Promises of privacy play prominently in new services for storing consumer medical records online. Privacy and security, for example, are the top issue in a Google blog about its new service, called Google Health. The initiative, like others from Microsoft and Revolution Health, will offer a central, online account for storing and monitoring a patient's medical data.
But the new services don't come with the federal guarantees of privacy, a privacy group warns. Those rules apply only to healthcare providers, such as a hospital or a health plan.
Consumers are free to voluntarily move their data to a third party, such as the new online services. But strict federal privacy protections "generally do not 'travel' with or follow a medical record that is disclosed to a third party outside the healthcare treatment and payment system," says the World Privacy Forum.
Many patients will take advantage of the services, which aim to ease the crush of healthcare paperwork and give consumers more control over their care. But even well-managed and well-intentioned services will weaken consumer control over data.
"We won't sell or share your data without your explicit permission," wrote Google exec Marissa Mayer.
Sounds good. But part of the federal rules governs exactly how a consumer would "explicitly" agree to share records. Without government controls, the privacy forum warns, it could be much easier for a consumer to accidentally or casually authorize the sharing of records.