Warning on Storage of Health Records

As I mentioned a few days back when the LA Times revealed the rash of electronic medical record privacy violations..."you can be sure this issue is only going to become more important in the months and years to come as our medical records will continue their transition into the digital age. That of course means electronic records being shared by increasing numbers of people and in an increasing number of ways and for an increasing number of reasons (many perhaps illegal).

In fact, you won't see a health plan these days that doesn't already factor in the claimed costs savings that such electronic records will bring to consumers. Now, that debate is for another time - but a debate that needs to be had right now, is how far will we go to protect our most private information?"

Well, we now have more reason to worry, as two leading researchers published an article in The New England Journal of Medicine warning that "the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records."

The New York Times Reports:

The authors, Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, are longtime proponents of the benefits of electronic patient records to improve care and help individuals make smarter health decisions.

But their concern, stated in the article published Wednesday and in an interview, is that the medical profession and policy makers have not begun to grapple with the implications of companies like Microsoft and Google becoming the hosts for vast stores of patient information. The arrival of these new corporate entrants, the authors write, promises to bring “a seismic change” in the control and stewardship of patient information.

...

But Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or Hipaa, the main law that regulates personal data handling and patient privacy. Hipaa, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.

The authors say that consumer control of personal data under the new, unregulated Web systems could open the door to all kinds of marketing and false advertising from parties eager for valuable patient information.

...

But the authors see a need for safeguards, suggesting a mixture of federal regulation — perhaps extending Hipaa to online patient record hosts — contract relationships, certification standards and consumer education programs.

Click here to read the article in its entirety.