Should Internet companies handle your medical records?
The New England Journal of Medicine has sounded the alarm about Internet companies such as Microsoft and Google that are now offering web-based personal health records. To be sure, there are vast benefits to putting every Americans’ health record into electronic storage.
But it’s a proposition that’s certainly a two-edged sword. As much as it could streamline medical care and empower patients to make smarter and more timely decisions about their healthcare, it could also threaten the privacy and security of those records.
Regardless of the advancements in computer data storage, the bulk of patient records within the U.S. healthcare system still remain tucked away in the traditional places – doctors’ offices, hospitals, clinics, pharmacies, and the like. Strict government regulations govern the ways in which the details of personal medical records can be parceled out to insurance companies and healthcare systems. And as much as medical researchers would love to delve into this treasure trove of health information, regulations also place tight restrictions on this – making sure that patients’ identities are protected.
But in my opinion, one of the major weaknesses of the current medical record storage system is that it’s so difficult for you to get hold of your own medical records. It’s completely legal to request a copy of your own medical records, but, as anyone who has tried knows all too well, getting a complete copy can be an arduous process since medical records are divvied up between several institutions – a bit here, a bit there, some more over there.
As you know, I’m a strong advocate of patients having more control of their own health care, so I think that the idea of centralizing medical records electronically so that your entire medical history is merely a few keystrokes away is an enormously exciting prospect.
Of course, there’s a downside to all of this.
Companies like Microsoft and Google are not bound by the Health Insurance Portability and Accountability Act (HIPAA) as are doctors offices, hospitals, and all the other places that are normally responsible for storing personal medical records.
And that’s the rub.
Placing information that’s as highly sensitive as personal medical records into the care of unregulated Internet storage systems is risky business, and it could open the door to all manner of marketing and false advertising people who are eager for this gold mine of medical information.
Unfortunately, the only way to safeguard against this sort of thing is to get the government involved and while I’m not fool enough to believe that the Federales cannot get their mitts on your personal medical records if they really want them, I’m incredibly uneasy about handing over stewardship of medical records to the government.
The authors of this article are doctors after my own heart. As Dr. Isaac Kohane, one of the authors said, “I’m a great believer in patient autonomy in general, but there is going to have to be some measure of limited paternalism.”
One potential solution to this problem would be to extend the HIPAA to cover Internet players like Microsoft and Google. This seems to be the quick and easy solution to the problem. But what worries me is, as Dr. Kohane called it, the idea of “limited paternalism.”
If you’ve been paying attention, you’re well aware that once a government department or bureau is created, it grows. There’s nothing at all “limited” about any government organization. I’m always suspicious of central authority, especially when the government has, in my humble opinion, such a bad track record with healthcare bureaucracies (as you know, my favorite example is the FDA).
But does the government really need to get involved? After all, every day millions of Americans already trust incredibly personal information to Microsoft and Google’s care in the form of emails through free webmail services such as Hotmail and Gmail – this is merely the electronic form of the mail handled by the U.S. Postal Service, and it is often just as sensitive (if not more so) as medical records. Emails sent via Hotmail and Gmail routinely contain loads of personal and financial information. And yet this never seems to be compromised by Google or Microsoft.
I say leave Uncle Sam on the sidelines on this one. The security for personal medical records is already in place – Microsoft and Google are more than ready to safeguard Americans’ medical records. They have the unique opportunity to usher in a new age of empowerment for patients all over the country. Let’s give them the chance.
