Should You Trust Your Health Records to Google and Microsoft?

I want to continue covering what is only going to become a more important issue in the months and years to come: the emerging electronic medical records "industry" and the privacy concerns associated with it.

As I have detailed in the past two weeks, there has been a rash of electronic medical record privacy violations as well as a new study published in the The New England Journal of Medicine warning that "the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records."

As I also stated, "you can be sure this issue is only going to become more important in the months and years to come as our medical records will continue their transition into the digital age. That of course means electronic records being shared by increasing numbers of people and in an increasing number of ways and for an increasing number of reasons (many perhaps illegal). In fact, you won't see a health plan these days that doesn't already factor in the claimed costs savings that such electronic records will bring to consumers. Now, that debate is for another time - but a debate that needs to be had right now, is how far will we go to protect our most private information?"

The fact is, currently we have no laws guaranteeing the privacy of digitized health information. And until that time comes, there are serious privacy risks in allowing ones records to be electronically stored by companies like Microsoft and Google.

Erik Larkin of PC World writes an editorial in the Washington Post:

Imagine being able to check your medical history as easily as you can your e-mail. Or being able to provide records to a new doctor at a moment's notice. Google, Microsoft, and others are developing promising systems for storing digital health care records--for free.

But there's a catch (of course). Both the upcomingGoogle Health, currently in private testing, andMicrosoft's public beta of HealthVaultdeal with our most personal information. The two projects will eventually enable doctors and hospitals to add records for hospitalization, doctor visits, and prescriptions (after you give your okay), and will permit you to upload data from devices that you might use at home, such as blood glucose monitors. They could be especially useful for allowing a new doctor to quickly confirm that, for instance, a prescription won't cause problems with other medications you're taking.

The drawback? TheHealth Insurance Portability and Accountability Act (HIPAA), a federal law that governs the confidentiality of health records, doesn't extend to non-health-care companies.

...

But absent any HIPAA or other overarching regulation, McGraw notes, you simply have to trust that the companies will do the right thing. Google and Microsoft are, for the most part, being careful with regard to privacy here, but where my health care records are concerned, I want laws that specifically define what can and can't be done with the information. And I want the company responsible to be punished if someone screws up and releases my data.

...

Another issue: Google and Microsoft use a simple Gmail or Windows Live user name and password to access the records. That's great for convenience, but terrible for security and privacy. Internet criminals commonly try to guess or steal Web mail accounts. It's bad enough when a snoop rifles through your Web mail. Imagine one getting access to all your health records at the same time. Faced with these potential gotchas, I'd wait for the systems and the laws to mature before jumping in.

Click here to read the article in its entirety.