Will you trust your medical information to Google?
The Cleveland Clinic has announced a partnership with Google that will essentially be a soft launch of the long-awaited Google Health personal health record service. Privacy concerns may not be too far behind.
According to a statement, Google will help the Cleveland Clinic to offer personal health records (PHRs), which are medical data warehouses that allow you to share your information with physicians or anyone else you trust.
The Cleveland Clinic already has a PHR system dubbed eCleveland Clinic MyChart that has 100,000 patients enrolled. The Google effort is a pilot within that system--there are a bevy of lesser known software companies that provide PHR systems. Under the Google pilot the Cleveland Clinic will sign up 1,500 to 10,000 patients. The goal is to test secure exchange of data such as prescriptions, allergies and other relevant data.
For Google, the pilot is a good test. If these Web-based PHR systems are going to work they are going to have to play nice with existing systems already in place. Interoperability has been an issue in the PHR market, which is why folks like Google and Microsoft, which has already launched HealthVault have an opening.
The concept of a PHR system makes a lot of sense, but there are key differences between the profiles offered by Google and Microsoft and systems from hospitals. The biggest one: These PHR services from the likes of Google, Microsoft and RevolutionHealth aren't covered by HIPAA (the Health Insurance Portability and Accountability Act). HIPAA, passed in 1996, created standards for electronic health care transactions and addressed security and privacy issues.
Since the portals behind PHRs don't technically own the data--since the user picks and chooses what to put into the repository--there are no HIPAA requirements. Data brokers and medical institutions have HIPAA requirements.
In a nutshell, these newfangled PHR systems give you some privacy protection but it's just what's covered in each company's privacy policy. To me that's a pretty big difference. The general Techmeme reaction is that you shouldn't sign up if you're worried about privacy. That's true, but don't be surprised if these efforts become HIPAA fodder in the future.
In a Knowledge@Wharton article discussing the PHR issue following Microsoft's HealthVault launch Anita Allen, a law professor at the University of Pennsylvania said the following.
"I think it's a great idea to enable consumers to maintain their own health information. But when they do that and use third party providers, they are taking risks. One can enter a contract with a firm and use a service, but that means you have to trust the party -- Google, Microsoft or anyone else. Also, realize that other parties, including the government, may have access to that data under subpoena power. Companies can make promises, but they may not be able to keep the government out of your business."
That's good food for thought as these Web PHR efforts roll out.