June 26, 2008

Tech Companies Work to Protect Online Health Records

Two leading technology companies are working with healthcare providers to give patients a new prescription for keeping medical records. Google Inc. (GOOG), and Microsoft Corp. (MSFT) agreed Wednesday on new rules to protect the privacy of sensitive online medical information. 

The guidelines are meant to reassure patients their information is safe and protected from online hackers who may try to break into the data.

During the past eight months, patients have raised security concerns since the world's most powerful technology companies-Google and Microsoft-have started Internet storage services for personal health records, or PHRs.

In theory, patients have more control over their medical histories when kept online, due to the ease of sharing information with new doctors.

The field of electronic medical records remains in its early stages.  U.S. privacy laws govern actions by medical providers such as doctors. However, there is little oversight in the field of privacy, security, and data usage despite industry efforts. 

Some doctors and employer groups who support the new guidelines, said they hope to break the obstacles in moving medical records online. Most are born from consumer fears that their personal information will be stolen, or held against them.

"A policy and privacy logjam ... has constricted some of the consumer uptake of these services," said James Dempsey, deputy director at the Center for Democracy and Technology, a privacy rights group that accepts some industry funding.

Guidelines for the storage of personal medical records include an audit trail to track data, a dispute resolution process for consumers who believe their personal information has been misused, and a ban on using data to discriminate in employment.

The Markle Foundation said just 6.1 million adults in the United States have electronic PHRs, according to early estimates released Wednesday.

"Consumer demand for (PHRs) and online health services will take off when consumers trust that personal information will be protected," said Zoe Baird, Markle's president.

The 12-year-old federal law known as HIPAA, or the Health Insurance Portability and Accountability Act, does not regulate companies outside the traditional health care realm, like Google or Microsoft. HIPAA was created to protect private health information from unwelcome sources.

Privacy watchdogs have been warning patients about the risk of turning their medical files electronic. They say it could make it easier for marketers, the government, or legal opponents to obtain their medical information.

The new "Connecting For Health" guidelines strive to level the privacy protection for electronic PHRs and paper medical records.

The Markle Foundation gathered the guidelines during the past 18 months with help from more than 40 companies and trade groups with a vested interest in the outcome.  The Foundation is studying ways to use technology to improve health care.

Google, Microsoft and two other technology companies, Intuit Inc. (INTU) and WebMD Health Corp., said they made minor changes to their existing policies to comply with Markle's privacy framework.

"This is really an exemplary framework for going forward in this area," said Steve Findlay, health care analyst for Consumers Union, the publisher of Consumer Reports magazine. "I think it will enhance the trust in consumers over the next few years."

Aetna Inc. (AET), America's Health Insurance Plans, BlueCross BlueShield Association and the American Medical Association also supported the guidelines.

Not all groups agree the new guidelines will protect patients.  The American Civil Liberties Union called the effort an "after-the-fact approach."

"Their approach is build a system and we'll find out about privacy after the fact," ACLU Senior Legislative Counsel Tim Sparapani said.

Meanwhile, U.S. lawmakers in the House of Representatives on Wednesday debated a bill to establish a national coordinator for health information. They also discussed the push for adopting electronic technology.

Concerns over privacy protections have stalled a companion bill currently working its way through the Senate, its prospects are unclear.

The ACLU says it opposes the current version of the bill because it lacks specific language that would allow patients to review their own files and correct false data.

This month Microsoft announced a deal with Kaiser Permanente, the biggest U.S. health maintenance organization. The company will use Microsoft's HealthVault platform to allow Kaiser employees to voluntarily have their records transferred.

Google Health, a U.S. health data service combines the top Web company's search services with a user's personal online health records.