Microsoft and Google have joined a collection of insurers and health care providers in endorsing privacy standards intended to protect medical records stored online.
The new "Connecting For Health" guidelines, which are also intended to reassure people that storage of their medical records online is safe, aim to break the "typical logjam in health care," according to a statement released by the Markle Foundation, which organized the consensus framework.
The move comes as Google and Microsoft ramp up their efforts to create portals where consumers can l upload, store, and view personal information, as well as share that information with medical professionals and insurance companies.
However, consumer adoption has been slow. Just 6.1 million adults in the United States have electronic personal health records, according to estimates released by the Markle Foundation.
"Consumer demand for electronic personal health records and online health services will take off when consumers trust that personal information will be protected," Zoe Baird, the Markle Foundation's president, said Wednesday in a statement.
A report in the New England Journal of Medicine in April suggested that Google and Microsoft's databases of patient information could eventually grow to be larger and more up-to-date than the databases of other well-known medical research programs. As a result, researchers may find it easier and cheaper to team up with Microsoft and Google when doing their research, rather than relying on a number of sources for data to do their research.
Others supporting the guidelines include WebMD, lobbying group AARP, Aetna, America's Health Insurance Plans, BlueCross BlueShield Association, and the American Medical Association.
Update at 12:19 PM PT: This story was updated to reflect the World Privacy Forum's position on PHRs in general.
Google is set to announce on Thursday that it will be using the Cleveland Clinic hospital in Cleveland, Ohio as the pilot site for its new personal health records initiative.
The Cole Eye Institute (foreground) and the taller Crile Building, which is the flagship facility of the Cleveland Clinic.
(Credit: Cleveland Clinic)Between 1,500 and 10,000 patients at the Cleveland, Ohio, facility will participate in the project's test run, volunteering to have their medical records transferred to their Google accounts. The hospital already keeps electronic records for over 100,000 patients in an internal system called MyChart, but when those personal health records, or PHRs, are shared with Google, patients will be able to use them outside of the Cleveland Clinic. Included in the data will be prescription information, medical histories, and details about conditions and allergies.
"Patients are more proactively managing their own healthcare information," Dr. C. Martin Harris, the Cleveland Clinic's chief information officer, said in a statement. "At Cleveland Clinic, we strive to participate in and help to advance the national dialogue around a more efficient and effective national healthcare system."
"We believe patients should be able to easily access and manage their own health information," Marissa Mayer, Google's vice president of search projects and user experience, said in the same statement. "We chose Cleveland Clinic as one of the first partners to pilot our new health offering because as a provider, they already empower their patients by giving them online tools that help them manage their medical records online and coordinate care with their doctors." Additionally, Cleveland Clinic president and CEO Delos M. Cosgrove is a member of Google's Health Advisory Council.
Google isn't the only tech titan looking to change the healthcare industry. AOL founder Steve Case has launched a new company, Revolution Health; InterActiveCorp has invested in several health-related start-ups; and Microsoft has been working on a medical record service.
But all these "health 2.0" initiatives will inevitably raise privacy concerns, and critics of such projects have already begun to make themselves heard. The World Privacy Forum, which has highlighted concerns about medical identity theft in the past, has already issued a report voicing concerns about third-party PHR systems that aren't covered by the Health Insurance Portability and Accountability Act (HIPPA), which has been in effect since 1996 and requires individuals to be notified when a party other than a patient's doctor wants to access confidential medical data.
Not only is security an issue, the nonprofit has said, so is the likelilhood that marketers and other corporate entities will be able to exploit otherwise confidential data. The World Privacy Forum has not taken a specific stance on Google's new project or on others like Microsoft's.
Google is of particular concern to some privacy advocates because the company already has so much data about its users.
"While PHRs may have some laudable goals," the report by privacy consultant Robert Gellman read, "they are also a tempting target for companies or others that want to evade whatever privacy protections remain in the health care system in order to make a profit."
(Credit:
CoActiv)
The results of a fifteen-month study accessing the time to patch software associated with electronic health record (EHR) systems were published today by the eHealth Vulnerability Reporting Program. The program is a collaboration of health care industry organizations, technology companies and security professionals that is attempting to establish best practices within the emerging field of electronic health records in the adoption and reliance of eHealth systems, including electronic medical records (EMR), picture archiving and communication system (PACS), and medical devices. The 39-page report found much room for improvement.
It's one thing to have your credit card information compromised--that can be replaced. It's another to have your health history hacked and made public. The report focused mainly on how medical equipment providers currently disclose vulnerabilities to customers, preventing hospitals and doctors from appropriately managing risk.
The amount of time between when a eHealth vendor is notified of a vulnerability and when that vulnerability is patched exceeded the time needed to patch in mainstream application software. For example, one medical application in the study remained unpatched after 2,211 days; another was 384 days and counting. By comparison, Brian Krebs of the The Washington Post found that the time to patch for Microsoft Internet Explorer was only 284 days.
No one organization has providence over vulnerabilities in eHealth applications, the report found. Organizations such as the Certification Commission for Healthcare Information Technology (CCHIT) and Healthcare Information Technology Standards Panel (HITSP) offer general security practices and standards, but no assessment of risks associated with reported (or unreported "zero day") threats.
The eHealth Vulnerability Reporting Program would like to see eHealth vendors collaborate with security software vendors to establish ethical testing and reporting, along with better disclosure, vendor certification and, of course, more public education of the problem.
- prev
- 1
- next
