Friday, March 28, 2008

As More Of Our Health Records Move Online, Privacy Concerns Grow

At CFC we've been part of an effort to figure out the best way to protect the privacy of patients in the approaching reality of online and electronic health records. Without getting mired in a discussion of just how much money this will really save, or how long its really going to take to implement, let's delve into the privacy implications of such a move and possible ways to ameliorate them.

We're now seeing a major move by industry giants such as Microsoft and Google coming out with products for this information storing and sharing purpose. So the question that will confront those concerned about privacy will be how to ensure they institute the proper safeguards for patients.

I usually never go to Fox news for anything, but, this article seems to at least do a decent job of broaching the topic, and does quote and source one of the most respected voices in the privacy protection community, Pam Dixon of the World Privacy Forum.

Kristen Gerencher of MarketWatch reports:

Last October, software giant Microsoft unveiled a consumer-focused online platform for personal health records called HealthVault. Internet search behemoth Google is set to follow soon with a launch of its version called Google Health. About 200 companies now offer personal health records, or PHRs, experts say.

Earlier this month, health insurer Aetna announced it's adding to its secure member Web site a sophisticated search tool that brings up multiple resources such as relevant discount programs and a list of local doctors based on search terms that members enter. The company says the changes will complement Aetna's new PHR for members as well.

These developments may be good news for consumers looking to collect, store and selectively share their health-care information in a digital format, coordinate records with their doctors or enter medical questions into an intuitive online search query.

But the elephant in the room is privacy. Consumers who enter sensitive medical information into a PHR want assurance that their data won't be exposed in a way that embarrasses them or, worse, hurts their ability to secure a job or health insurance. Despite many companies' promises and some state laws that set additional privacy standards, there are more questions than answers when it comes to protecting consumers' PHRs, legal experts say.

...

The potential problem: Many of the companies offering PHRs aren't covered by a federal law called the Health Insurance Portability and Accountability Act of 1996, known as HIPAA, which covers information traded between health-care providers, health insurers and clearinghouses involved in processing payments, said Kevin Lyles, a partner in the health-care practice of law firm Jones Day in Columbus, Ohio.

Outside of those entities HIPAA doesn't apply, he said. "What you're relying on as an individual is the company's promise to you that they won't do anything with your information."

...

To be sure, Google and Microsoft plan to allow users to control the levels of access they want various parties to have and will offer the ability to revoke that access at any time.
Still, Pritts said consumers need to read and understand two important documents: the privacy policy and the terms of use.


"You can really be surprised by what's in the terms of use if you don't read them," she said. "Hardly anybody reads these. They're dense. They're written in language that's not consumer-friendly and we're used to just hitting 'I accept' and not thinking there's anything hidden in there."

...

The onus is on the consumer to check and recheck because companies can reserve the right to change their policies at any time, Lyles said. "Typically if they change it it's not going to be retroactive, but if they change it are you going to know? How many companies send privacy policies every year and do you read it for changes? I doubt it."

...

Aetna expects to nearly double enrollment in its PHRs to 6 million members this year. So far only members have access, but eventually doctors will have access too, Bahl said. The company maintains searches on SmartSource use profile data such as ZIP code, gender, age, benefit plan and health conditions to make results more meaningful, but that they don't include personal identification.

Pam Dixon, executive director of the World Privacy Forum, a public-interest research group in San Diego, said she's concerned about how well members' identities will be protected. "If this were all being done completely anonymously, I think some of the questions would go away but this is not anonymous searching," she said. "I think the greatest potential harm comes from new diseases and things they don't have about you."

This no doubt will be a continuing debate as these systems expand and progress. From my perspective, it always makes so much more sense to take into account all the issues, particularly privacy, BEFORE we jump in head first. Certainly, we can have both an efficient health records system, and healthy protections of individual patient privacy.

Click here to read the article in its entirety.

No comments: