The Cyberization of Personal Health – Do New Apps Pose a Threat?

A look ahead to the unification of healthcare and how patients access their information.

It has been announced that Apple is expanding its HealthKit application to make it possible for a person to view their own health records on their mobile devices. According to Apple, it is strange that people routinely can see their financial information, but are unable to find out about their personal health. The company now is experimenting with Johns Hopkins Medicine and Cedars-Sinai to work out the bugs. The health applications being pioneered by Apple and others are making it possible for people to keep track of their body fat, monitor their hearts, link into their exercise machines, and more.

The promise is that people can live healthier lives. Already my Apple device nags me when I have been sitting at my desk for too long, reminds me to go sleep on time, and gently wakes me up after eight hours, but only on the weekends.

This trend towards the “cyberization of personal health” was started with standalone applications, but inevitably, these systems can work best only when connected into the giant information systems containing patient data.

Information technology revolutionized back-office processing in hospitals, first in billing, then in purchasing and more complex transactions. Now, electronic health records (EHR) are an essential component of the “information infrastructure”. What were at first internal standalone systems eventually grew into the giant inter-organizational billing and health logistics systems that we see today. Health systems link together insurance companies, government payers, intermediary processing companies, auditing companies, pharmacy benefit management organizations, public health officials, and even law enforcement.

In an evolutionary sense, the trend toward the proliferation of health-related apps and supporting specialized health monitoring is a continuation of this trend. Just as new forms of treatment will rely increasingly on personalized medicine, these apps create a custom-made information environment tailored specifically for the patient being served.

And apart from Apple, there are other efforts involving information technology-based innovation. For example, the Amazon announcement of a giant healthcare offering promises the creation of a better system of record-keeping and glittering efficiency, as with its one-click shopping.

But like every innovation in our healthcare system, we can expect that it will eventually be bogged down in the swamp of interfaces, and delays, and disputes, and audits, and litigation, and a nightmare of obstruction that will increase costs and kill off any promised efficiencies.

The Burden of Complexity

The basic problem is that the United States has created a vast monster of a healthcare system in which the amount of money spent on information processing probably exceeds what is actually spent on patients. This is because more and more resources are being drained into efforts required to service the processing of information. The relative cost is incredible.

We can be sure that the amount of patient contact hours is only a fraction of the time spent by clerks in processing the data associated with any sickness, small or large. We know that insurance companies are eager to stopwatch the minutes a doctor spends with a patient. But do they also limit the time spent on each patient by the bureaucracy? Perhaps if they did, it would stimulate a wave of innovation in the back office.

One driver of the overwhelming complexity that we see is the lack of a single unified healthcare system. In today’s system, in the United States, different hospitals, different insurance companies, and different health plans all have variations in coverage, coding, and data definitions.

We have created a giant Tower of Babel in which systems barely talk to one another, and when they do, it is only after the investment of a huge effort in building translators, converters, lookup tables, and all of the other paraphernalia necessary to keep incompatible systems from working with each other.

A few visionaries dream of a single unified information healthcare system for the nation. Everyone speaking the same language, all of the data compatible, files and records that remain with a person their entire life – imagine. With “cradle to grave” record-keeping, it always would be immediately possible to assess the entire health history of a patient.

The benefits for research would be staggering. Having a unified database with all patient data, their entire health records, every prescription ever taken, every disease suffered, and the relationships with other family members and ancestors would provide a giant platform for statistical analysis, multilinear regression, social network modeling, and other techniques of big data analysis. When genetic data is included, the benefits of such a system of data would be incalculable.

In addition, we would see enhanced efficiency and speed in processing of health information, because the entire system would rest upon a shared understanding of standards and procedures.


Security continues to be a concern for the healthcare profession. As you recall, in 2017, IT security in healthcare already was in the spotlight. Healthcare system security breaches went up 24 percent, but ransomware incidents went up 89 percent. In May 2017, the WannaCry ransomware hit thousands of information systems. That attack was followed by NotPetya, which took down Merck and Nuance. By June, the Health Care Industry Cybersecurity Task Force released a number of security frameworks, and the number of cybersecurity training programs shot up.

By August, professionals were worrying about the Internet-of-things (IoT), including malware infection of medical devices or even pacemakers active within patients’ bodies. We can be sure that these same worries extend to the world of smart phones and the apps they are running.

In Stockholm, at the October ITechLaw conference, practicing attorneys expressed concerns that there is no legal standard defining an organization’s level of due diligence in management of their information systems. Organizations are being held responsible by government regulators, but with no objective standard of security. Without an accepted standard, organizations will remain unable to protect themselves from litigation claiming negligence in their data management.

Hackers, terrorists, non-state actors, and even state actors all continue to be antagonists to the global cyber infrastructure. What’s important is that ransomware is what the U.S. intelligence community calls an “advanced persistent threat.” In 2018, the tsunami of ransomware will continue to do damage to thousands of healthcare providers, both public and private.

