A 'Blue Button' for Health Data

However, at the current time, this simple capability is rarely offered. But, if it was implemented with sound privacy practices, the little blue button could make a big difference if it became a common feature of health IT, the foundation observed.

In its policy paper, Markle calls for the blue button to be routinely offered to consumers—provided that a set of recommended practices are in place. These practices would first inform individuals about their choice to download information and confirm that the individual wants to do it.

As Markle notes in its white paper: "Simplicity is one of the biggest strengths of the download button. [But] no matter how simple this concept, individuals need to be made aware of how it works."

Next, safeguards need to be put in place so that the right person—and the right machines—are accessing the information. Given that patient engagement is a federal health IT priority, a need exists for federal guidance on "acceptable thresholds" for identity proofing and authentication of individuals, the foundation said.

As the download capability becomes a common feature on patient portals and other personal health information services, structured health data is likely to become more "easily harvestable" by automated processes—whether acting as legitimate proxies or as impostors. Therefore, Markle suggested the following protections:

• Deploy separate pathways for download requests from individuals, and download requests via automated processes acting on the individual’s behalf.

• On human-accessible download pages, deploy an effective means to determine whether a real person is requesting the download.