
Show HN: Get your health records from any doctor - thetylerhayes
http://stayinyourprime.com
======
anactualmd
I would strongly encourage my patients to stay a mile away from this
enterprise. Any outfit that can say "Health is inherently social" does not
have the right attitude towards PHI, in my opinion. Any association with
Facebook only enhances this opinion, due to their history of "privacy creep."
To be clear, I think patients should be informed and access their records if
they choose. But be very careful about any social media exposure. Once it's
out there, it's out there.

------
colinbartlett
Don't have a Facebook account. Don't want a Facebook account.

Even if I did, I wouldn't want it anywhere _near_ anything related to my
healthcare. Requiring a Facebook account to sign up was a huge mistake.

~~~
thetylerhayes
We don't get posting rights to your Facebook account. We can't nor will we
ever share anything to Facebook.

We use FB to verify identity and help make it easier for you to invite friends
and family, the people with whom you're already sharing your health info.
Everything stays private within Prime.

~~~
rpedela
Yeah, but many people, especially in the developer community, have a knee-jerk
reaction to sharing private data on FB even if that isn't what you are doing.
You could easily alleviate the fear by supporting other OAuth providers and
allowing people to use their email address to sign up.

I really like the concept BTW!

~~~
thetylerhayes
Email is something we're currently considering.

Thanks!

~~~
angersock
Don't just consider it--given this summer's events and disclosures, _email is
the only thing even remotely reasonable_.

EDIT: Seriously, I appreciate the desire to get your viral coefficients up and
everything, but this is something that is actually important and can ruin
people's lives; don't take it lightly.

------
will_brown
Health records is a great space. 2 quick things that jumped out at me, the
first is the iPhone feed that showed one user saying they just got a
colonoscopy (my thought is that patients typically do not and would not share
that type of info), then second down below it says health is inherently
social, I do not know that this is true, I believe health is very private and
often for good reason (insurance companies used to use such info to reject
claims and insured for preexisting conditions, maybe not the case anymore with
the reforms. But employers or potential employers can use this info to make
hiring decisions). My concerns might sound far fetched and creepy but they are
legit concerns on how people can use this info.

In truth I hope my initial concerns are all wrong and you find a huge market.
Best of luck.

~~~
thetylerhayes
I don't think your concerns sound far-fetched. I'd say so far our results are
"different strokes for different folks" with folks in our target market of
having daily/weekly health habits (visiting doctors, getting sonograms,
getting treatments, tightening braces) leaning towards the more social end.
This is simply because they need to share that data with multiple
people/caregivers already (caregivers are often friends and family) and we
make it 100x easier for them by 1) surfacing the data, and 2) bringing
everyone together in one place.

I will also say that I think it would be great if our culture was a bit more
open about our health on a personal level, rather than being so secretive. But
I also understand the current need for that sometimes (like you point out in
the job market) and so that's more so a personal hope than a product goal.

Thanks!

------
Ricapar
> "Get your health records from any doctor"

Awesome! Sign me up!

> Health is inherently social > Provide context for your friends and family by
> sharing real health information seamlessly. Focus on communicating about
> your health rather than communicating the technical details.

Yeah. No. Goodbye.

I would love to have all my records all in one place.

But why in the world would I want to share my high blood pressure/high
cholesterol/chicken pox/herpes/aids etc. checkups with my friends and family?

~~~
willimholte
There are no social requirements in the app—you can use it to get your record
from multiple doctors and never add any friends in Prime.

The target market of the app is people who have close friends and family
members that they want to keep in the know about their health. This might not
be you, which is totally okay.

------
stevewilhelm
> Health is inherently social

Maybe wellness is inherently social. I am a huge fan of Strava.

But there is no way I would give three guys in Oakland access to my medical
records.

~~~
thetylerhayes
Point taken. Not sure what Oakland has to do with it — we're located across
the street from Kaiser Permanente's headquarters of 11,000 people in Oakland —
but I think I see where you're coming from. You don't know us. And you deserve
the best level of security.

Some more background on us: I worked at Disqus for 3 years. I spent time on
the Product team and helped engineer some of their tools too. Owen is a
fantastic engineer who spent 4 years at Intel and Oracle before that. We know
security, we know scale. We're fully HIPAA-compliant; we even worked with
Amazon directly to ensure this. Everything is encrypted and no data is stored
on the device.

What could we do differently to put your mind at ease about this? Are there
specific technical points you have in mind?

This is a problem that desperately needs to be solved and we're solving it for
the people who need it solved most: people who really need their real health
records with them right now, whether to show at their next doctor appointment
or to family at home or friends on the other side of the country.

Thanks for your thoughts.

