Skip to Main Content

In health care, breakthrough cures are no longer just hidden in the innumerable mysteries of biology and chemistry. Increasingly, they are locked away in a place even harder to access: electronic patient records.

These files could help establish which patients, with which backgrounds and disease characteristics, respond best to certain therapies — secrets that are often carefully guarded in service of patient privacy, and private profit.

But the federal Centers for Medicare and Medicaid Services is seeking to open the data floodgates. The agency wants to put patients in charge of their information instead of the hospitals and insurers that collect it and keep it locked within their own systems. And it wants to do so explicitly to help app and device makers gain access to high-quality data.


“Patients should have access and control to share their data with whomever they want,” Seema Verma, the CMS administrator, said recently at the conference of the Healthcare Information Management Systems Society (HIMSS) in Las Vegas. Verma announced a raft of measures to improve data sharing and allow patients to open their records to third-party researchers with the ability to “develop cures that could save millions of lives.”

In recent years, an explosion of technologies has dramatically enhanced innovators’ ability to put personal health data to productive use. Advances in machine learning and genomics can help predict a patient’s likelihood of getting disease, as well as his or her odds of responding to specific treatments. Meanwhile, new apps are tracking patients’ symptoms, body functions, and physical activity, and in some cases can even directly treat diseases.


Health technology specialists said none of the initiatives unveiled by CMS will dramatically increase the availability of patient records, at least not right away. But they said Verma’s speech marked a significant shift in the government’s posture toward data sharing, after decades in which privacy concerns quashed most efforts to create a more fluid exchange of information.

“It’s the biggest step we’ve seen them take so far to say, ‘Look, the benefit of liberating data outweighs the privacy concerns,’” said Jonathan Porter, vice president of network services at Athenahealth, a maker of medical records systems. “There’s always been this battle between which is more valuable to the patient: to hold their data hostage, or to actually give it to the people that need it?”

Neither Porter nor Verma is suggesting that privacy should be cast aside in the name scientific progress. Rather, they are saying that it is not necessary to make a choice between the two, and that public policy should not be blind to the possibility of achieving both simultaneously.

Many digital health companies and drug makers are demonstrating new ways of personalizing treatments and making them easier to access. But further developing their products requires more data on real patients — and perhaps adjusting some of the long-standing privacy barriers to getting that information.

The question is whether and when CMS’s efforts will bear fruit — and whether, in addition to companies, patients will also win. 

Making the data follow the patient

CMS’s goal is to make health data as accessible and portable as a cellphone, so patients on public or private plans could easily pull it up when they’re shopping for medical services or talking with family members.

That would be a significant change from the status quo. Patient data is typically spread across multiple health providers whose systems don’t talk to each other, making it difficult, if not impossible, for patients to obtain their complete health histories.

But the intent of the CMS initiative, dubbed MyHealthEData, goes beyond the typical ones cited by insurance executives and health policy wonks — things like minimizing unnecessary treatment or medical error, helping doctors do their jobs more efficiently, and letting patients see their own records.

Verma has also emphasized the broader commercial value of this data, saying that her agency wants to help create a “healthcare information ecosystem” that allows companies “to tailor products and services to compete for patients.”

That kind of effort may follow in the footsteps of an existing data-sharing program within Medicare. The Blue Button program started as a way for beneficiaries to download a record of what their physicians have billed to the agency. But its future, Verma has said, is to build APIs — interfaces for computer programs to communicate — that could help deliver stepped-up services to beneficiaries.

Don May, vice president for payment and policy at AdvaMed, a trade group that represents medical device makers, said improving access to clinical data — the kind found in electronic health records — offers the most value to companies developing new products. “We really think that’s the best way to drive analysis of information, because you’re getting clinical information about the totality of the patient’s care.”

CMS has already taken some steps to increase sharing of data in electronic health records. Starting next year, doctors in certain program will be able to share more information via APIs, allowing patients to give their records to other providers as well as app developers. The agency did not respond to STAT’s questions about how MyHealthEData will build on those efforts and over what time frame.

During her remarks in Las Vegas, Verma explained her intent by referencing the story of her husband’s collapse in an airport last year. She said she did not have easy access to records to share with his caregivers, making it more difficult to quickly determine what had caused his illness.

