Healthcare Information Security

Patient Privacy News

FDA Urges Patient Data Access with Medical Device Information

A finalized FDA document encourages patient data access, urging manufacturers to share healthcare information collected from medical devices with patients.

patient data access part of recent fda guidance

Source: Thinkstock

By Elizabeth Snell

- Medical device manufacturers should appropriately and responsibly allow patient data access with patient information collected from devices, according to a finalized document from the Food and Drug Administration (FDA).

Sharing “patient-specific information” can help patients become more engaged with providers and also aid in the patient care process, FDA stated.

“In many cases, patient-specific information from a medical device is accessible by the patient’s healthcare provider and patients can contact their healthcare provider to obtain such information,” the document said. “Alternatively, patients may contact the manufacturer directly and request access to their patient-specific information.”

“In general, although not required under the Federal Food, Drug, and Cosmetic Act (FD&C Act), manufacturers may share patient-specific information about a patient with that patient at that patient’s request.”

FDA noted that the guidance does not impact current federal, state, or local laws or regulations such as HIPAA and specifically, the HIPAA Privacy Rule.

“FDA recognizes the important role healthcare providers play in providing interpretation of and context to patient-specific information,” the guidance stated. “FDA recommends that manufacturers advise patients to contact their healthcare providers should they have any questions about their patient-specific information.”

The agency also clarified that any patient-requested information should be given to the patient in a comprehensive and contemporary manner. If a patient asks for blood pressure measurement history from a device, then the manufacturer “should include all available data up through the most recent measurement.”

Furthermore, the data can be formatted “to facilitate its usability by the patient,” FDA added.

FDA Commissioner Scott Gottlieb, M.D said in a statement that patients will be better informed about their own health can actively participate in their own care when they have accurate and complete information about their own health.

“We want to eliminate any policy obstacles that might prevent manufacturers from sharing with patients their own personal health information captured by their legally-marketed medical devices,” Gottlieb explained. “This guidance is one of several steps the FDA is taking across the agency to encourage transparency through greater access to health information – such as recent efforts to improve access to reports of adverse drug reactions and steps we will take soon to increase the access patients and providers have to the bottom line medical information that we evaluate as part of our drug review program.”

“We’re committed to continuing to identify new ways the agency can help foster transparency and patient access to accurate clinical information as a way to improve patient outcomes and health care delivery."

Patient data access can be a critical tool for individual patient care, and it is also allowed under HIPAA regulations. Individuals can ask to view and obtain a copy of their health records, receive records as paper or electronic copies, and even have records sent to another entity for treatment, billing, or operations purposes.

Patient PHI must remain secure, but health information is still allowed to flow between providers and can be given to the patient under most circumstances.

“The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing,” the Privacy Rule summary states. “Given that the health care marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed.”

HIPAA violation concerns often create confusion over patient data access, and can even hinder patients from accessing and viewing their own PHI.

“Health care providers often tell ONC and OCR that HIPAA makes it difficult to share electronic health information,” ONC explained in a 2016 report. “While erroneous, this misconception about HIPAA is widespread and unfortunate in that it places a needless burden on individuals.”

HIPAA regulations may not be impacted by the recent FDA guidance, but patients should still work to keep themselves current on their rights when it comes to accessing their own health data. Healthcare providers should also ensure that they understand how the exchange and release of PHI works. This will help covered entities remain compliant with HIPAA and continue to provide patient care with complete and accurate information. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...