Understanding Emerging API-Based Standards

Comment

Patient Privacy

The AMA wholeheartedly supports the right of patients to receive their medical information using smartphone applications (apps), but is concerned about the lack of safeguards to ensure that patients understand what they are consenting to when they grant permission to an app to access their information. These apps share sensitive health information with third parties, often without an individual's knowledge. Much of this information can end up in the hands of data brokers and be used or sold for advertising and marketing. Data being used in this way may ultimately erode patients’ privacy and their willingness to disclose information to their physicians. As a first step to address this issue, the AMA is calling for controls to be instituted that establish transparency as to how health information is being used, who is using it, and how to prevent the profiteering of patients’ data. To help provide a minimal amount of transparency to patients about how a health app will use their health information, the federal movement should implement a basic privacy framework requiring certified EHR vendor APIs to check an app’s “yes/no” attestations to:
  • Industry-recognized development guidance
  • Transparency statements and best practices
  • A clear privacy notice to patients