IAPP-GDPR Web Banners-300x250-FINAL

By Larry Dobrow

For a trio of fledgling services that have barely registered on consumers' radars, Google Health, Microsoft HealthVault and Revolution Health sure have engendered their share of debate--about whether such systems pose a threat to the sanctity of users' personal health information, about whether even a small percentage of adults truly want to be put in charge of their health information, and more. The three systems, all of which bill themselves as tools to help consumers exert better control over their healthcare decisions, place the burden of inputting and maintaining health information upon the individual.

But once you get past the terminology issues--many commentators stress the need to distinguish information held within Google Health and its ilk from "true" electronic health records (EHR) maintained by physicians, which fall under the regulatory aegis of HIPAA--the question remains: Given the complexity of the U.S. healthcare system, can Google Health, Microsoft HealthVault and Revolution Health succeed in their mission, especially at a time when "true" EHRs are slowly making headway in doctors' offices and hospital corridors?

Pundits are split. On one hand, they caution never, ever to bet against the likes of Google or Microsoft. On the other, they question whether concerns over the privacy and security of sensitive personal health information will torpedo the info-intensive systems before they get off the ground.

"My perception is that there's great ambivalence about third-party EHRs [like Google Health]," says Pam Dixon, executive director of the World Privacy Forum. "Forget about consumers for now--think of it from the doctors' perspective. They're not going to get on board with this unless the information is conveyed in a manner they can fully trust and rely upon. There are obvious malpractice concerns for them. That doesn't mean that there's not some utility to [the third-party EHRs], but the main read I get is ambivalence."

Counters Judy Van Norman, senior director of care transformation at Banner Health, a nonprofit healthcare system in the process of going paperless: "We see a real benefit in the clinical decision support that can be delivered using electronic records. The number of drugs and the amount of clinical information out there is impossible for any one person to hold in a single brain. Let the computers do what they do best, which is remembering billions of pieces of information."

And according to Don Peppers, "History has clearly shown that consumers will trade off a modest amount of privacy protection in return for service that is more convenient or less expensive. I doubt many consumers will obsess about their medical privacy as long as the EHR saves them time and money, even while improving accuracy." He adds, however, that the benefits to the consumer must be genuine, and they must be easily demonstrated.

Those who advocate widespread implementation of systems like Google Health tend to frame their arguments within the context of inefficiencies that exist in the healthcare system. By compiling information about everything from their allergies to prescriptions in a single place, consumers can be assured that such information does not escape notice by a treating physician. This, at least in theory, should lead to better patient care and fewer oversights. Other potential benefits include a reduction in duplicate tests and/or procedures and standardization of care among the healthcare system's many, many providers.

"Right now, you see [health] records transmitted by paper and fax," notes Ross D'Emanuele, a partner at law firm Dorsey & Whitney. "It takes a lot of time to get information from one place to another, and when the information is transmitted there can be problems--pages left out, indecipherable handwriting. Electronic records, even through one of those systems, helps eliminate those errors."

The problem with all this? Even the biggest boosters of EHR management systems have no idea how to make them easily manageable, especially from the aforementioned sanctity-of-information perspective. The sheer number of players involved--physicians, hospitals, insurers, pharmacies et al--make privacy a legitimate concern, because privacy policies tend alternately to overlap and clash. Too, while the financial industry has more or less completely gone electronic, healthcare involves a different set of sensitivities.

Dr. Davis Liu, a physician with the Permanente Medical Group and author of Stay Healthy, Live Longer, Spend Wisely: Making Intelligent Choices in America's Healthcare System, won't give a verdict on the Google Healths of the world just yet ("because I'm not sure the American public wants this responsibility"). At the same time, he says that he wouldn't want his family to be the "guinea pigs" for an entity like Revolution Health. "Imagine if it leaks out through one of these systems that you have HIV, what your employer or anybody else might think. You can't reverse that."

Liu also worries about information-sharing allowances buried deep within online disclaimers, which he believes most consumers will gloss over. "What's Google's business model? Advertising. There's reason to be suspicious."

Dixon echoes his concerns: "A majority of consumers would expect that [the privacy/security safeguards within] HIPAA applies here, but it doesn't. Things around doctor/patient privilege, subpoenas of health records, marketing issues--you can't just wave them away with self-regulation."

Another question yet to be answered to anyone's satisfaction is ownership of the EHR data within health records. Consumers have traditionally assumed that the information belongs to them--that is, if they've given the matter any thought at all. Still, for years, physicians and hospitals have treated that information as if it were their own.

While D'Emanuele suggests that the issue has been framed improperly--"it's really about who has the right to use the data in certain ways and who has the obligation to maintain it"--Dixon is concerned that the consumer voice hasn't been heard amid all the back-and-forth. "It's been a closed process. You have lots of entities with interests here: pharmaceutical companies, insurance companies, technology companies, employers. It's almost impossible for consumers to get a word in," she explains.

Clearly the multiple and intertwining debates won't be settled anytime soon, though by the end of 2009 we might have a better clue as to the eventual fate of Google Health, Microsoft HealthVault and Revolution Health (as well as others that may pop up). Obviously their fate hinges on whether consumers will get on board, but employers might also have a say. "Imagine if employers start mandating use of these things," Dixon cautions.

Liu won't venture a guess as to when the EHR issues might be resolved, but he believes that consumers and most of the key players have similar interests at heart. "We agree that everything should be interoperable and that healthcare right now doesn't do that. So maybe patients will embrace that responsibility. We all have good intentions, so why not see how it plays out?"


If you want to comment on this post, you need to login.


Related Posts


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»