Another Privacy Alarm on Health Records

Another article has echoed concerns that new, online services that store patient records present serious privacy questions.

Calling them "patient-controlled health records," two Boston-area doctors point out that services like those from Google and Microsoft don't fall under federal privacy laws. That view has been voiced by others, including privacy watchdogs such as the World Privacy Forum.

Google, Microsoft, Revolution Health, and others say that protecting patient records from unauthorized access is crucial to the success of their services. But it's unclear what regulations, if any, will govern those promises.

The services can improve research and patient care, agree the two doctors in the article in this week's New England Journal of Medicine.

The free services also amount to competition for doctors and hospitals that have traditionally administered patient records. The authors of this week's study, in fact, developed Web-based electronic records for patients at Children's Hospital Boston.

Still, the doctors raise interesting questions about medical information once it's more firmly in the control of players outside the medical field. Should patients, for example, be allowed to sell their medical data, perhaps to researchers?

We shouldn't dally in considering the ramifications, says Isaac Kohane, one of the authors: "While PCHRs may seem futuristic, they are here now and will be widely adopted in the not-so-distant future."