Recently, several large companies have launched personal health record initiatives aimed at helping consumers take more control of their health care, but some legal experts say that patients should be concerned about privacy because these companies are not covered by HIPAA medical privacy rules, Dow Jones Business News reports.
About 200 companies offer PHRs, according to experts. Last October, Microsoft launched a PHR platform, called HealthVault, and Google is testing its Google Health PHR with 1,500 patients at the Cleveland Clinic.
HIPAA medical privacy rules -- which cover information exchanged among health care providers, insurers and clearinghouses involved in processing payments -- do not apply to many PHR providers, Kevin Lyles, a partner in the health care practice of law firm Jones Day's in Columbus, Ohio, said. He added, "There's a bill pending in Congress to expand the reach of HIPAA to cover all health information. That's probably where we will go to eventually if we get to a world where all health information is online ... because people do want their information protected."
Some states have passed laws to set additional privacy standards, and many of the companies offering PHRs have adopted strict privacy standards. For example, Google and Microsoft plan to let users control the amount of access various people can have. In addition, users will be able to revoke that access at any time.
However, Joy Pritts, a research associate professor at Georgetown University's Health Policy Institute, said the onus is still on the patient to read and understand companies' privacy policies and terms of use.
Lyles added that firms are able to change their policies at any time (Gerencher, Dow Jones Business News, 3/26).