~~~
bonhamcm
Did Amazon sign a Business Associate Agreement (BAA)? I know in the past that
prevented clients of mine from using AWS in the healthcare space.

~~~
trey_swann
Yes, AWS started signing BAAs on June 18th, 2013. FireHost and Rackspace will
also sign a BAA.

"AWS enables covered entities and their business associates subject to the
U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage
the secure AWS environment to process, maintain, and store protected health
information and AWS will be signing business associate agreements with such
customers."

[http://aws.amazon.com/compliance/](http://aws.amazon.com/compliance/)

------
siculars
I work in medical informatics, so my opinion may be biased.

Yes, people need access to their data. No, heath data is not inherently
social. Sharing specific pieces of data with specific people does not mean
health data is inherently social. I would seriously consider rebranding your
efforts as a personal health data access mechanism that can also be
specifically shared in the finest ways with specific people. And for the love
of all that is holy, disassociate yourself from Facebook. Add your own sign up
with email. Do not oauth with any other provider. As soon as you add
FB/Google/Twitter/etc. you open the door to your customer having to ask the
question about whether or not they want those companies having access to their
data. Even if you say they will not, your customer will have to make a
judgement call as to whether or not that is true.

~~~
merlinsbrain
As a developer, my opinion might be biased, but I agree with this.

------
beeCause
> Amanda Huggankiss

> You tested positive for Herpes, Hepatitis, Chlamidia and HPV

Health and wellness has never been more social.

~~~
camus2
wives , get an free alert right in your mail box when your husband get aids or
syphilis !!!

------
siegecraft
Good idea, horrible messaging. I doubt anyone thinks that health is
"inherently social"

------
jtheory
homepage error: link for "Not a member of a current Prime provider?" is
[http://stayinyourprime.com/%10#providers](http://stayinyourprime.com/%10#providers)

Also, higher-level: how should potential customers check if their provider is
already on Prime?

Finally, my first question when I see a service that will help me with
sensitive, private data _for free_ is: who is paying for this? Maybe the
providers are paying; maybe the plan is to sell "non-personally-identifiable"
data; maybe there will be ads and/or targeted 3rd party offers; but if the
site is secretive about its business model, I assume the worst. In this case
the privacy policy seems to suggest the latter two options, which are bad
enough for email hosting, but really quite dangerous for medical data. The
process of pseudonymizing medical data is difficult and necessarily imperfect;
so the consumers of any pseudonymized data need to be responsible parties.

~~~
owenfi
Thanks for the note about the error, should be fixed soon.

Good point about letting people check the full list of providers!

To the question about business model, all three of us agree wholeheartedly
that free services rightfully bring a certain level of skepticism. All things
considered we don't think it would be possible to charge for the app, but do
feel there are not enough truly consumer-focused offerings in the health
space. So we are thinking hard about what the revenue model will be. We don't
have any plans to sell info in any regard and are under the impression that
would require a direct opt-in from consumers if that offers any solace.

~~~
merlinsbrain
"We don't have any plans to sell info in any regard and are under the
impression that would require a direct opt-in from consumers if that offers
any solace."

This is interesting. Are you then not considering exposing APIs to anonymous
data or such like?

~~~
owenfi
Like you say, anonymizing data is nigh impossible, so I'd rather just avoid it
entirely. _Maybe_ local processing?

We are thinking a user driven OAuth style service would be valuable.

~~~
merlinsbrain
Makes sense.

------
rjbwork
I work in the healthcare space. This seems like a HIPAA nightmare, but I;m
sure they've thought of this and I would be interested in their strategy for
dealing with HIPAA.

~~~
willimholte
We're fully HIPAA-compliant, as Tyler mentioned in another comment. Data is
encrypted, and isn't stored on the device. HIPAA (and specifically MU Stage 2)
is actually more helpful for what we are doing than anything else; letting
patients get access to their records electronically is a hugely important step
towards solving major problems in the health industry.

