Last week the founder of software firm Epic Systems asked some leaders of big health care systems to please get their objections to Washington before it's too late to stop proposed federal rules that promise to open up electronic health record systems.

These new rules are about what's called data blocking. But what the conflict really boils down to is differing notions of security when it comes to patient information.

And money, too, of course.

These rules aren't drawing much attention outside of the health care industry, but you can tell this issue has gotten pretty hot or it would have been a lot easier to get Minnesota health care executives to talk about it.

As for Epic Systems, its media representative simply pointed to a policy statement on its website.

Who is on the right side of this one isn't an easy call. What seems clear, though, is that we now have one more window into some of the reasons change in health care is so hard to come by.

Can Americans really not be trusted with their own health information? No one seems to quite say that. Millions of Americans every day surrender lots of information to big companies like Google and Facebook without much thought.

Ever carefully read the privacy policy before installing a new smartphone app? I haven't either.

Epic Systems seems to be in the middle of this story, maybe in part because founder Judy Faulkner is more outspoken. In addition to asking health system customers to weigh in, she has also raised the possibility of suing the federal government if rules she finds objectionable go into effect, as first reported by Politico.

Faulkner started Epic Systems in a basement office in Madison, Wis., more than 40 years ago. She still leads the closely held company, based now on a sprawling campus just outside of Madison.

Epic generally seems to be ahead of rival Cerner Corp. for leadership in the American health-record software market, with Epic doing particularly well with bigger health care systems. Here in Minnesota there is no market-share battle, as Epic more or less owns the market.

When a new Epic system finally went live at Mayo Clinic in 2018, this news was so big that the Rochester Post Bulletin newspaper noted that the switch was made at 3:54 a.m. on a Saturday morning, a major milestone on a $1.5 billion project.

Usually called an EHR, these systems are more than repositories of patient records, as they are used throughout a care system to manage patient cases and operations.

The rule changes now in play in Washington for EHR systems have been out for months. The current view in Washington is that consumers need to be far more active in making health care choices for themselves and, as an industry, American health care doesn't make that easy enough. Among other things, Americans need a more complete picture of their own health.

That should include allowing patients to go another route besides through their clinic or health care provider for their information, like the website of an insurance plan or even third-party applications on a smartphone.

The EHR industry argues, with good reason, that its systems have been open for properly sharing information for a long time, allowing a patient to move along with treatment even though different clinics or specialty practices got involved along the way.

The proposed changes seem to go well beyond that, allowing consumers with smartphones and third-party applications to get at their information.

Technically this doesn't seem to be much of a project. A big part of our networked world relies on parts of a computer system that automatically handle a request for information from another computer and sends back the right info.

Lots of information a person might want to quickly know sits inside someone else's computer system — from the weather outside to the boxscore from last night's Minnesota Timberwolves game — yet can almost magically appear on a smartphone.

On the other hand, blood-test results and lists of medications are a lot more sensitive than how many three-point shots the Wolves missed.

And that's the basic argument of the industry. If this goes the way it has for a lot of other third-party applications created by firms without the same privacy standards, other companies with their own moneymaking agenda might get this information right away.

Health care professionals who now suggest third-party apps to patients should simply assume that their patients' data are going to fall into the hands of other companies hoping to make money off it. That was one sobering conclusion from a study last year published by the Journal of the American Medical Association.

This research paper looked at three-dozen popular third-party applications for depression and smoking cessation, both for Android and Apple phones. Of these 36 apps, 29 of them collected data and sent it for advertising and marketing to Google or Facebook, if not both. Only 12 of 28 transmitting data to Google and half of the 12 that sent data to Facebook bothered to disclose this practice.

Another study from last year found that 4 out of 5 "top-rated" health apps on the Google store shared user data.

What would happen if a patient used a sloppy smartphone app to grab a recent lab report with blood sugar shown to be high enough to be in the range of diabetic? It's beyond my expertise to know if Google or Facebook, if they received that information, could start serving up advertisements for diabetes treatments.

On the other hand, there's no excuse anymore to be naive about what a company like Facebook does with the user information it manages to get. 612-673-4302