Need your medical records? There's an app for that

Mobile health records
Medical records are becoming more widely available via online applications like Humetrix's iBlueButton, which translates and displays downloaded medical data in a simple-to-understand way.
MPR Photo/Jeffrey Thompson

If your medical records aren't in electronic form, they will be soon.

Spurred by the Economic Stimulus Act and the federal health care overhaul of recent years, hospitals and clinics are replacing paper files with sophisticated electronic health records.

Although some systems can't share information with each other, potentially a serious problem in an emergency, smartphones are starting to bridge that electronic gap.

Farzad Mostashari, coordinator for health information technology at the U.S. Department of Health and Human Services, knows how useful smartphone technology can be when illness suddenly strikes, as it was when his 76-year-old father visited him on Thanksgiving weekend.

"My dad comes downstairs and he has acute pain in his eye where he had cataract surgery. And I said, 'What's the matter, what's the story?'" recalled Mostashari, who lives in Bethesda, Md. "And he said, 'Well, I think they put the wrong lens in my eye, I'd gone back to the doctor and...'"

Mostashari's father didn't remember exactly what had happened at his last doctor's visit, but the information was in his medical file. The problem was his father lives in Boston and his doctor's office was closed for the weekend.

For many people, that would be a problem. How could a doctor in Bethesda, Md. access his dad's medical record?

But it wasn't one for Mostashari, who is leading an effort to give consumers more power over their health care with information and technology. Mostashari put his expertise to use by signing up his dad for the Medicare Blue Button, which downloads three years of a patient's medical history, as well as the Humetrix iBlueButton, a smartphone app that translates and displays the information in a simple-to-understand way. The file includes names, phone numbers and addresses of physicians as well as diagnoses, lab tests, imaging studies, and medications.

He then took his father to a local doctor, and his dad was able to hand over his iPhone and say, "here's my history."

Mostashari predicts that soon everyone will have that kind of information at their fingertips. "Within the next 12 months if people want to, they will be able to get the same data that your doctors would send to each other to have it come to you."

The Blue Button service is also available from the federal government for veterans as well as Medicare beneficiaries.

Before a patient can download medical information to a computer or a smartphone, the files must first be stored electronically. In Minnesota, chances of that happening are good. The state health department reports that 85 percent of the state's 1,180 primary care clinics and 96 percent of the state's 136 hospitals use electronic health record systems. Although only half of the clinics provide a way for patients to gain access their records online, such methods are up from 35 percent last year and expanding rapidly.


The federal health care law is designed to encourage patients to be more involved in managing their own health. Making medical records and test results accessible to smartphones is in line with those policy goals.

The floodgates have opened for patients to use technology to manage their own care particularly those that have chronic, and expensive, diseases, said Jennifer Lundblad, CEO of Stratis Health.

The non-profit organization based in Bloomington, Minn., aims to improve health care by translating research into practice.

Lundblad said smartphones and health-related applications can become powerful tools to help people monitor and improve their health.

"Some parts of health care are so complex that we need complex solutions," she said "But some parts of health care can be simplified and with the prevalence of smartphones, let's use the smartphone tool that that patient already has."

But there are also risks that Lundblad and others worry about, among them the possibility that some patients may lose smartphones containing their medical information and that a company storing the health data could go out of business.


To address such privacy concerns the Federal Trade Commission in February released recommendations to companies that build and sell mobile apps, not just those related to health care. Those recommendations followed a major report the FTC released about best practices for consumer privacy in 2012.

"Be aware before you share because that's your best defense."

But even its most recent report noted that "many questions remain" about the applications. Among them: What information should be included in application developer's privacy policies? What might a model short privacy notice look like? Can a single system of icons be developed to avoid consumer confusion?

Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology in Washington, D.C., said that when doctors and health plans store electronic medical information, that information is covered by federal privacy and security rules. But those rules don't extend to medical information on a smartphone.

"When you take possession of it and share it, stick it in an app, share it on the web, a social networking site, it's not going to be protected beyond what's in the privacy policy for the app or what's the privacy policy for the social networking site. And you need to read that," McGraw said. "Be aware before you share because that's your best defense."

To protect themselves, McGraw said, consumers should look for clear statements about how the application will use the data; their rights to the information for marketing purposes; and commitments to keep data secure.

If possible, she said, consumers should find out if their device allows them to remotely delete the personal information if it's stolen; and always use an unusual password with different kinds of symbols.

Another problem is that some physicians may not know whether records stored on a smartphone are complete, said Scott Edelstein, co-chair of Squire Sanders' Healthcare & Life Sciences Industry Group in Washington, D.C.

"There may be some data that the patient doesn't want to keep on their smartphone," said Edelstein, who specializes in mobile health applications. "Maybe there's very sensitive health information. Maybe there's information that they don't want other providers to know but it could be very important information for a provider to know, for example, in the event of an emergency."

Edelstein said errors or omissions could be disastrous.

But that wasn't the case for Farzad Mostashari's father. The records on the smartphone turned out to be an efficient way to treat his eye and salvage the Thanksgiving weekend.

Blue Button vs. iBlueButton

• The federal government describes Blue Button this way: "a symbol for patient access to their personal health information in a useable and safe digital format. It has spread from the federal government to the private sector."

iBlueButton is a smartphone app from California-based Humetrix that can download the data from Blue Button to a smart phone, decode it and organize it into a form that's easier to understand.


As the nation's hospitals and medical clinics increasingly rely on electronic medical records, many patients may want to use smartphone apps to access their personal health information. But doing so carries security risks.

To help patients who use smartphone apps protect their information, Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, recommends the following:

• Determine if cellphone app makers claim rights to patients' data for marketing purposes.

• Look for very general language that does not list in detail how your data will be used. Language such as "from time to time we will use your order to improve the services we provide for you" may warrant further investigation. Graw said such language does not necessarily indicate a problem, but it does not tell consumers much.

• Look for very clear statements about how the data is used.

• Look for who owns the data, if the company will disclose it. Do you own and control your data? Or do you merely have the right to use the service, but that is the extent of your rights?

• Look for commitments on security of the data. Is the data stored on your phone or on a server?

• What are your rights to retrieve data if they cancel service? Are you permitted to have a copy of the data? What is the app provider's right to use the data after service is cancelled? Ideally, McGraw said, companies should return all your data and not have the right to subsequently use it.

• You should use unusual passwords that employ varied symbols and numbers.

• If possible, you should be able to remotely delete data from the device if it is stolen.


• Download your data to a secure location. You may want to download your information to a CD or flash drive. Consider purchasing an encrypted flash drive for your information. You may also encrypt or require a password to access a CD.

• If you want to send your information via email, you should encrypt the message.

• Keep paper copies in a safe and secure place that you can control.

Editor's note: This story has been modified from the original to clarify that Blue Button is not a government smartphone app, and iBlueButton is an app developed by California-based Humetrix.

This story was part of produced through a collaboration between MPR News, NPR and Kaiser Health News.