The article indicates the pilot project will involve a volunteer patient group transferring their personal health records so that they are available via Google Health, a new health record product being developed by Google. The article quotes Pam Dixon of the World Privacy Forum concerning privacy issues under HIPAA (incorrectly referenced by the Times as HIPPA).
I don't necessarily agree with the scope of the comments regarding the applicability of HIPAA in this situation. Although I don't know the full details of the relationship for the proposed project but it would appear that Google in this situation might be serving as a business associate of the Cleveland Clinic for the project. As a business associate it is likely that Google would be held contractually to many of the HIPAA privacy standards.
Tip to Matthew Holt at Health 2.0 Blog for noticing the NYT article.
UPDATE (2/22/08): ZDNet's Larry Dignan at Between the Lines has more on the pilot project including the Cleveland Clinic's press release.
The comments to Dignan's post are interesting reading especially a couple with a legal perspective. The comment, two misconceptions, highlights the overall light enforcement efforts by OCR and lack of penalties, whether Google might fit the "healthcare clearinghouse" definition under the "covered entity" definition, entering into a contract with the health care provider (business associate requirement) and discusses the subpeona and marketing misconceptions.
Also, more from NYT's Steve Lohr, Google Health Begins Its Preseason at Cleveland Clinic which indicates that Google Health will be made available to the public following completion of the pilot project (appoximately 2 months). The article also has a quote from fellow health care blogger and CIO of Beth Israel Deaconess Medical Center in Boston, John Halamka, who indicates that the hospital is also interested in linking its EMR with Google Health. As a board member of the West Virginia Health Information Network I would like to explore the idea of utilizing and integrating Google Health into our statewide effort to bring about an integrated/interoperable health information system.
Jane Sarasohn-Kahn at HealthPopuli shares her thoughts and additional link commentary on the Google/Cleveland Clinic project. Jane highlights a recent report, Personal Health Records: Why Many PHRs Threaten Privacy, by the World Privacy Forum looking into privacy issues for PHRs.
Matthew Holt's follow up post taking a closer glimpse at the privacy questions, motives and opportunities both pro/con surrounding the Google Health project.
UPDATE (2/24/08): For the latest article covering the Google Health project check out Newsweek's article, Web Surfer, Health Thyself, out in the March 3 edition.
Also, MSNBC provides some additional insight on how Google Health will interact with the existing Cleveland Clinic EHR (or PHR) in Google Goes to the Doc's Office. The article describes the pilot project as follows:
. . . The Cleveland Clinic already keeps electronic records for all its patients. The system has built-in smarts, so that it will alert doctors about possible drug interactions or when it's time for, say, the next mammogram. In addition, 120,000 patients have signed up for a service called eCleveland Clinic MyChart, which lets patients access their own information on a secure Web site and electronically renew prescriptions and make appointments.UPDATED 2/26/08: Scott Shreeve goes Giga over Google Health. Read his first impressions of the Google PHR after his test drive at HIMSS.The system has dramatically cut the number of routine calls to the doctor and boosted productivity, though it has yet to effectively deal with information from an outside physician, Harris says. Those records are typically still on paper, and have to be laboriously added to the Cleveland Clinic system. It is a big problem, especially for the clinic's many patients who spend winters in Florida or Arizona, where they see other doctors.
Adding Google's technology lets patients jump from their MyChart page to a Google account. Once on Google, they'll see the relevant health plans and doctors that also keep electronic medical records. That means the patient can choose to share information between, say, the Arizona doctor and the Cleveland Clinic . . .
However, Dmitriy at TrustedMD makes some great points, including this quote:
Yet, even with free PHRs out there, consumers simply do not care for spending their time to learn and use them. Who would bother entering and checking their medical records if you are healthy and would rather go see a movie? And once you get sick, you do not want to enter them either. You just want your doctors and hospitals to hand your medical records to you. But you see, the providers have different priorities that a mere piece of software just cannot solve . . . PHRs' real problems are not technical, usability or even privacy. The real problem is consumer and provider motivation . . .He ends his posts with some questions we should all be discussing. Until we see a reimbursement model that creates incentives for providers to look at more health information and consumers to care about and take an active part in their health -- I'm not sure the PHR/EHR initiatives will fully develop and mature.
Follow the latest news (blog posts) and the Techmeme reaction to the project.
5 comments:
hi,
nice reading, i agree with you
where the privacy is sensitive issue for that clinic. but as we know that Google has big ambition and they really want to spread up their business partner, like many site that had bought by Google
Thanks
Bob: Maybe patients can use contract law to enhance the privacy of their health records. http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html
What do you think? --Ben
Thanks for your comment Ben. I read your post over the weekend and it highlights one of the underlying foundation level legal issues that I think is important for us to focus on - ownership of medical records and information.
I agree that patient could mark their records with "legal terms of use," however, it assumes that the patient owns the medical record. Can a patient who doesn't own his/her medical record place terms of service on such record? Traditionally, the legal structure in most states view the records as owned by the provider and not the patient - although the patient has access rights to the records. This is why the concept of PHRs have been invented. The consumer gets the information and repopulates the data into a new system that they own (or the PHR vendor owns?). Property rights are a basic tenet of our legal system that Americans are passionate over. We equate ownership with power.
As health records and information have become more fluid (electronic) the access vs. ownership issue has become more gray as we start to see patients "mash up" their medical records from various providers, manipulate the data, etc. It use to be easy to define ownership when hospital X or physician Y had a locked room with paper files. You requested paper copies of the records and the owner gave you a copy. You now owned the copies.
We are in the midst of a fascinating time for health care and health care law. Thanks for your comments and additional thinking on the contract side of patient privacy.
Bob: I agree patients will not always have direct control over their record. However, a patient can arguably publish her terms apart from the record itself, such as on her web site. And those web-published terms could be effective against a sophisticated party such as Google or an opposing attorney. In the 1-800-Flowers case, the company's terms of service posted on its web site were enforceable against a customer who called in by telephone! http://hack-igations.blogspot.com/search/label/privacy%20contract
People is really sensible to the confidentiality of their medical data. It is critical information.
The danger with Google Health and HealthVault is that somebody in the future crack their security systems.
Also the fact about a private company getting data about your health must concern us.
There is an alternative, http://www.keyose.com/, designed by the doctor that described the first case of Wiiitis, its philosophy is based on total anonymous users. A smart mechanism allows the store of clinical record without asking you any personal data (not even your email).
Confidentiality is in such a way assured.
Post a Comment