A bevy of tests eventually helped caregivers reach a diagnosis and deliver treatment that saved his life. But afterward, when Verma asked for his records, she was handed a few sheets of paper and a CD-ROM.

“I’m going to let that set in for a second,” Verma told her audience in Las Vegas. “After the federal government has spent more than $30 billion on [electronic health records], I left with paper and a CD-ROM. Most computers don’t even take CD-ROMs anymore. At a time when we are sending Teslas to Mars, patients are receiving health records in forms that are completely outdated.”

She added that providing better access to those records won’t just help doctors respond to emergencies, but would also help spur the development of products to prevent those episodes from occurring in the first place.

“Maybe we could’ve predicted (my husband’s) cardiac arrest days before if his electronic watch had been compiling health information about his activities, his heart rate, and breathing, and other data, matching that information with what we know from thousands of similar patients from all across the country,” Verma said. “My husband was part of the 1 percent that survives his condition. We shouldn’t have to depend on happenstance for our loved ones’ survival.”

The value of clinical info

Health data specialists said the U.S. is a long way from creating that kind of capability. Patient information, though more widely available in de-identified form, is still scattered among various parties in formats that are difficult to mine for meaningful insights.

Many private businesses have succeeded in aggregating vast streams of claims information as well as data from clinical trials. That information is helpful, but it lacks the nuance found in medical records that show how individual patients react to treatments in the real world.

Colin Hill, chief executive and co-founder of GNS Healthcare, a Cambridge, Mass., firm that uses genomic data to model diseases, said Verma’s announcement was a step in the right direction. But he said it doesn’t achieve the ultimate goal.

“At the end of the day, what patients really want isn’t the data to figure out how to best treat their disease,” he said. “If we’re really honest, people just want the right answer. They want an expert to tell them, ‘This drug or this intervention is going to be most effective for you now, versus these other 10 ways to go.’”

In the U.S., Hill said, the conversation about data is still too esoteric. There is plenty of discussion about the need to share it, but not enough about how to use it effectively and pair it with technologies that can make a difference for patients.

As an example of the potential, Hill cited a recent project by the Multiple Myeloma Research Foundation in which GNS’s modeling technology was combined with patient data to identify a genetic marker that can predict how a patient might react to a stem cell transplant.

The procedure is hard on patients and can cost up to $600,000, but in many cases it doesn’t produce a benefit. “Up until four months ago, it was not known what is the thing that separates” those who benefit from those who don’t, Hill said. “That’s the tangible so-what of all this patient data sharing.”

Trend toward big data

The next challenge for CMS and other stakeholders is to ensure that data can be shared in a useable way.

Countries around the world are making significant steps in that direction. On Wednesday, Israeli officials announced plans to launch a digital health database with the ability to deliver personalized alerts to citizens based on their health data.

Creation of the database is made possible by Israel’s highly consolidated health care system. Most of the country’s 8.7 million citizens get care from four main providers that have been maintaining their records digitally for years.

Eli Groner, director-general of Prime Minister Benjamin Netanyahu’s office, said the database is expected to launch by the end of the year and will be “unlike anything in the world.” He stressed that third-party access to data will depend on individual consent.

Meanwhile, European Union countries are rolling out a new privacy and data sharing law. Known as the General Data Protection Regulation, it ensures citizens can get a free copy of their health data in an electronic format and enables the sharing of that information with third parties. The law also requires that patients be notified of data breaches within 72 hours of their discovery.

Jamie Powers, senior director of clinical applications at Cambridge Semantics, a data management company, said the U.S. now seems to be heading down a similar road, noting that it took EU members about a decade to approve the legislation. “With the rise of the digital patient, this is the time to really start making these considerations for personal data,” he said.

  • I agree with the goals, and tentatively with the means, but if this data is going to be sold, the patient’s name must not appear in any form in the data, and the patient’s ID and password should not appear anywhere on the internet in unencrypted form. They should hire the best hackers in the world, both angels and felons, to implement this.

