Mr. Steve Lohr, of The New York Times, wrote an article about a research study published in The New England Journal of Medicine by two Doctors (Kenneth D. Mandl & Issac S. Kohane) who opine that with the emergence of companies, like Microsoft and Google, into the Healthcare Records Storage Industry, a dramatic and "seismic" challenge will be faced in regards to patient privacy. Mr. Lohr points out that "[a]s part of a push toward greater individual control of health information, Microsoft and Google have recently begun offering Web-based personal health records. The [New England Journal of Medicine] article’s authors describe a new ‘personalized, health information economy’ in which consumers tell physicians, hospitals and other providers what information to send into their personal records, stored by Microsoft or Google. It is the individual who decides with whom to share that information and under what terms."
Proponents of electronic patient records, like Drs. Mandl and Kohane, argue that moving towards this type of technology will have tremendous benefits to the kind of care patients receive and help them make better informed decisions. However, the Doctor’s concede that there are drawbacks to electronic patient records that the Medical Industry and Federal Government need to address before it turns mainstream. Up until now, most patient records were kept in the doctors’ office, hospitals, clinics, health maintenance organizations and pharmacy networks, but the trend is moving towards private companies who offer patients a Web-based approach in accessing their vital records.
The cause for concern, which Dr. Mandl and Dr. Kohane want to address, is centered around the stewardship and control of patient records and information. Under current laws, like the Health Insurance Portability and Accountability Act (HIPAA), Microsoft and Google would not be bound by the same privacy laws that hospitals, clinics, and the like, are subjected too. According to Mr. Lohr’s article, HIPAA did not anticipate Web-based healthcare records systems, like the ones offered now by Google and Microsoft, and therefore make no reference or application to that technology.
Mr. Peter Neupert, Vice President of Microsoft’s Health Group, resists the idea that laws, like HIPAA, should be expanded to include Web-based patient records management, even though he feels the concerns published by Dr. Mandl and Kohane are valid. His approach is to have a third-party validate the operation of the records management system to ensure it conforms to the assurances Microsoft says it does (similar to what an auditor does for financial records of a corporation).
The article raises very interesting and important questions in regards to Web-based patient privacy: is government oversight or free-enterprise competition a better insurance policy for assuring that patient records are not misused or mishandled? UCLA Medical Center has routinely been in the news because of the improper disclosure of "high profile" patient information. Most recently, an employee at that hospital was fired for improperly handling Mariah Carey’s medical records. Would a Web-based approach that restricts or limits access to Ms. Carey’s information have prevented the breach of her patient records? Is it trustworthy and reliable? What are the vulnerabilities? Should Microsoft and Google get a "pass" on privacy laws that others are subjected to? All are legitimate questions that need to be asked in order to determine if government oversight is appropriate or whether free-market competition is sufficient to protect patient privacy.
To read Mr. Lohr’s article click here: Warning on Storage of Health Records