Security Still Lags in Electronic Medical Records

Lora Bentley

Personal health records have been around for awhile. Microsoft's HealthVault, for instance, entered beta in 2007. Google jumped into the fray not much later with Google Health. Generally, they are designed to be a "one stop shop" for an individual's health information. Someone who uses the services can upload information themselves, or allow their doctor's offices (pharmacies, other health care organizations) to upload and/or retrieve information as needed.

 

In theory, using such services would mean, for instance, that I wouldn't have to recite the list of medicines I take every time I go to the doctor or to the urgent care center, because I could allow them to access my PHR online, and the record would be right there for them to see. But the idea is proving to be difficult to put into practice.

 

The first hurdle is interoperability. The different systems need to be able to talk to each other for records to be shared effectively. That's what Dr. John Halamka and his colleagues on the Health Information Technology Standards Panel have been working on.

 

Second, the more people learn about how electronic health records work, the more privacy concerns come to the forefront. And even though those who use the different PHR services must acknowledge that they've read and agree to the vendor's privacy policy, do they understand what that policy means? Do they understand what's happening to the data they store in those systems? Patient Privacy Rights wants to make sure.

 

To that end, the health privacy watchdog released a privacy report card Wednesday in which it graded five different PHR vendors on how well patient privacy is protected by their systems. Based only on information found on the vendors' Web sites, Patient Privacy Rights graded Microsoft HealthVault, Google Health, No More Clipboard, WebMD and CapMedice PHRs on their privacy policies, the amount of control the patient has over the information stored in the PHR, the security and integrity of the PHR, and the quality of customer service available.


 

Of the five PHRs evaluated, No More Clipboard was the only one to receive an A, in part because its privacy policy is very simple and straightforward. Moreover, the user has complete control over the information. Only the user can upload information, and health care organizations can only access the information the user chooses to send to them.

 

The good news, according to Patient Privacy Rights Executive Director Ashley Katz, is that most of the vendors have been receptive to the suggestions found in the evaluations, and she expects that they will make efforts to improve.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date