[Med-privacy] Google/Cleveland Clinic

[peter marshall]

Medical Records To Go Online, Privacy Risks for Patients

The Cleveland Clinic, a health care service provider, announced its
partnership with Google to provide an electronic personal health records
service to patients. The initial effort seeks the participation of
10,000 patients in a project that would provide Google with personal
health on Cleveland Clinic patients. There are more than 100,000
patients that are served by the Cleveland Clinic, which currently uses
an electronic personal health record under its eCleveland Clinic MyChart
service.

Cleveland Clinic patients who participate in the online data-sharing
project can disclose among other personal information prescriptions,
allergies, and laboratory results. Google reports that it will not share
or sell the information, but does not explicitly reject use of the data
for internal commercial purposes. Google's interest in the project is to
build a platform that would allow access to many sources of medical
information.

In 2000, the Health Insurance Portability and Accountability Act (HIPAA)
became the first federal law that provided privacy protection for
personal health information.  However, the Department of Health and
Human Services' final rule implementing the law includes a large number
of exemptions.  HIPAA does not protect personal health information
voluntarily shared by patients with a non-health care provider. HIPAA
does allow states with strong medical privacy laws to continue to
protect residents.

Google is emerging as a major online ad service provider with a growing
base of businesses purchasing services to market effectively to online
consumers. The Federal Trade Commission, which exercises jurisdiction in
matters of consumer and competition protection declined to consider
privacy in its decision to allow the merger of Google and Double Click,
a major online advertiser service provider.

Electronic health records federal legislation has been introduced in the
US Senate and House.


EPIC Medical Records Privacy Page:

      http://epic.org/privacy/medical/

House Resolution 1368 Personalized Health Information Act of 2007:

      http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.01368:

Senate Resolution 1814 Health Information Privacy and Security Act:

      http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.01814:

[EPIC]