New doctor, new doctor forms - we all know the drill. You fill out your medical history, offer up your insurance card, sign off on the Health Insurance Portability and Accountability Act, or HIPAA, and wait to be seen.
But what happens when you access high-tech health care? What's the protocol for a virtual doctor's visit? How secure is your medical data when you use an app and sensors to track your condition, or join a chat group to reflect on a common health concern?
Well, it's complicated. When it comes to health information technology, your privacy rights depend largely on who is initiating usage.
In general, if your health care provider offers video conferencing or an app to help manage your care, then your data is protected by federal privacy laws, experts say. But if you decide to download an app to track your diabetes or manage your anxiety - then you're on your own.
How exactly the company may use clients' data depends. For example, a health app may use someone's medical data and location to alert an asthma patient that the air quality of a certain area could be harmful, McGraw says. Alternatively, she says an app may link your health data with your shopping data and other information, "potentially using it in a way that you wouldn't have imagined."
As a result of these unknowns, Rep. Hank Johnson, D-Ga., introduced last week the Application Privacy, Protection and Security Act of 2013, which would require app developers to uphold privacy policies, ask users' permission before collecting their data and securely maintain the data collected.
Part of the problem involves the challenge of, literally, reading the fine print on a smartphone, Johnson said when announcing the bill. "Simple tasks become much more difficult on a small screen," he said. "Complex tasks like understanding how an app collects or uses data, what data is being collected and whether you can opt out becomes nearly impossible."
But among some of the early adopters of health technology, privacy takes a backseat to the prospect of better, more efficient care.
According to Jay Parkinson, CEO of Sherpaa, an online employee health care provider that's not covered by HIPAA - which ensures privacy of patients' health records - not a single patient has raised privacy concerns. If a question is particularly sensitive, patients are welcome to call, although 95 percent of the time, correspondence occurs by e-mail, says Parkinson, who has completed residencies in pediatrics and preventive health.
He contends that e-mail consultations supercede in-person visits, in which doctors can be rushed and patients too nervous to effectively share their health problems. "When you have a big open text box, it's really easy to write a lot and help a doctor understand exactly what you're thinking and feeling," he explains.
Even so, "nothing is secure online" he says. "You make it as secure as possible and go forward."
In many cases, the data that can be determined from devices is not especially sensitive, says cardiologist and geneticist Eric Topol, author of "The Creative Destruction of Medicine: How the Digital Revolution Will Create Better Health Care." What would a hacker find out- that "this person has a glucose-regulation problem?" he asks, rhetorically. "I don't know that that's going to be such an incredibly important revelation."
[See U.S. News Best Hospitals.]
"I think there's too much worry and not enough optimism," Topol says about new health information technology. "There's just so much more information that can be gleaned that I think doesn't negate the [privacy] concern, but it should be potentially an overriding positive ... that that's the net benefit here."
Whatever digital tool you choose, make sure to research the privacy policies. As McGraw puts it: "My best advice to people is to be aware before you share because that's your best defense."
For more information on protecting your health data, visit the Center for Democracy & Technology, the Center for Connected Health Policy, the Federal Trade Commission's Bureau of Consumer Protection and the Department of Health and Human Services' site on patients' HIPAA rights.