Cutting to chase of Personal Health Record debate

The correct answer, doctor, is it's none of your business. I'm not a covered entity under HIPAA. Google and Microsoft are working for me, not for you, and thus they're not covered entities either.

New England Journal of Medicine logoThe New England Journal of Medicine has entered the debate over Personal Health Records (PHRs) with four articles, all with different perspectives, all with the full text behind their registration firewall.

So let's cut to the chase. I've seen this play out in a host of industries over the years -- news, music, video -- and it's all about one word.

Control.

Arguments about control of the data are really arguments about control of the customer. The health industry, like all industries, fears losing that control.

They have it now. Each doctor's office I visit, each hospital, each clinic, has a file on me. It's behind the nurse's station. Usually it's on paper. Sometimes it's in a computer. But it's not going anywhere -- control resides with the physician.

And I'm not really given access to it, although by rights I should be.

In these debates Google and Microsoft are stand-ins for the loss of data control to the customer. To me.

It's easy to see this because of the obvious conflation going on.

Electronic Medical Records (EMRs) are the records held by my doctor or hospital. I'm entitled to a copy of them under the law, but I seldom get them, and even when I do I only get pieces of them at a time.

PHRs are those copies I control. Google and Microsoft have both offered means by which EMRs can become PHRs, and technology for storing them on behalf of consumers.

So, the doctors say, what if Google or Microsoft misplace them? What if there's a data breach -- as there is so often in the vast medical computerocracy -- what then?

The correct answer, doctor, is it's none of your business. I'm not a covered entity under HIPAA. Google and Microsoft are working for me, not for you, and thus they're not covered entities either.

It's between me and my Web host.

Google and Microsoft themselves are too polite to say this out loud. "I am skeptical of the concept of paternalism,” Microsoft Vice President Peter Neupert wrote to The New York Times.

Me, I'm not so polite. HIPAA is meant to protect me from you, Doc, not as a defense against sharing what you have on me with me. I'm not the covered entity. You are.

Neither is the owner of the server where I choose to store it. There are other laws to cover their mistakes. If something happens I will use them. They will hear from my lawyer.

The bottom line is once I have my data, it's mine. And I want it.

Now, please.