Apple Announcement as a Healthcare Issue
Apple made two big announcements yesterday, from a healthcare technology perspective. It introduced the iPhone 6 which features several new health apps, and the Apple Watch which contains an accelerometer, heart monitor, and links to the iPhone GPS. Both the Watch and the apps are riding the trend of enabling consumers to take control of their health. Both are very well designed for this, as is typical of Apple products.
Apple has added a cool feature which allows the consumer to create an "emergency card" that includes data like their blood type or allergies. I find this attractive. It's like an electronic Medic Alert medallion.
While the blood pressure app can be sent directly to the consumer's doctor, showing her or her exactly how the blood pressure is trending, notice that I am calling the user a "consumer" and not a "patient." That is because I know that Apple does not want to cross that fine line between consumer information and medical information just yet. Sharing medical information is a much more complicated transaction that includes being HIPAA compliant. Still all the framework is there for the time when this can be done.
It's worth watching. Usually Apple is further along than they let on. They may already be moving towards bringing their new technologies into the heavily regulated healthcare environment.
The iPhone 6 goes on sale September 19th and Apple Watch will come out in early 2015.
Duff, this is where mobile devices and HIPAA cross, creating challenges for many businesses. With that said, I would just like to add that another big issue that Covered Entities and Business Associates often ignore – or don’t place much emphasis on – is securing remote access for end-users who can access PHI. Specifically, healthcare providers should have a comprehensive checklist covering aspects, such as securing the computer that is being used, ensuring anti-virus and proper passwords on the system, not using your home computer (which could be infected with all types of malware), only connecting using a company approved laptop, etc. And of course, all remote access should be done over encrypted and secure transmissions (i.e., port 443), which goes without saying. Also, don’t forget the importance of having a well-documented remote access policy and procedure in place, along with a remote access request form.
This new move by apple seems very interesting