------
5555624
"Get your health records from any doctor"

We must have a different definition of "any," since this will not get them
from my primary care physician. His records are not computerized. (If I don't
pay my copay at the time of my visit, my bill is typed on a typewriter.) He
started practicing medicine in the late 1960s, joining his father's practice.
I'm sure that some older doctors, in smaller towns (I'm in a D.C. suburb), are
the same way.

~~~
thetylerhayes
Your point that smaller practices are more likely to not have an EHR is
generally correct, but it's changing very quickly.

Some quick facts:

* More than 50% of clinics and hospitals in the U.S. have an EHR (electronic health record system) of some kind: [http://www.hhs.gov/news/press/2013pres/05/20130522a.html](http://www.hhs.gov/news/press/2013pres/05/20130522a.html). That means they can give you an electronic copy of your record.

* Meaningful Use says providers have to offer records electronically.

* Meaningful Use Stage 2 (goes into effect in 2014) says doctors also have to offer the record in whatever format you as a patient choose.

* The whole main point of HIPAA, the reason why it came to be, is that it gives every U.S. citizen a right to their health record, and to the ability to take it with them wherever they go.

The bottom line is: if your doctor isn't giving you an electronic copy of your
record — and in 2014, in the format of your choice — they're breaking the law.
It's your right to have your health record, and not just in paper form.

~~~
anactualmd
"The bottom line is: if your doctor isn't giving you an electronic copy of
your record — and in 2014, in the format of your choice — they're breaking the
law." This is demonstrably false. Meaningful use is not at this time a
mandate. It is an incentive program. The incentive will likely turn from a
carrot to a stick in the future, but as of 2014 there is no mandate on US
physicians to comply with meaningful use stage anything.
[http://www.cms.gov/Regulations-and-
Guidance/Legislation/EHRI...](http://www.cms.gov/Regulations-and-
Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html)

~~~
thetylerhayes
You're right, I mistyped that. Meaningful Use is an incentive. The right to
getting an electronic copy of your record is part of HIPAA.

So the overall point of what I wrote is still true — you have a legal right to
your health record in the electronic format of your choosing:

> (ii) Notwithstanding paragraph (c)(2)(i) of this section, if the protected
> health information that is the subject of a request for access is maintained
> in one or more designated record sets electronically and if the individual
> requests an electronic copy of such information, the covered entity must
> provide the individual with access to the protected health information in
> the electronic form and format requested by the individual, if it is readily
> producible in such form and format; or, if not, in a readable electronic
> form and format as agreed to by the covered entity and the individual.

That's from HIPAA § 164.524 Access of individuals to protected health
information. (c)(2)(ii). Direct link: [http://www.ecfr.gov/cgi-bin/text-
idx?c=ecfr&tpl=/ecfrbrowse/...](http://www.ecfr.gov/cgi-bin/text-
idx?c=ecfr&tpl=/ecfrbrowse/Title45/45cfr164_main_02.tpl)

And that was also the point of OP's comment. OP was saying small practices
might not always be able to provide a health record to their patients. Your
health record is your legal right and so is an electronic copy (provided the
data is stored electronically) as of the latest revision to HIPAA which has
been in effect since September 2013.

~~~
5555624
But if the records are not maintained electronically, then there is no
requirement to provide them electronically. The paragraph before the one you
quoted, ends with:

>if not, in a readable hard copy form or such other form and format as agreed
to by the covered entity and the individual.

If the records are only hard copy, then there is no requirement to convert
them into an electronic format just to provide them to an individual. I know
this is the case with my primary care physician and I think it may be the case
with other smaller practices. Many of these may be small practices run by
older doctors, so they may simply retire. If you've been practicing since say
1970 or so and haven't converted everything to electronic format by now, why
bother?

~~~
thetylerhayes
> If the records are only hard copy, then there is no requirement to convert
> them into an electronic format just to provide them to an individual.

Correct. Yet over 50% of providers have an EHR. And that number is growing
every month.

> If you've been practicing since say 1970 or so and haven't converted
> everything to electronic format by now, why bother?

Because Meaningful Use incentivizes you to do so. The government gives you
money.

------
myang
I think there has to be some more stronger reasons to justify sharing medical
/ health information with friends. Sharing that with my health providers may
be a good idea but definitely not with friends.

------
meersoup
Why would providers partner with you? I work in healthcare and I'm having a
hard time imagining how you sell this to them.

