[PCWorld]

Post your comments for Should You Trust Your Health Records to Google and Microsoft? here

[Darkmonk]

I have to agree with you about not trusting corporations with that kind of data. it's also insane that all you need are your account email password. I like the idea of RFID medinfo better, and that says something.

[mine]

Should I Trust MY Health Records to Microsoft? Yeah, right! What with Ballmer's "Yahoo Ultimatium" fresh in my mind, the Vista fiasco? The WGA made just for us dumb consumers? Validation and Activation:
Baby, these dudes are straight out of Geo. Orwell's "1984"!

[gskearney]

The problem with this analysis is that it's not really comparing apples to oranges. I trust Google and even Microsoft at least as much as I trust Humana and the other so-called Health companies. I do think you should be sure to try to use a higher level of security than for your Email, but a well chosen user name and password should give you enough security for most purposes. ---gk

[dunecitymike]

So you want the same federal government that now feels free to read our e-mails and listen in on our phone calls without a warrant to ensure that our medical privacy is protected? That doesn't make me feel secure.

[mavigozler]

There is a general issue about who should be the custodian of one's medical records. I lived overseas in a developing country for a while, and there was no reliable record-keeping system other than for the clinic/medical organization to hand over all the records to the patient, who is obviously highly motivated to maintain them (I am all for this, and it would have been good for patients to pay a service---assuming they believed themselves to be incapable of securing their own records at home--to keep their own records secure, or to keep copies in a "safe deposit box").

About confidentiality: except for celebrities, there are really very few people who are motivated to want a peek at our medical records, so security of records is hardly a concern. By law, health insurers are not allowed to pry into our records, and the government--federal or otherwise---can learn about you now without Google or Microsoft up to the extent that the law allows them to pry.

We have major problems with our health care system and a system by which breaches in confidentiality are possible are small by comparison. The biggest problem is that those who should be interested in your medical records (physicians at HMOs in particular) are really not, and your life or death does not matter to a health care professional suffering from low morale because of exhaustion (overwork?) or other problems in this person's day. So this is a more important matter than you worrying about those interested in your medical records who should not be interested.

[wyasnoff]

Although HIPAA does not cover health records in the systems from Google and Microsoft, there is already another Federal law that does. The Electronic Communications Privacy Act (ECPA) of 1986 (USC Title 18, part I, chapter 121, sections 2701-12) prohibits operators of publicly-available remote computing systems (such as Google Health and Microsoft HealthVault) from releasing subscriber information to any private party for any reason without the consent of the subscriber. This is actually much stronger protection than HIPAA, which allows your information to be released for "treatment, payment, or operations" without your consent, and requires no recordkeeping about such disclosures (thereby preventing you from ever knowing where your information went) (see my 11/20/08 editorial in Government HealthIT for more details: www.govhealthit.com/print/4[u23/back[/u]page/350665-1.html] ). So extending HIPAA to these new personal health record systems would actually eliminate the current strong Federal privacy protections those systems must now provide.