This week my medical group sent me an email inviting me to click a link to get online web access to my medical records and more. Let’s think about that. They thought I would click a link … in an email. Just that by itself is a bad assumption, but better yet a link where I’d be giving access to my medical records? Right. The only reason I was vaguely interested was that my medical group had given me a heads up a month or so ago that I should expect to get this email. I still wasn’t going to click a link in email though.
I navigated by hand to find out if this service was real. It turned out it was, but you’ll never believe what they offered me next. They offered to let me log in using Facebook! Are they kidding me? But no, they weren’t kidding. I could have used Yahoo or Google or Microsoft logins too, which are only slightly less terrifying than using Facebook.
That got me thinking about the next step in this. Can you picture logging into your healthcare site with your Facebook login and then later they offer you an app on your smart phone? Sure, that’s the next logical step. And now imagine the privacy agreement on the app. Do you approve Facebook to contact your doctor on your behalf? How about submitting medical information? Can it use your camera to take a picture of that weird mole on your back and post it for you? Would you like to compete in a Facebook challenge on your cholesterol levels? Do you agree that Facebook can change its privacy policies on these and other usages of your data without written notice? Say Yes, or Yes Please!
I posted about this (on Facebook) and my friend Paul Wilson wrote “I can just see it now the software posts the results of my colonoscopy on Facebook. Yeah I bet I would get a lot of likes.” Absolutely! I would totally post “great work on the cleanse, Paul!”
In all seriousness though, the service, called FollowMyHealth is actually pretty cool. I can see things like my blood pressure for the last so many visits, and what medications I’m on. Even better, it was really interesting to find out that I’m in stage 3 kidney failure. Um, what? Not that I’d wish an error like that, but without this online system I wouldn’t have known they had that in there. And who knows what medications I might have been denied in an emergency because they thought it would conflict with my kidney medication? Because the system exists, I was able to send a message through the system to my doctor that said,
Just signed up for the “new and improved” Follow My Health online program. Working pretty well but under my various diagnoses it says: CKD (chronic kidney disease) stage 3. This is news to me – is this maybe a mistake or did I forget some really bad problem I have?
And because my doctor is connected to this system she was able to write back:
I have reviewed your kidney function labs, and they are normal. You do not have chronic kidney disease. I will correct your chart.
What my doctor lacks in bedside manner she makes up in efficiency and brevity.
It’s an interesting topic whether you trust your medical records to the cloud. I’d say without a doubt I wouldn’t click a link in email to enable it, and for the love of all things good in this world I would NOT use my Facebook login to access my records. But overall I think this is a useful, if scary trend in the medical field.
[…] Would You Trust Your Healthcare Login to Facebook? […]
Allison,
Obamacare has required of health care providers the ability to communicate securely and electronically with other providers, hospitals and patients. It has also required the use of electronic health medical records, and that these EHR’s be used “meaningfully.” The electronic health records I am familiar with all contain what is called a Portal, which does allow for these secure, electronic communications. These will require you to sign up with that particular portal, currently separate ones for hospital and physician offices, and send you an email when some new information is sent by the healthcare provider to the Portal. The ability to review your health record is one of the encyclopedia of requirements for meaningful use.
It appears that your healthcare provider (or at least her employer) has decided to use the Follow My Health technology to meet some of these requirements. What doesn’t make sense is that there are very strict privacy requirements around this functionality, so why would they (Follow My Health) be willing to use something as public as Facebook as a sign in. It does appear that you can create your own sign in, but I can’t really sign up since we use a different technology here.
It seems imperative that this issue be brought up with your physician the next time you see her. Specifically, how is your privacy protected by Follow My Health? Why does it allow sign in with pretty much public credentials? What are the connections between your physician’s EHR and the Follow My Health portal? Why did they pick that particular technology?
