Privacy groups fear Google Health, Microsoft HealthVault. Why you should too

Sections: Originals, Web, Websites

submit to reddit

Both Google Health and Microsoft HealthVault are now offering their services – and servers – to consumers who want to store their personal health records (PHRs) online. Consumer advocates say they’ll be keeping a close eye on both technology giants to make sure they have a healthy respect for their customers’ privacy.

Yet Google Health’s privacy policy admits that its service is not covered by the Health Insurance Portability and Privacy Act (HIPPA), which Congress passed 12 years ago to protect medical records. And HealthVault’s privacy policy makes no mention of HIPPA, instead asking consumers to put their trust in TRUSTe, the independent, non-profit group founded by the Electronic Frontier Foundation and sponsored by Microsoft and AOL, for enforcement of privacy standards.

I asked the Center for Democracy and Technology in Washington, D.C. for its reaction to Google Health and Microsoft HealthVault. The email I received from Deven McGraw, director of the CDT’s Health Privacy Project, acknowledges that both companies have good privacy policies.

“But good privacy policies alone are not sufficient to protect consumers using these tools,” she says. If HIPPA has no impact on the policies, “consumers must rely on the Federal Trade Commission to ensure that the entities offering these PHRs abide by their privacy policies.”

The CDT has called upon the government and the private sector to come up with a new roadmap for dealing with this uncharted Internet territory. McGraw’s big worry is whether third-party vendors working with Google and Microsoft to offer products to their customers will also make privacy a priority. “It will be difficult for the companies offering these PHRs to monitor all of the vendors closely (particularly as the number of participating vendors increases over time) to ensure that they are meeting the company’s privacy requirements and other terms of participation. Consumers could end up authorizing the sharing of their information with a vendor who then turns around and sells the data or uses it to target them with specific ads or product offers.”

Concerns about online health records existed before both Google Health and Microsoft HealthVault went active. McGraw cites a study in early 2007 by the Office of the National Coordinator for Health Information Technology. More than 30 PHR vendors were surveyed; none covered criteria found in privacy policies. Only two could explain what would happen if the vendor suddenly ceased operations, and only one had a system in place for dealing with deactivated accounts. Not a good prescription for comfort if you are living with a serious medical condition and are trusting a company’s computer network to protect such sensitive information.

Visit [Center for Democracy and Technology]

Print Friendly
  • Maffie Rafferty

    Actually it's Accountability instead of Privacy, so HIPAA instead of HIPPA, but everyone says it like HIPPA.

  • jinhua

    Internet health privacy I do not know there are many things we need to reflect on!
    Many health topics with a look here!