In a move some say could compromise the privacy of hospital patients, Google has announced it will begin a pilot test of an online health service that will store the medical records of several thousand Cleveland Clinic medical center patients.
According to the hospital group, the new Google service will help the 1,700-physician Cleveland Clinic create a "new kind of health care experience" that gives patients greater control of their own medical information. The goal of the project is to allow patients to interact with multiple physicians, health care service providers and pharmacies, the hospital said in a prepared statement.
The pilot online medical record service will allow patients to exchange information about their prescriptions, conditions and allergies between their Cleveland Clinic records and a "secure Google profile in a live clinical delivery setting,” the hospital group said. The program will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to allow an electronic transfer of their personal health records to Google's new service, which is an element of Google Health originally announced in 2006.
Patients will then be able to view their medical records, no matter where they are, via the internet. Each patient's health profile, including information about prescriptions, allergies and medical histories, will be protected by a password.
Nonetheless, privacy experts warned that patients considering participation in programs that permit online access to their medical records should exercise caution before placing their information at risk.
"The basic problem is that any health care record handled outside of [a Health Insurance Portability and Accountability Act] institution loses the HIPAA protections consumers have come to expect for medical files," Pam Dixon, executive director of the World Privacy Forum, a public interest research group, told SCMagazineUS.com. "I think most people don't understand that HIPAA protections will not travel with the files."
HIPAA regulations, she explained, apply to only three types of institutions: medical care providers such as hospitals and physicians, health insurance companies and medical records clearing houses.
"If you, as a consumer, pull your medical files and give them to any person not covered by HIPAA, all those HIPAA protections go away," she said. "This is a very significant privacy problem."
For instance, Dixon said, the government or an employer could subpoena individual's medical records stored in a project such as Google's. She called it "one-stop shopping with Google for all the details of your life."
A Google spokesperson declined to comment on the privacy ramifications.
Beth Givens, director of the Privacy Rights Clearinghouse, shared similar concerns with Dixon.
"I think the privacy concerns are significant, and I would think twice" about putting medical records in such a service, Givens told SCMagazineUS.com.
Among the privacy issues: A patient could be "coerced into sharing medical records through social engineering methods," she said. "That could lead to illegal access."
She said she was pleased to hear that Cleveland Clinic is starting with a pilot project rather than a full-scale roll-out.
"I would hope they'd share their findings widely because I think a lot can be learned from a pilot,” Givens said. “I hope they don't treat their findings as a proprietary document."
Despite her concerns, Givens said there are clear benefits to the online medical records project.
"Look at what happened to the Katrina [hurricane] survivors when they were in other cities needing health care," she said. "They would have benefited from having access to such a system of electronic records."
The Cleveland Clinic did not respond to a request for comment.