HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Apple Launches API for Developers to Allow EHR Data to be Used in Care Management Apps

Apple has launched a new application programming interface (API) for developers that will allow them to create health apps that incorporate patients’ EHR data. Patients who load their EHR data into the Apple Health Records app will be able to pass the information directly to third party apps.

The move allows app developers to create a wide range of apps that can help patients manage their care.  The first apps that will be allowed to access EHR data, if permitted by the patient, should be available in the fall to coincide with the release of iOS 12.

One such app that can be used in connection with EHR data through the Apple Health Records app is Medisafe. The Medisafe app will allow patients of participating health systems to download their prescriptions lists and set reminders when their medications need to be taken. The app will also alert them to any potentially harmful interactions between their medications.

Apple suggests apps could be developed to help patients manage their medical conditions. Access to EHR data will allow those apps to provide more accurate and useful recommendations.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Apps that help patients with nutrition could benefit from access to blood sugar readings and cholesterol levels, and those provide help with meal planning. The API will also help patients share their health data with researchers far more easily.

Privacy of Protected Health Information

Apple has avoided being classed as a business associate by ensuring no protected health information passes through its servers. If patients decide to download information from their electronic health records into the Apple Health Records app, the information is passed from their provider directly to their iPhone. No protected health information passes through Apple’s servers or is stored by Apple. All EHR data downloaded to the app are stored securely on the device and are encrypted. If the patient decides to allow third-party apps to have access to their data, that information will pass directly from their iPhone to the third-party app.

Patients who use the Apple Health Records App to view or store information taken from their EHRs should bear in mind that while data are secure on their device, that may not be the case with third-party apps.

While EHR data is subject to HIPAA laws and must be secured by patients’ healthcare providers, if the information is downloaded and provided to a third party, HIPAA Rules will not apply to any transferred data.

Patients should therefore carefully check the terms and conditions and privacy protections of any third-party app developer before passing their health data to a third-party app.

Any developers that decide to take advantage of the new Health Records API should ensure privacy and security is built into the core of the design of their apps. While app developers may not be bound by HIPAA requirements, the information provided to the apps is highly sensitive and appropriate security controls should be applied to ensure it remains confidential.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.