The New York Times reports on commentary in the current New England Journal of Medicine where two doctors warn of the dangers of having large corporations like Microsoft or Google being in the business of storing patient medical records. Here’s the opening section of the doctors’ essay:
Tectonic Shifts in the Health Information Economy
In a recent shift in the health information landscape, large corporations are seeking an integral and transformative role in the management of health care information. The mechanism by which this transformation is likely to take place is through the creation of computer platforms that will enable patients to manage health data in personally controlled health records (PCHRs). Two types of large corporations are involved. Technology companies such as Google and Microsoft see business opportunities, whereas Fortune 100 companies in their role as employers see efficiencies and cost savings when patients can securely store, access, augment, and share their own copy of electronic health information. Though this shift in the locus of control of health information is driven largely by a need to provide assistance with clinical care processes, it will also profoundly affect the biomedical research enterprise.
And for those who lack institutional access to the rest of the article, here’s the Times’ synopsis:
As part of a push toward greater individual control of health information, Microsoft and Google have recently begun offering Web-based personal health records. The journal article’s authors describe a new “personalized, health information economy” in which consumers tell physicians, hospitals and other providers what information to send into their personal records, stored by Microsoft or Google. It is the individual who decides with whom to share that information and under what terms.
But Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or Hipaa, the main law that regulates personal data handling and patient privacy. Hipaa, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.
The authors say that consumer control of personal data under the new, unregulated Web systems could open the door to all kinds of marketing and false advertising from parties eager for valuable patient information.
Despite their warnings, Dr. Mandl and Dr. Kohane are enthusiastic about the potential benefits of Web-based personal health records, including a patient population of better-informed, more personally responsible health consumers.
“In very short order, a few large companies could hold larger patient databases than any clinical research center anywhere,” Dr. Mandl said in an interview.
But the authors see a need for safeguards, suggesting a mixture of federal regulation — perhaps extending Hipaa to online patient record hosts — contract relationships, certification standards and consumer education programs.