  • For data mining to work to its full potential – and for patients today to get clinically effective and cost-effective care for chronic diseases – electronic patient medical records must include dental data. Physicians and researchers must consider dental and oral health status, tooth status, and even materials reactivity in tracking down causes of systemic infections, inflammatory diseases, and autoimmune diseases. The teeth and jaws are great hiding places for the problems that confound health, yet are largely ignored in medicine, research and healthcare.

    • Couldn’t agree with you more
      We don’t need things like tooth charts showing decayed and filled teeth BUT the overall lack of acceptance that the mouth is the starting point of the digestive system and NOT some isolated hole in the skull needs to be addressed
      I wrote an article in the early 90’s that suggested the link between gum diseases and overall system chronic inflammation that leads to cardiovascular disease, Pancreatic issues like Diabetes, and some of the lesser issues like arthritis and Psoriasis.
      I was bashed SO badly that I haven’t bothered to publish since. (only did it on a whim not part of my professional need or passion)
      However, since then the Dental community stepped up a small bit to realize that maybe I was right and now aggressively treat the pie hole as the real issue it is. Unfortunately, they are not good at chronic disease treatment they see every disease as a reason to do a procedure and not to simply monitor and prescribe.
      Too bad my medical colleagues refuse to accept the link we demonstrated.
      We do need transparent data from pie-hole to poop-hole and from daily activity to even sleeping activity in order to properly mine the data for life-saving tidbits we currently don’t even accept as possible
      We can’t even start until we get this nonsensical HIPAA law removed.
      Dr. Dave

    • Actually, doctors do need tooth charts. There is new research showing that people with certain gene types who do not methylate well have poor neurological and kidney outcomes over time from dental amalgam, as they do not excrete the tiny amounts of mercury that off-gas with heat and abrasion. Here is a summary article by James S. Woods et al, who was a toxicologist on the original Children’s Amalgam Trial, after reanalyzing the data by gender and gene type:

      There is also new research showing that root canalled teeth can develop and harbor infections, including anaerobic ones that are harder to treat. Similarly for old wisdom teeth extraction sites, when the periodontal ligament is not removed. Medicine does not make a practice of leaving dead tissue in the body. Dentists should follow suit (especially for patients who have lower Ig levels due to genetics and/or prior exposures). Biological dentistry threw me a lifeline, which I am happy to share with others.

  • It’s about time we got off this nonsensical “private info lockdown” mentality
    We are losing SO much capability in advancing care because we simply can’t gain access to huge masses of data. Data mining is the key to the future of healthcare.
    The paranoia of the 1980’s of making it federally illegal to not do everything possible to protect every aspect of every person’s data must stop
    There is FAR more data obtainable on FB and Tweeter put there by the actual person then could be released in a full data dump of an office’s EMR
    The idea that allowing one’s medical data to be used against someone is sheer nonsense
    Right now EVERY company that NEEDS your data to make a decision on something will simply REQUIRE you to give them access or deny you the service you are looking to buy.
    EVERY life, medical, disability, etc insurance company simply requires you to sign a release for all your data anyway so why pretend your data is never going to be seen by another other than your provider InsCo or you?

    I teach the Fellowship students about a hypothetical idea that if investigated could absolutely change life as we know it
    What IF 12 days 12 hours and only for 60 minutes in duration before a heart attack your body would somehow alter its pulse rate before the heart attack? Assuming this is possible since we have never collected THAT much data we would never have known this even occurs to then look for it and or monitor each person for it.
    Now with the assumption in place, we can now build a pulse measuring device that continuously scans your pulse to watch for this variation and when it sees it then it notifies you, your PCP, and could even prewarn the ED as to your arrival
    How many people could be saved with this technology? The reason we don’t do it today is that the data about human body function to that level has never been available before and the data we need to analyze is locked in some EMR somewhere and can’t be used to look for trends and for patterns that could lead to this exact relationship.

    Data is KING and we are squandering it because of data paranoia
    We need to embrace the idea of having our data used to discover patterns in function and or behavior not worried about what nefarious motives could be created with such open concepts
    Dr. Dave

  • Unless there is a federal law prohibiting the denial of services and/or health insurance coverage based upon any preexisting conditions and/or previous treatments, nobody would voluntarily provide their health records to anyone for fear of becoming uninsurable.

Comments are closed.