~~~
thetylerhayes
I can't speak for every provider but one example is that of improved outcomes,
improving the lives of patients and increasing the efficiency of physicians'
daily workflow: [http://news.cnet.com/8301-11386_3-57610765-76/digital-
health...](http://news.cnet.com/8301-11386_3-57610765-76/digital-health-tools-
likely-to-decrease-visits-to-the-doctor/)

------
wehadfun
What efforts are you doing in the medical community to get them using your
service?

~~~
thetylerhayes
Prime is still only for consumers (patients). We don't sell the app to the
medical community.

------
Urgo
No android? Meh.

------
logjam
"Health is inherently social."

No. It's not.

~~~
martian
There is a lot of negative commentary on this thread (thanks HN for always
providing such valuable feedback), but I'd like to point out what I think is
useful and positive with Prime.

First, health _is_ inherently social. When you're sick, do you tell your loved
one (boy/girlfriend, spouse, parent, close friends, etc?). Of course you do.
You want them to know that you might need their care for a few days, that you
might have to miss some events that you'd planned together, that you might
need help going to the pharmacy to pick up some meds, etc. More serious health
issues are even more social. Name one person you know who has suffered from a
severe medical condition who has _not_ told their loved ones. When my close
family and friends are ill or going in for checkups that are potentially not
routine, I want to know immediately what happened. If my loved one were to be
drastically ill, I would want to know everything about their condition, the
test results, the doctors' reports, the latest research, etc. Surely the HN
community understands the desire to geek out over knowledge (health knowledge)
and Prime aids that.

Furthermore, I recently suffered some major personal health issues. When I was
in the midst of a flurry of doctors visits and medical procedures, my family
and friends were all very curious to know what was happening and if they could
help out, etc. I was already exhausted by the doctors' visits, and sharing the
result of every test and exam with dozens of people was really straining for
me. I was extremely lucky to have people near me who could assist me in
spreading the word to the people who cared, but this whole "sharing
information" problem would have been perfectly solved with Prime. I
intentionally did not share any of my health information on Facebook, because
I didn't trust Facebook's data privacy and sharing policies. While health is
social, it's still private. But Prime may solve this.

For more routine procedures, I can see Prime being very useful. Did my elderly
grandmother get her flu shot yet? Check. What was the result of my father's
latest checkup about his cholesterol level? Easy to know.

Beyond "social", Prime provides centralized repo for all your medical data.
Remember Mint? Remember how everyone gave up their bank passwords to a web-
based service so they could see pretty charts and better budget and manage
their finances? Remember how Mint took that information and sold ads and
upsells against it? Yeah. Right. That's what is happening with medical data,
too. Someone (Prime, perhaps) is going to be the one to collect all this
information in one place, make it easy to read and understand, and become "the
Mint of health data". I would bet on this. The world of health data is too
fragmented to not be consolidated sometime soon.

The issues Prime faces are not small: first, ingesting data, and second,
earning their users' trust.

I wish them the best of luck.

~~~
merlinsbrain
"When you're sick, do you tell your loved one (boy/girlfriend, spouse, parent,
close friends, etc?). Of course you do."

This is __highly__ subjective. I don't do this. But neither your comment nor
mine proves anything.

I have a feeling they're coming from the premise that pre-Facebook no one
wanted to share what they're doing, filtered pictures of what they're eating,
etc. The world evolves. As someone else has mentioned, maybe they're ahead of
their time. Then again, maybe not. The only thing they're getting flak on here
is the social part of the product. I'm unwilling to believe they just did that
for a "Web 2.0" badge. However, it'll be interesting to know how they figured
health is inherently social.

Psychological illnesses, cancer, etc may be too sensitive to share. Even
pregnancy for that matter. Fever, stomach aches, head aches may be noise - I
know people who just trudge along their day without a second thought. But this
is anecdotal.

I do think they're building something cool here and wish them the best of
luck!

~~~
owenfi
Thanks, right on! (Regarding our viewpoint on timing.)

You're also right that it's subjective but it seems that at some point
everyone comes to share or hear about health info and we are working to
improve the communication difficulties in that realm.

------
benched
The copy on that page brings this to the brink of Poe's Law. Maybe they're
just ahead of their time.

