OneTrust_Square Banner_300x250_DD_ROS_01_19

By Larry Dobrow

For a trio of fledgling services that have barely registered on consumers' radars, Google Health, Microsoft HealthVault and Revolution Health sure have engendered their share of debate--about whether such systems pose a threat to the sanctity of users' personal health information, about whether even a small percentage of adults truly want to be put in charge of their health information, and more. The three systems, all of which bill themselves as tools to help consumers exert better control over their healthcare decisions, place the burden of inputting and maintaining health information upon the individual.

But once you get past the terminology issues--many commentators stress the need to distinguish information held within Google Health and its ilk from "true" electronic health records (EHR) maintained by physicians, which fall under the regulatory aegis of HIPAA--the question remains: Given the complexity of the U.S. healthcare system, can Google Health, Microsoft HealthVault and Revolution Health succeed in their mission, especially at a time when "true" EHRs are slowly making headway in doctors' offices and hospital corridors?

Pundits are split. On one hand, they caution never, ever to bet against the likes of Google or Microsoft. On the other, they question whether concerns over the privacy and security of sensitive personal health information will torpedo the info-intensive systems before they get off the ground.

"My perception is that there's great ambivalence about third-party EHRs [like Google Health]," says Pam Dixon, executive director of the World Privacy Forum. "Forget about consumers for now--think of it from the doctors' perspective. They're not going to get on board with this unless the information is conveyed in a manner they can fully trust and rely upon. There are obvious malpractice concerns for them. That doesn't mean that there's not some utility to [the third-party EHRs], but the main read I get is ambivalence."

Counters Judy Van Norman, senior director of care transformation at Banner Health, a nonprofit healthcare system in the process of going paperless: "We see a real benefit in the clinical decision support that can be delivered using electronic records. The number of drugs and the amount of clinical information out there is impossible for any one person to hold in a single brain. Let the computers do what they do best, which is remembering billions of pieces of information."

And according to Don Peppers, "History has clearly shown that consumers will trade off a modest amount of privacy protection in return for service that is more convenient or less expensive. I doubt many consumers will obsess about their medical privacy as long as the EHR saves them time and money, even while improving accuracy." He adds, however, that the benefits to the consumer must be genuine, and they must be easily demonstrated.

Those who advocate widespread implementation of systems like Google Health tend to frame their arguments within the context of inefficiencies that exist in the healthcare system. By compiling information about everything from their allergies to prescriptions in a single place, consumers can be assured that such information does not escape notice by a treating physician. This, at least in theory, should lead to better patient care and fewer oversights. Other potential benefits include a reduction in duplicate tests and/or procedures and standardization of care among the healthcare system's many, many providers.

"Right now, you see [health] records transmitted by paper and fax," notes Ross D'Emanuele, a partner at law firm Dorsey & Whitney. "It takes a lot of time to get information from one place to another, and when the information is transmitted there can be problems--pages left out, indecipherable handwriting. Electronic records, even through one of those systems, helps eliminate those errors."

The problem with all this? Even the biggest boosters of EHR management systems have no idea how to make them easily manageable, especially from the aforementioned sanctity-of-information perspective. The sheer number of players involved--physicians, hospitals, insurers, pharmacies et al--make privacy a legitimate concern, because privacy policies tend alternately to overlap and clash. Too, while the financial industry has more or less completely gone electronic, healthcare involves a different set of sensitivities.

Dr. Davis Liu, a physician with the Permanente Medical Group and author of Stay Healthy, Live Longer, Spend Wisely: Making Intelligent Choices in America's Healthcare System, won't give a verdict on the Google Healths of the world just yet ("because I'm not sure the American public wants this responsibility"). At the same time, he says that he wouldn't want his family to be the "guinea pigs" for an entity like Revolution Health. "Imagine if it leaks out through one of these systems that you have HIV, what your employer or anybody else might think. You can't reverse that."

Liu also worries about information-sharing allowances buried deep within online disclaimers, which he believes most consumers will gloss over. "What's Google's business model? Advertising. There's reason to be suspicious."

Dixon echoes his concerns: "A majority of consumers would expect that [the privacy/security safeguards within] HIPAA applies here, but it doesn't. Things around doctor/patient privilege, subpoenas of health records, marketing issues--you can't just wave them away with self-regulation."

Another question yet to be answered to anyone's satisfaction is ownership of the EHR data within health records. Consumers have traditionally assumed that the information belongs to them--that is, if they've given the matter any thought at all. Still, for years, physicians and hospitals have treated that information as if it were their own.

While D'Emanuele suggests that the issue has been framed improperly--"it's really about who has the right to use the data in certain ways and who has the obligation to maintain it"--Dixon is concerned that the consumer voice hasn't been heard amid all the back-and-forth. "It's been a closed process. You have lots of entities with interests here: pharmaceutical companies, insurance companies, technology companies, employers. It's almost impossible for consumers to get a word in," she explains.

Clearly the multiple and intertwining debates won't be settled anytime soon, though by the end of 2009 we might have a better clue as to the eventual fate of Google Health, Microsoft HealthVault and Revolution Health (as well as others that may pop up). Obviously their fate hinges on whether consumers will get on board, but employers might also have a say. "Imagine if employers start mandating use of these things," Dixon cautions.

Liu won't venture a guess as to when the EHR issues might be resolved, but he believes that consumers and most of the key players have similar interests at heart. "We agree that everything should be interoperable and that healthcare right now doesn't do that. So maybe patients will embrace that responsibility. We all have good intentions, so why not see how it plays out?"


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

Call for Speakers open! This year, we're bringing P.S.R. to San Diego. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»