Personal Health Record Advocates Suggest More Privacy, Security Measures Needed

The recent introductions of electronic medical data-sharing services could have significant effects on how clinical research is conducted and raise new issues with the storage of private patient health data, according to an article published Wednesday in the New England Journal of Medicine, the New York Times reports.

Kenneth Mandl and Isaac Kohane -- who are both physicians and researchers at Harvard Medical School's Children's Hospital Boston -- write that that medical professionals and lawmakers have not yet considered the implications of companies like Google and Microsoft offering consumers Web-based personal health records. The companies have the potential to bring "a seismic change" in how patients' data are managed and used, the authors write. According to the Times, most patient records currently exist within the health system, and federal regulations mandate how such information can be shared among health organizations and insurers. The regulations also stipulate how much of that information can be used by researchers. The Times reports that individuals can request their own health records under the current system but that it is "often a cumbersome process."

The authors warn that because technology companies like Microsoft and Google are not under the purview of the federal Health Insurance Portability and Accountability Act of 1996 -- which did not anticipate Web-based health records, according to the Times -- consumer control of PHRs could open up access to patient information and raises the possibility of marketing and false advertising efforts by outside parties.

Comments
The Times reports that Kohane and Mandl are "enthusiastic about the potential benefits" of PHRs online. Mandl told the Times, "In very short order, a few large companies could hold larger patient databases than any clinical research center anywhere."

However, according to the Times, the authors suggested that stricter patient information privacy standards will be required, including an extension of HIPAA to cover online data-sharing providers, certification standards and patient education programs. In an interview, Kohane said, "I'm a great believer in patient autonomy in general, but there is going to have to be some measure of limited paternalism."

Peter Neupert, vice president of Microsoft's health group, "resisted the suggestion of extending HIPAA to newcomers like Microsoft and Google," according to the Times. He added in an email to the Times, "Philosophically and politically, I am skeptical of the concept of paternalism." The Times reports that Neupert suggested a better approach would be to develop a patient data-records system that educates consumers and requires their consent before the data can be used. Neupert said, "We have to earn the consumer's trust for our brand," adding, "So I can imagine a scenario where we have a third party verify that our system works the way we assert it does" (Lohr, New York Times, 4/17). The NEJM article is available online.

NPR's "Morning Edition" on Thursday reported on the NEJM article. The segment includes comments from Joy Pritts, a medical records expert at Georgetown University, and Debbie Witchey, senior vice president of government affairs at the Healthcare Leadership Council (Silberner, "Morning Edition," NPR, 4/17). Audio and a partial transcript of the segment are available online.

Perspectives
NEJM also published two perspective pieces about EHR adoptions. Summaries appear below.

• "Off the Record -- Avoiding the Pitfalls of Going Electronic," New England Journal of Medicine: In the NEJM perspective, Pamela Hartzband and Jerome Groopman, both of Beth Israel Deaconess Medical Center and Harvard Medical School, discuss the "current limitations and potential downsides" to increased use of electronic health records. The authors also make several recommendations for successful EHR implementation (Hartzband/Groopman, NEJM, 4/17).
  
  
• "Personally Controlled Online Health Data -- The Next Big Thing in Medical Care?" NEJM: The perspective by NEJM national correspondent Robert Steinbrook discusses various aspects of personally controlled electronic health data, including the debate over patient responsibility, assistance from physicians and health care institutions, and the prospect of improved health care and decreased costs. According to Steinbrook, if personally controlled records become popular, the electronic records maintained by physicians and hospitals will be only one component of a larger Internet-based system that will include national interoperability standards in which patients will increasingly manage their health data (Steinbrook, NEJM, 4/17).