By now, everyone is aware of Apple’s recent announcement of an ECG capability on its latest watch. It joins an expanding list of portable or in-home devices for monitoring cardiac and other functions. The Apple device takes advantage of an established ECG device from AliveCor, which had previously introduced the CardiaMobile ECG capture device for Android and iOS devices. More sophisticated monitoring devices such as implantable devices can monitor heart function in heart failure cases.
Many facilities are implementing video-conferencing type capabilities for patient consultation for non-life-threatening issues. These might include the capture of information such as a “selfie” of a rash that is uploaded to the physician for assessment.
Given that many of these devices are designed to collect diagnostic data outside of the primary care facility, there is a growing tsunami in terms of the amount of diagnostic data that will need to be managed. Since most of this data is created outside of the primary care facility, there are several questions that need to be addressed.
Who owns the data? Let’s take the case of ECG data captured from an Apple or AliveCor device. The data is being acquired by the user, and it is initially stored on the watch or phone device, and may utilize some initial diagnosis application. The whole purpose of capturing this data is to monitor cardiac function, particularly fibrillation, and to share it with a medical professional. In the case of these devices the data can be optionally uploaded to an AliveCor cloud application for storage. Thus, the assumption would be that the patient is the “owner” of the data. But what if it is necessary to transmit this data to a professional such as a cardiologist? Is it then the responsibility of the receiving entity to store and manage the data? Or, is it assumed that the patient is responsible for maintaining the data?
Once data is brought into a provider organization for diagnostic purposes, it seems reasonable that the facility would be responsible for maintaining that data, just as they do today for radiographic studies that are taken. If, for example a cardiologist dictates a report on ECG results, the results most likely end up in the EHR, but what becomes of the diagnostic data?
Who is responsible for maintaining the data? As stated above, if the acquired data results in a report of some type, the report most likely becomes the legal document in the EHR, but for legal purposes, many facilities feel the need to store the original diagnostic data for some period of time.
I am reminded of a situation from my consulting days where a major East Coast medical center intended to read Echocardiography studies from remote cardiologist offices. The facility knew that the remote offices had the original study data, so from their perspective they were not obligated to retain the data long-term.
From another point of view, without significant changes and system development, it is unlikely that patients are likely to reliably manage their data. Using the example above, how long will AliveCor store a patient’s data? How many patients will be willing to pay the additional fee for such cloud storage? I would be willing to bet that most patients will not be inclined to pay for such cloud storage.
Who is the originator of the data collection? The informed patient may wish to acquire diagnostic data, such as ECG or blood pressure information, but are they prepared to manage that data? If they are concerned about episodes of atrial fibrillation, then there may be an incentive to acquire and manage such data.
Conversely, many in-home devices are initiated by care providers, such as remote monitoring of heart failure. In these instances, the acquisition devices are most likely provided to the patient for the physician’s benefit. Therefore, the onus is on the provider to manage the acquired data, and it would become the facility’s responsibility for managing data storage.
Another question is how valuable is such data to the management of the patient? For devices such as the Apple watch ECG capability, is it important to the physician to have access to that data over the long term?
What about data security? It’s hard enough protecting patient data within a facility, but how will such data be protected outside the facility? Are patients dependent on third-party entities such as AliveCor’s cloud for data security, or must they individually address data security? For example, what happens to such data if the patient’s watch or iPhone is stolen or lost?
More importantly, what safeguards do facilities have to put in place to manage the acquisition and management of outside data? Interacting with devices outside of the facility’s firewall is always a challenge.
***No doubt such in-home monitoring of patient data will grow in a value-based care environment. Such services will be invaluable to the early detection and treatment of medical issues, but they will place increasing demands on providers for data storage and management. Providers need to develop policies for patient-based data storage and management to assure that adequate facility infrastructure and security are in place to handle this impending onslaught of data.