This is the reality: there is no secure information system. It just doesn’t exist. Do you think if foreign governments can break into Sandia National Labs and download all of the technical details of America’s thermonuclear weapons, as they have, that your medical records are secure?

We know that Apple is taking many steps to protect the security of personal health information. All of the data is encrypted. This means that there is no copy of health data kept anywhere, not even on Apple servers, or any other server.

Will this be enough? We hope so, but if the past is any indicator of the future, these new apps will be compromised, just like all of the other healthcare systems.

Print Friendly, PDF & Email

Edward M. Roche, PhD, JD

Edward Roche is the director of scientific intelligence for Barraclough NY, LLC. Mr. Roche is also a member of the California Bar. Prior to his career in health law, he served as the chief research officer of the Gartner Group, a leading ICT advisory firm. He was chief scientist of the Concours Group, both leading IT consulting and research organizations. Mr. Roche is a member of the RACmonitor editorial board as an investigative reporter and is a popular panelist on Monitor Mondays.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

The Inpatient Admission Order: Master the Who, When, and How

The Inpatient Admission Order: Master the Who, When, and How

During this webcast Dr. Ronald Hirsch delves into the inpatient admission order process including when to get it, when it becomes effective, its impact on billing and payment, who can write it, how to cancel it, the effects on the beneficiary, and more. You’ll leave with a clear understanding of inpatient orders and guidelines for handling improper orders that you can implement immediately.

June 20, 2024
Navigating AI in Healthcare Revenue Cycle: Maximizing Efficiency, Minimizing Risks

Navigating AI in Healthcare Revenue Cycle: Maximizing Efficiency, Minimizing Risks

Michelle Wieczorek explores challenges, strategies, and best practices to AI implementation and ongoing monitoring in the middle revenue cycle through real-world use cases. She addresses critical issues such as the validation of AI algorithms, the importance of human validation in machine learning, and the delineation of responsibilities between buyers and vendors.

May 21, 2024
Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.

April 9, 2024
2024 Observation Services Billing: How to Get It Right

2024 Observation Services Billing: How to Get It Right

Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.

March 21, 2024
Comprehensive Inpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Comprehensive Inpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Optimize your inpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. Participants will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.

June 26, 2024
Advanced Inpatient Clinical Documentation Integrity: Harnessing Technology, Analytics, and Compliance

Advanced Inpatient Clinical Documentation Integrity: Harnessing Technology, Analytics, and Compliance

Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P., as she helps you navigate advanced inpatient CDI technologies, regulatory changes, and system interoperability. Angela will provide actionable strategies for integrating AI and predictive analytics into CDI practices, ensuring seamless system interoperability, and maintaining compliance with evolving regulations. Attendees will learn to select and implement advanced EHR systems and CDI software, leverage data analytics to enhance documentation accuracy, and stay audit-ready with the latest compliance updates. Real-world case studies and practical tools will empower you to drive continuous improvement in CDI, improve patient outcomes, and enhance organizational efficiency. Don’t miss this opportunity to advance your CDI practices and stay ahead in this dynamic field.

July 11, 2024
Foundations of Inpatient Clinical Documentation Integrity: Enhancing Accuracy and Compliance

Foundations of Inpatient Clinical Documentation Integrity: Enhancing Accuracy and Compliance

Join expert Angela Comfort, MBA, RHIA, CDIP, CCS, CCS-P, for an insightful webcast on improving inpatient clinical documentation integrity (CDI). Inaccurate documentation can lead to misdiagnosis, improper treatment, and compromised patient safety. High workloads, lack of standardized practices, and outdated EHR systems contribute to these issues, affecting care quality and financial outcomes. Angela will offer practical strategies and tools to enhance accuracy, consistency, and timeliness in documentation. Attendees will learn to use standardized templates, checklists, and advanced EHR systems, while staying compliant with regulations. Improve patient care, ensure accurate billing, and reduce audit risks with actionable insights from this essential webcast.

June 26, 2024
Mastering E/M Coding: Navigating the Evolving Landscape

Mastering E/M Coding: Navigating the Evolving Landscape

Join industry expert, Kathy Pride, RHIT, CPC, CPMA, CCS-P, for an in-depth exploration of Evaluation and Management (E/M) coding, tailored for healthcare professionals navigating recent guideline changes. Dive into advanced topics beyond mere code selection, including shared visits, criteria for selecting E/M levels, and documentation best practices. Gain clarity on complex guideline terminology and ensure compliance with regulatory standards. This comprehensive session is essential for coders, auditors, educators, and practitioners seeking to enhance their proficiency in E/M coding and maximize revenue capture.

June 19, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

Honor Memorial Day with Savings! Get 20% off all items using code MEMORIAL24 at checkout. Shop today and save! Offer valid until May 31. Exclusions apply.

Happy World Health Day! Our exclusive webcast, ‘2024 SDoH Update: Navigating Coding and Screening Assessment,’  is just $99 for a limited time! Use code WorldHealth24 at checkout.