Google Health Isn’t Alone. Who Exactly WILL Have Your Online Health Record?
by
on March 02, 2008,
With the “official” announcement of Google Health, which was hinted at back in January, Google is highlighting an ongoing trend of putting absolutely everything online. But what does it really mean for patients?
While it doesn't seem to have gotten the insane amount of press that Google has, Microsoft was actually first out of the gate, announcing HealthVault back in October of last year. With buy-in from corporate partners, HealthVault can link up your data with services from these partners. Your Omron blood pressure monitor and pedometer can interface with the service, letting your doctor know how much you are REALLY exercising. Your Johnson & Johnson blood glucose monitor can let your doctor know when you broke down and had that huge slab of birthday cake.
New York City and Wal-Mart are also moving to e-health records, with New York putting records online for 200,000 patients and Wal-Mart requiring all providers for their co-branded in-store clinics to also utilize the same service that New York City is using: eClinicalWorks.
We now have three large players with online health records systems in the game, with more waiting in the wings to get their own piece of this enormous pie with some very obvious questions that haven't even been touched upon: who will regulate this highly personal data?
Google has said that they won't sell ads to monetize Google Health, but Microsoft's model is already showing that there is another way to get corporate support in a more subtle fashion. What are the privacy rules surrounding that potion of the application? Would Johnson & Johnson get a feed of how many blood glucose readings I've taken, sending me an alert when they think I might need more supplies? Other companies help track and recommend fitness goals; would they then partner with local gyms to “facilitate” my goals?
Chris Saad, CEO of Faraday Media and the face of Data Portability, vocalizes concerns that Google's announcements misuse the concept of data portability, describing it only as moving your health records between doctors using their system, and might hold your data hostage in their system, but that's the very least of what we should be concerned about. None of these companies, you see, are covered under the U.S.'s Health Insurance Portability and Accountability Act (HIPAA), as Steven Levy points out:
“Covered files are strictly controlled, can't easily be subpoenaed, can't be exploited for profit and have to be stored securely. But Microsoft and Google aren't health-care providers.”
In other words, if your doctor signs up for any of these services, you lose the legal protections afforded by HIPAA. They have no legal binding to NOT provide your information to third parties for marketing. And while these companies claim that their security measures meet or exceed those required by HIPAA, what happens when they get their first subpoena from an employer over a Worker's Comp case? Or an auto insurance company who wants to blame an accident on a possible medical condition?
While health care is a huge market, there are ethical concerns regarding putting this information online that should be addressed before this becomes so prevalent in the industry that it becomes impossible to rein back in.
If you enjoyed this post, make sure you subscribe to profy RSS feed!
Susanna
Svetlana Gladkova
Irel Johnson 
65bus 
Patients have options for addressing the (overblown) privacy fears associated with Google health records. Patients might post legal terms and conditions in their records. http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html
microsoft just announced an agrrement with imedicore by vemics which is HIPAA approved:
http://biz.yahoo.com/bw/080228/20080228005148.html?.v=1
Roy, they will claim “HIPAA compliant” but the reality is that the law itself doesn’t include any online provider. The text of the law includes medical practices, hospitals, labs, and insurance companies, but has no provision for any additional providers. These companies can claim whatever they want, but if they deviate from their established practices, there won’t be a way for patients to go after them in court. They aren’t legally bound by the law.
People have got many choices rather than blindly going for google for keeping their medical records on their servers which are not so secured. And the great news is that the Microdoft corp. has also joined the race.
Do you really think HIPAA gives patients control of who has access to their medical records? Go to your provider and tell them that you do not want anyone to access your health records and see what they tell you. Since EMR software does not provide any granular access to patient records controlled by patients, your PMR is probably more secure than your provider’s EMR which is shared withgout your knowledge or approval with any other healthcare organization under HIPAA.
http://www.imedicor.com/hipaa_compliant
Mike, I agree, but I’m concerned that they won’t have a choice when doctors and medical groups like the Cleveland Clinic jump on the bandwagon getting the most press.
@Homer I agree. I don’t think HIPAA went far enough in terms of protecting data.
@roy HIPAA compliant does not mean covered under HIPAA. I’m waiting for the first lawsuit that will make that glaringly obvious. Only healthcare providers (including insurance companies) are included, and these third-parties will be the first ones to say “HIPAA didn’t mention US” when someone sues.
I am a medical doctor. I see patients every day. Including the Emergency Room where I work.
Because of that, I deeply understand, not only theoretically but as part of my daily experience that patient-physician relationship is the key for the quality of health-care.
A patient must trust his doctor. If there is no confidence, we lost a lot (patients and docs).
Saying that, privacy of data becomes a real importante issue. A patient that talks about his sexual activities, extramatrimonial affairs, fears, weakness, mental health… should be sure that the doctor will not reveal that information to third parties.
During thousands years physician have follow this hippocrates oath sencente: What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.
So at the moment I designed the keyose (www.keyose.com) service, I have a very clear idea: privacy must be the priority number one!
Storing thousands of personal health records electronically has a big risk. What if someone unauthorized (a cracker for instance) access to the database? No matter how much money or effort you invest in the security of a system. There is no 100% secure system in the world. And the health information of thousand of people is very attractive to so many people (government, insurers, bank, private companies, criminals devoted to extortion…).
There are many companies entering the business of eHealth. Google Health, Microsoft HealthVault are just the two most known examples. As a medical doctor I am really concerned about the privacy of data. 90% of UK physicians and German doctors think like me.
Keyose was designed in such a way that no personal information is stored. We do not need your name, email or identity. And more importantly: We do not want it.
I would never put my personal, my patients or my relatives health information in a online database that contains the identity of the patients. You can trust me!
Dr. Julio Bonis
Is there a form to ask my doctor to sign stateing he will not release my medical records to anyone?