New doctor, new doctor forms – we all know the drill. You fill out your medical history, offer up your insurance card, sign off on the Health Insurance Portability and Accountability Act, or HIPAA, and wait to be seen.
But what happens when you access high-tech health care? What's the protocol for a virtual doctor's visit? How secure is your medical data when you use an app and sensors to track your condition, or join a chat group to reflect on a common health concern?
Well, it's complicated. When it comes to health information technology, your privacy rights depend largely on who is initiating usage.
In general, if your health care provider offers video conferencing or an app to help manage your care, then your data is protected by federal privacy laws, experts say. But if you decide to download an app to track your diabetes or manage your anxiety – then you're on your own.
How exactly the company may use clients' data depends. For example, a health app may use someone's medical data and location to alert an asthma patient that the air quality of a certain area could be harmful, McGraw says. Alternatively, she says an app may link your health data with your shopping data and other information, "potentially using it in a way that you wouldn't have imagined."
As a result of these unknowns, Rep. Hank Johnson, D-Ga., introduced last week the Application Privacy, Protection and Security Act of 2013, which would require app developers to uphold privacy policies, ask users' permission before collecting their data and securely maintain the data collected.
Part of the problem involves the challenge of, literally, reading the fine print on a smartphone, Johnson said when announcing the bill. "Simple tasks become much more difficult on a small screen," he said. "Complex tasks like understanding how an app collects or uses data, what data is being collected and whether you can opt out becomes nearly impossible."
But among some of the early adopters of health technology, privacy takes a backseat to the prospect of better, more efficient care.
According to Jay Parkinson, CEO of Sherpaa, an online employee health care provider that's not covered by HIPAA – which ensures privacy of patients' health records – not a single patient has raised privacy concerns. If a question is particularly sensitive, patients are welcome to call, although 95 percent of the time, correspondence occurs by e-mail, says Parkinson, who has completed residencies in pediatrics and preventive health.
He contends that e-mail consultations supercede in-person visits, in which doctors can be rushed and patients too nervous to effectively share their health problems. "When you have a big open text box, it's really easy to write a lot and help a doctor understand exactly what you're thinking and feeling," he explains.