Right now, patients have more access to their healthcare data than at any point in history, and as a result can make more informed healthcare decisions. The trouble, however, is knowing where—and how—to look. Because while there’s more data than ever, it’s also scattered across so many siloes that it’s seemingly impossible to know where it all resides.

Julie Dooling, MSHI, RHIA, CHDA, FAHIMA, director of HIM practice excellence at AHIMA, understands this conundrum from a professional and a personal perspective. On a recent business trip far from home, Dooling came down with the flu and decided to use her insurance company’s telehealth service to see if someone could help her get some Tamiflu. The experience, from requesting a telehealth consultation and getting medications ordered, went seamlessly. But once she was feeling better, she started wondering—and trying to figure out—where her protected health data was sent during and after the encounter.

Being the health information management (HIM) expert she is, Dooling knows her insurance company’s app stores some of her data; the voice and video app she used to communicate with the telehealth physician shares and transmits her data; and the Apple Health app that partners with her online portal also stores and shares data.

“One of the questions I would’ve expected someone to ask [during the telehealth consult] is ‘Who’s your primary care physician so we can send the note back over there?’ So I’ve got that disparate information over there in the telehealth app,” Dooling said.

In addition to all the data generated from this one encounter, Dooling also uses a medical device to monitor risk factors for a chronic condition. The device also has an app, whose data can be accessed by her medical supply company, her insurance company, her primary care physician, and her specialist. With so many third parties accessing an individual’s information through application program interfaces (APIs) it’s hard to know if they’re all HIPAA-covered entities, which protects patient data through business associate agreements. This is part of the reason, Dooling says, that AHIMA pressed the issue of modernizing HIPAA when members visited lawmakers on Capitol Hill this spring. As health information is increasingly shared far and wide, somebody needs to be in charge of making sure it’s protected. Dooling also suspects some patients have some level of indifference with regard to the privacy of this data.

“I think our younger generation knows everything will be shared and they’re OK with it. They want the convenience of telehealth with their fingertips,” Dooling says.

She’s also heard that technology experts predict that in the future, telehealth will be the norm.

“The message at one meeting I went to is ‘telehealth is health.’ It’s an offering that’s just like going to see your doctor at the hospital—only now you’re going to see and hear them through your phone. It’s going to be a natural progression,” Dooling says.

But there’s good reason to be watchful and careful about where and how your health data is being used. A recent Washington Post article investigated the number of tracking applications that there are on an average iPhone. In the article, “It’s the middle of the night. Do you know who your iPhone is talking to?”, the author has a privacy expert analyze the contents of his data files to identify “data trackers,” which is the part of an app that sends a user’s data and statistics to marketing companies and data brokers. The author found that the trackers activate at night. For example, the food delivery app Door Dash has trackers that monitor fraud, send data brokers a user’s IP address, and send Facebook and Google Ads data about marketing effectiveness. The author eventually identified 5,400 trackers.

“You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, ‘What happens on your iPhone stays on your iPhone.’ My investigation suggests otherwise,” columnist Geoffrey A. Fowler writes. He notes that Apple claims to exclude health information stored on their phones from tracking software.

 Why You Need Your Health Data

Of course, mobile devices are just one of the places—albeit the one getting the most attention right now—that a patient can collect and store their health information. And there are many reasons why people want access to their own information and that of those they may be caring for, such as an elderly parent or a child. HIM professionals are often the first point of contact between a patient and their record. A few years back AHIMA developed a document called “Preparing for a Doctor’s Visit: A Reference Guide for Patients, Caregivers, and Advocates,” because one of the best ways for consumers to get their data is to not wait until a healthcare encounter is over to start asking questions.

The guide walks consumers through every step of acquiring health information, from inquiring about whether a provider has a patient portal set up to requesting more information about a new diagnosis. There’s a checklist of actions to take before an appointment and a checklist for additional steps to take afterwards.

For additional information on requesting your health information, https://getmyhealthdata.org addresses all sorts of legal and technical issues that plague consumers trying to track down their health data. The website profiles the cases of “tracer” patients who volunteered to request their information in a number of different formats and reported back with their stories.

As Dooling’s own experience collecting her health data demonstrates, tracking down one’s own data can easily become overwhelming, although it’s a worthy effort and patients should approach it with their eyes open.

As privacy expert Patrick Jackson, a former National Security Agency researcher, told the Washington Post, “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be.”

Mary Butler is associate editor at Journal of AHIMA.