The Wall Street Journal takes a look at medical privacy concerns related to heart-monitoring systems:
The small box inside Amanda Hubbard’s chest beams all kinds of data about her faulty heart to the company that makes her defibrillator implant.
Ms. Hubbard herself, however, can’t easily get that information unless she requests summaries from her doctor—whom she rarely sees since losing her insurance. In short, the data gathered by the Medtronic Inc. implant isn’t readily accessible to the person whose heartbeat it tracks. […]
The U.S. has strict privacy laws guaranteeing people access to traditional health files. But implants and other new technologies—including smartphone apps and over-the-counter monitors—are testing the very definition of medical records.
Medtronic says federal rules prohibit giving Ms. Hubbard’s data to anyone but her doctor and hospital. “Our customers are physicians and hospitals,” said Elizabeth Hoff, general manager of Medtronic’s data business. Medtronic would need regulatory approval to give patients the data, she said. It hasn’t sought approval because “we don’t have this massive demand.”
At the same time, companies including Medtronic are pushing to turn the data into money. Ms. Hoff said the company is contemplating selling the data to health systems or insurers that could use it to predict diseases and possibly lower their costs. At a July industry event, a senior Medtronic executive, Ken Riff, called these kinds of data “the currency of the future.” […]
The implant works like this: It records and stores data onboard. Wireless monitors in patients’ homes download the files and send them to Medtronic. Doctors can log in to a Medtronic website to review patient reports. […]
Erica Jefferson, an FDA spokeswoman, said the agency supports patient access but would need to review any plan to provide data directly to patients. “In the current format, the data collected from implantable cardiac devices should be relayed through the physician to ensure proper interpretation and explanation,” she said. […]
Some legal experts say the 1996 U.S. law governing patient access to their health files—HIPAA, or the Health Insurance Portability and Accountability Act—hasn’t kept up with technology. The law gives patients the right to access information held by doctors and hospitals.
However, the raw data gathered by an implant isn’t held by a doctor or a hospital: Typically it goes directly to the device maker, which provides a summary report to the doctor. Because of this, the raw data falls outside the scope of HIPAA’s patient-access requirements. In addition, Medtronic said, business agreements with doctors and hospitals restrict it to relaying information only to them.