changes in an Apple development tradition, where data for any app cannot be accessed by any other app or (for the most part) by the operating system. Although that data sharing promises huge potential healthcare benefits, it also raises serious questions about security and privacy.

Apple's vision is that Health would collect a wide range of healthcare information – temperature, blood pressure, pulse, exercise speed/duration, photos/videos of a rash or the patient demonstrating motion limitations, glucose level, oxygen saturation, sleep apnea monitors, daily diet, etc. – via assorted Apple apps, from medical facilities, fitness apps from a bicycle manufacturer, sporting goods chain or perhaps a cereal company.

When data that a patient feeds into a trusted healthcare app, such as one from Mayo, is shared with other apps, there is the potential for that data to be lost in a data breach of one of those other third-party apps. If that happened, the Mayo patient would likely blame Mayo, even if the fault were within another company.

"Who allowed that Mayo data to migrate to that other app?" would be the patient's question.

"Our legacy is trusted and affordable care," said John Wald, MD, the medical director for Mayo Clinic's public affairs and marketing operation. "If we lose that trusted aspect, we've lost everything. We are committed to maintaining that trust."

At a news conference where it unveiled the healthcare capabilities, Apple executives stressed that privacy and security concerns had been addressed, but only from a consumer – as opposed to a developer or a healthcare provider – perspective.

"We carefully protect (patient) privacy so (the patient) can have total control over which applications have access to which part of (their) healthcare information," said Craig Federighi, Apple's senior vice president of software engineering.

The problem with Federighi's promise is that consumers need to approve data sharing from as many apps as possible to gain the promised comprehensive medical view. Also, consumers have no way to know the relative security levels of various apps. The better approach is to allow providers like Mayo to make those distinctions and to decide which apps can and cannot access parts of their data.

Mayo's Wald said it was unclear what level of choice Apple will grant them, which means it's not clear how effectively they'll be able to protect patient data.

The advantage of the approach, though, is impressive. Federighi told news conference attendees of one way that patients could use the Mayo app in this new Apple model. "When a patient takes, let's say, a blood pressure reading, HealthKit automatically notifies their app. And their app is automatically able to check whether that reading is within that patient's personalized healthcare parameters and thresholds," he said. "And if it's not, it can contact the hospital proactively, notify a doctor and that doctor can reach back to that patient providing more timely care."

The Apple rollout made clear that not all of these third-party apps would necessarily be from traditional healthcare companies. For every Mayo Clinic, Mount Sinai and Cleveland Clinic, there will be sportswear marketing companies such as Nike, Adidas and The Running Company.

Speaking of major healthcare leaders, one slide that Apple displayed listed quite a few prominent healthcare names. It turns out that it was not a list of backers. It was simply a list of the healthcare customers for one vendor who was working with Apple. That slide list included Mount Sinai, Cincinnati Children's, Yale New Haven Clinic, Stanford Hospital & Clinics, Cambridge University Hospitals, Cleveland Clinic, The Children's Hospital of Philadelphia and Johns Hopkins, along with several others.

Asked about the security and privacy issues surrounding the multi-app data-sharing model, Wald said that Apple has not gotten into many of those details yet.

"We are absolutely aware of those concerns," Wald said. "Some of it will evolve over time."

But Wald said he preferred this initial model – with technology companies like Apple working with healthcare leaders like Mayo – rather than the typical government legislative dictates. "It will follow all of the HIPAA regulations, but I like that healthcare will be driving some of these decisions. I think this can lead to some better solutions."

And Wald pointed out that patients are already accessing digital copies of lab tests and other elements of sensitive medical data. "We think that having a central repository is a very positive move to helping with affordable healthcare," he said. "And we have great IT folk who are ultimately concerned about keeping us as the most trusted brand in healthcare."

The only potential hiccup in Wald's argument is that there is a world of difference from turning medical files over to a patient, who then might mishandle them, to turning data to a third-party app that loses it. Patient blame – and lawsuits – are not always based on logic and fairness.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.