Heart Gadgets Test Privacy-Law Limits

The U.S. has strict privacy laws guaranteeing people access to traditional health files. But implants and other new technologies—including smartphone apps and over-the-counter monitors—are testing the very definition of medical records.

Some legal experts say the 1996 U.S. law governing patient access to their health files—HIPAA, or the Health Insurance Portability and Accountability Act—hasn't kept up with technology. The law gives patients the right to access information held by doctors and hospitals. However, the raw data gathered by an implant isn't held by a doctor or a hospital: Typically it goes directly to the device maker, which provides a summary report to the doctor. Because of this, the raw data falls outside the scope of HIPAA's patient-access requirements. In addition, Medtronic said, business agreements with doctors and hospitals restrict it to relaying information only to them.