Apple has launched an application programming interface (API) that developers can use to create health apps integrating patients’ EHR data. The Apple Health Records app allows patients to upload their EHR data, and with the new functionality, share the information with third party apps.
The purpose of the new API is to enable developers to create a range of apps that are helpful to patients in managing self-care. The first apps that will be developed will be available in the fall and will coincide with the release of iOS 12. If patients decide to incorporate EHR data, they will be able to easily share the data with third party developers.
Medisafe is one of the apps that can used with EHR data via the Apple Health Records app. Through this app, patients can download their prescription lists and can schedule reminders to take their medications. The app also provides alerts on potential harmful interactions between medications.
Apple is hoping developers will use the API for apps that can help patients manage their health conditions. Apps associated with nutrition could be very useful for meal planning, and access to cholesterol level and blood sugar readings. With EHR data, apps could give much more accurate and helpful recommendations. The API also allows patients to share their health data easily with researchers.
Apple doesn’t want to be categorized as a business associate. In order to avoid that, the company has ensured no protected health information passes through its servers. When patients download any EHR data to their Apple Health Records app, the information is encrypted and downloaded directly and securely to the patient’s iPhone. Hence, PHI does not pass through or get saved on Apple’s servers. If the patient decides to share the data with a third-party app developer, the information passes from the iPhone directly to the third-party app.
Patients’ sensitive information, including data from EHRs, is stored securely in the Apple Health Records App. However, Apple cannot say the same for third-party apps. Users of the health app must therefore check the terms and conditions of any third party app before sharing any health data.
App developers using the new Health Records API must have privacy and security controls in place. Though they may not be bound by HIPAA Rules, they will be handling highly sensitive data and appropriate security controls must be in place to ensure the confidentiality of that information.