Experts Raise Privacy, Security Concerns About Online PHR Program Launched by Google, Cleveland Clinic

A pilot program announced on Thursday by the Cleveland Clinic and Google that will place personal health records online has raised concerns among experts about privacy and security breaches, USA Today reports (Kornblum, USA Today, 2/22).

Under the program, Cleveland Clinic patients who agree to participate will have the ability to transfer their PHRs -- which include information such as prescriptions, allergies and medical histories -- between the hospital and an online Google health profile. Patients will have the ability to access their Google health profiles, which will have password protection, through any computer connected to the Internet. Patients also will have the ability to manage any information entered into their PHRs and share the data with physicians and pharmacists (Kaiser Daily Health Policy Report, 2/21).

However, critics "worry that the risk of sensitive medical information falling into the wrong hands -- such as those at insurance companies, employers, drug companies and marketers -- is too great," according to USA Today. The federal medical privacy rule issued after the enactment of the Health Insurance Portability and Accountability Act does not cover medical records placed online, according to Robert Gellman, a privacy and information policy consultant who on Wednesday released a report for the World Privacy Forum that criticized third-party PHRs. In addition, any information placed online is at risk for security breaches, and, unless "there are legal protections and punishments, this kind of thing is of great concern," Greg Sterling, an analyst at Sterling Market Intelligence, said (USA Today, 2/22).