In my last post, I asked whether or not my patients should use an online personal health record (or PHR). I related how I had started and then stopped entering my health information into an online patient health information repository because I was worried about my privacy.
Turns out my instincts were right.
According to an editorial in this week’s New England Journal of Medicine, HIPAA rules don’t apply when it comes to the online personal health record.
Online data stored outside the health care system are not subject to the federal Health Insurance Portability and Accountability Act (HIPAA), which established minimum privacy and security standards for individually identifiable health information controlled by a “covered entity” — a health care provider, a health plan, or a health care clearinghouse. Because online data repositories such as Dossia, Google Health, and Microsoft Health- Vault and some of their business partners are not covered entities, the data they store may not be as private as consumers assume, and a person’s “control” could turn out to be limited.
I can’t imagine that as things evolve online, HIPAA won’t be updated to include online personal health record sites.
But for now, I’m staying clear.
Having any kind of results outside of the healthcare system is dangerous. I applied for life insurance at one point in time, and due to an elevated liver enzyme, I was declined. The insurance company then PUBLISHED the results and categorized me as non-insurable due to liver disease.
I did eventually get life insurance, but it costs me 3x what it should.
I pursued this with an attorney and found that I had no recourse, and that since the data is outside of the healthcare arena, it could be argued in court that the information was not even my information – it is the property of the insurance company.
The kindergarten expression – Mind Your Own Business is good advice…
I think we should take it for granted that there are no privacy rights for anything we publish online. And it’s all out there….forever.
Thank you for these posts.