Please keep in mind, however, that most current EHR’s do a great deal to keep an eye on what your provider is doing, but very little to make what they do easier. Most of us are taking 2-3 times as long to document visits in a less than optimal way due to the clunky, almost anti user technology currently used in many EHR’s. These products seem more like WordStar than Word or Pages from a technology standpoint. Most of us are spending more time seeing fewer patients, which isn’t helping anyone except the bureaucrats who think they know better than the providers what patient’s need. The goals are laudable, the current state of the tools is atrocious.
David H. Deitrick, M.D.
Dave – thank you so much for this information from the inside. Bart wrote a very helpful post over on our G+ community in response to this that put my mind at ease about the option to use a Facebook login:
https://plus.google.com/108325897935311073914/posts/NFvE8p8Zwxr
Overall I think it’s terrific to have this access. As I said I’m so glad I could see that they’d made a pretty bad error saying I was in Stage 3 Kidney failure. I also really like that I can communicate with my doctor via a protected email path. That’s awesome.
I’m sympathetic to your story of how much harder the EHRs make entering data for you; I’ve dealt with “new and improved!” systems at work before that make life harder. Hopefully this is a problem that will work itself out over time? I’d be interested to hear whether they’ve instituted iPads or Android tablets in an attempt to make things easier?
I ask because at our local Sears they introduced iPads, and at first it was horrible for the workers, making their jobs SO much harder. A year or so later and the woman selling washing machines was able to quickly look up specs for us, check for rebates, and do the entire purchase all from her iPad. It worked great.
I was just asked by my doctor’s office to use this service. I was hesitant, but started the registration process.
What threw me was when I got to this screen, with this wording:
“I have been informed that once my healthcare information is disclosed to Follow My Health, it will no longer be protected health information covered by HIPAA and it may be subject to further disclosure, subject to the Follow My Health terms of use, privacy policy and applicable federal and state laws, with respect to the disclosure of health information. I understand that (name of my doctor’s office) is not responsible for my health information once that data is disclosed to Follow my Health pursuant to this authorization. (I accept/I decline)”
Why on earth would I agree to this? “No longer protected health information?”
I work in a hospital and have this HIPAA stuff drilled in each year. I cannot understand why I would want to give this outfit a free ride to share it. Thoughts?
Holy cow Marla – I definitely did NOT see that message when I was given the option of setting up my Follow My Health account. What I read lead me to believe that if I didn’t sign up the info was still with them, this was just my option to access that info. I’m off to re-read what I was given for sure!!!
I had the same experience. When I read the “Follow My Health” terms and conditions, I declined because I wasn’t willing to give up my HIPAA rights.
I found this on their support site. Sounds like a bunch of legal jargon but makes sense to me. If you download or send your data outside of the site they can’t guarantee the safety of your information.
“The FollowMyHealth Universal Health Record is HIPAA-compliant in that it adheres to mandated encryption standards when receiving, sending, and storing a patient’s health information. When a provider invites a patient to create a UHR account, the provider makes that contact directly with the patient or, to the extent Allscripts assists in that process, Allscripts does so as a business associate of the provider, and pursuant to a HIPAA-compliant business associate agreement. When a patient actually establishes a UHR account, that patient executes a HIPAA-compliant authorization directing his or her health care organization to disclose the patient’s medical record information in electronic form to Allscripts, such that it can maintain the UHR on the patient’s behalf. Pursuant to the authorization (and Allscripts’ privacy policy on the UHR website), the patient acknowledges that he or she has directed the release to the UHR and that and further disclosure of the information maintained on the UHR is not protected by HIPAA. As FollowMyHealth is not a covered entity, HIPAA does not apply to it.”
When I was setting up my Follow My Health account I feel like I missed that message to opt-out of having my information used for commercial purposes. This was certainly NOT what I signed up for and I think it’s disappointing because FH didn’t do a good enough job at making this clear to me.
When we agreed to opt-in for further information about FollowMyHealth’s services, and opted-in for the opportunity to receive notifications about FollowMyHealth.com events, and to market events in which we participate, it was not clear that our email addresses would be sold as a means of promoting other companies’ products. We are very disappointed in how this has been handled.
Its great to read such an amazing content. I will also recommend you to please read this blog as well it will give broad idea about your topic.