As anticipation among Apple enthusiasts, tech bloggers, and curious consumers alike builds around this fall’s unveiling of the iPhone 6 and the new iOS 8 version of Apple’s mobile operating system, Apple is also readying a new platform — its HealthKit framework — for launch. HealthKit will aggregate data from third-party apps and devices, and aim to serve as a central hub not only for the user through a corresponding Health app, but also for medical professionals who could use the data to diagnose and treat their patients. The platform’s rollout will mark Apple’s launch into a growing new area: the intersection of health and mobile technology.
Reuters reports that Apple is talking with healthcare providers at Mount Sinai, the Cleveland Clinic, Johns Hopkins, and Allscripts, a competitor to electronic health records provider Epic Systems. While the discussions may or may not result in formal partnerships, they make clear the fact that Apple is looking to make HealthKit a viable tool for healthcare providers as well as consumers.
Health data like blood pressure, pulse, and weight are currently collected by a wide array of third-party mobile apps and devices, but the data lacks a solution for central storage. Though Apple hasn’t yet revealed many details about HealthKit, it’s clear that this is where HealthKit comes in. Apple hopes that patients will send the data from all of their health-related apps and devices to HealthKit where physicians will be able to access it and use it to make more accurate diagnoses and devise better treatments.
Apple has previously announced HeatlhKit-related partnerships with Nike, Epic Systems, and the Mayo Clinic. Reuters reports that the Mayo Clinic is testing a service that would flag patients when the results from their apps and devices are abnormal, and notify physicians so that they can deliver follow-up information and treatment recommendations. Reuters also says that the dozens of healthcare systems that use Epic Systems’ software will be able to integrate HealthKit data into patients’ records in Epic. Kaiser Permanente is currently piloting mobile apps that leverage HealthKit, and is expected to discuss a formal partnership with Apple.
HealthKit could become an important tool for technology teams at hospitals at clinics to save time and resources, as they wouldn’t have to develop their own solutions to integrate with the range of apps and devices that patients adopt. HealthKit could also improve the care that physicians provide, as they’d have access to more data on patients, and consequently a clearer picture of patients’ health.
While Apple undoubtedly wants HealthKit to become healthcare providers’ health data hub of choice, technical and regulatory hurdles could prove no insignificant challenge. But even beyond the challenge of trying to integrate with decades-old IT systems, it will be no small task to comply with all of the regulations surrounding the protection of consumers’ privacy and their sensitive health data. HealthKit relies on patients to share their data, and makes it their decision which apps and devices they want to enable to share data with the Health app.
But all of that shared data is likely to come under privacy regulations of one kind or another, especially when the data is shared with healthcare providers. Digital health accelerator Rock Health told Reuters that it estimates that six or more government offices have some regulatory involvement in a facet of mobile health solutions, which could potentially complicate HealthKit’s launch. Depending on how the various data that HealthKit collects is used, the hub and possibly some or all of its partners could even be subject to the requirements laid out by the Health Insurance Portability and Accountability Act, or HIPAA, for the privacy of personal health data. And even though the HIPAA regulations were updated last year, they’re notoriously tricky to apply in cases of new technology.
HIPAA regulations safeguard “protected health information” that patients place in the hands of clinics, hospitals, insurance companies, and even in the computer systems that manage health data. Health-related apps and systems like HealthKit blur the line between services created simply for consumers’ own use and services created for professionals in the healthcare industry.
While Nike and Apple, as an example, wouldn’t need to be HIPAA-compliant to collect running data, the Mayo Clinic and Apple would need to be HIPAA-compliant to use HealthKit to store and clinical information. It’s likely that HealthKit and related apps’ and platforms’ handling of data will come under the jurisdiction of HIPAA. That would be a good thing for patients’ privacy, but a challenge for Apple as it looks to place HealthKit users’ data into the hands of healthcare providers.
Reuters reports that Apple has consulted with or hired health experts and attorneys with experience on privacy and regulatory requirements, and has visited offices such as the FDA and the ONC. It’s likely that Apple will try to structure HealthKit’s rollout so that healthcare providers, and not Apple, take responsibility for adhering to privacy requirements, possibly including HIPAA regulations.
But physicians will still have their work cut out for them, even if the hundreds of health-related apps expected to appear in the App Store were (magically) HIPAA-compliant. Over time, they’ll need to learn which apps are safe, which are reliable, and which are useful in order to recommend them to patients. They’ll simply have so many choices as apps and devices multiply that it will take time to find the right tools and to learn how to make them useful in a clinical setting.
With HealthKit, Apple could establish an ecosystem that would make the apps that incorporate its framework more useful and more interoperable. Given that HealthKit will be released this fall as a new platform and a new ecosystem, it will take time and planning for clinics, hospitals, or even individual physicians to figure out how to use it. One of the major factors that physicians and healthcare providers are likely to prioritize is how secure and compliant HealthKit and compatible apps are.
HIPAA compliance and privacy concerns may be the biggest issue with which Apple will have to contend if it wants HealthKit to be widely used in clinical settings. Even if Apple successfully places the burden of privacy compliance on the shoulders of healthcare providers, it still needs to be concerned with how app developers — who will drive the growth of the HealthKit ecosystem — will be tasked with privacy and HIPAA compliance.
It seems that most apps that are designed to share patients’ data with physicians will come under regulation, and it’s a daunting task for developers, who may have innovative ideas for tools and apps that would integrate with HealthKit, to figure out on their own how to build an app that’s HIPAA-compliant.
Companies like Accountable, Medable, and TrueVault offer developers ways to ease that burden, either with HIPAA-compliant APIs and tools or HIPAA compliance management as a service. For HealthKit to reach its full potential of providing a secure platform for patients to share important data with their physicians, such tools will need to be commonly used by developers who want to implement innovative ideas for patients and professionals.
Apps would need to be HIPAA-compliant and compatible with existing records systems for them to show up in any doctor’s office, clinic, or hospital that you visit. Apple is working on the latter, and to accomplish the former, a necessary step to making HealthKit a comprehensive, secure, and forward-looking platform will have to do better than shrugging off responsibility to healthcare providers and professionals. Hopefully, that’s a part of what Apple is discussing with the major healthcare providers with whom it’s currently discussing the future of HealthKit.