The New York Times points us to an article, published in the New England Journal of Medicine, that raises some warnings about taking personal health records online, and entrusting them to third parties not bound by HIPAA regulations:
…Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or Hipaa, the main law that regulates personal data handling and patient privacy. Hipaa, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.
The authors say that consumer control of personal data under the new, unregulated Web systems could open the door to all kinds of marketing and false advertising from parties eager for valuable patient information.
Despite their warnings, Dr. Mandl and Dr. Kohane are enthusiastic about the potential benefits of Web-based personal health records, including a patient population of better-informed, more personally responsible health consumers.
“In very short order, a few large companies could hold larger patient databases than any clinical research center anywhere,” Dr. Mandl said in an interview.
But the authors see a need for safeguards, suggesting a mixture of federal regulation — perhaps extending Hipaa to online patient record hosts — contract relationships, certification standards and consumer education programs.