Data from implantable medical devices is not covered by HIPAA until it is sent to the patient’s physician (on a periodic basis and usually in edited form — other data is typically retained by the device manufacturer) and entered into the patient’s medical record. It is, rather, governed by FDA rules, and the recent attention to this issue has prompted an FDA spokesperson to say that it would review a plan to give data directly to patients, but that data should be directed to physicians who can interpret it for patients. This is where the action will be in the future: the FDA could develop a framework to allow sharing of this data directly with patients. (The data is collected wirelessly in patients’ homes from the implantable devices.)
The point is that is if a patient wants access to this data he or she should be able to get it. What can a patient do with this data? For one thing: correlate activities with effects (one example given by Hugo is his correlation of having a drink of scotch with the onset of an arrhythmia — correlated through manual recordkeeping — which led him to give up scotch) and thereby have the ability to manage one’s condition more proactively.
We can get copies of our medical records from health care professionals and facilities within 30 days under HIPAA — and within a just a few days if our providers are meaningful users of certified electronic health records (it ought to be quicker than that … some day). In some states now, and in all states sometime soon (we hope), we can get copies of our lab results as soon as they are available to our clinicians.