NY Times: “Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or Hipaa, the main law that regulates personal data handling and patient privacy. Hipaa, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.”
Web-based personal health records
Previous post: Liability laws and home health care
Next post: Statistics and sensationalism
{ 3 comments… read them below or add one }
So, how long before they start ‘data-mining’ your records?
No doubt they’ll come up with some sort of specious ‘opt-out’ program, but like end user licenses, it’ll be buried in fine print and lawyer double-talk.
PHR are a bad bad idea if you value your privacy–and if you don’t now, you may later, but privacy can never be taken back.
“Hipaa, the main law that regualate personal data handling and patient privacy.”
As much of what is written about patient privacy, this is incorrect. Leaving aside the assertion that the primary protector of patient privacy is the Hippocratic Oath, even as a legal rule, HIPAA is not primary. It is cleary superceded by state statues where they are more stingent than HIPAA–and most are in at least some respects. It is also trumped by physician’s obligations established in common law.
In other words, you can be Hipaa compliant and still unethical and illegal and get your socks sued off of you. You just won’t be fined by the feds for violating HIPAA.