The technology giants Google and Microsoft are entering the growing market of electronic medical record-keeping just as the government is accelerating its own efforts to apply information technology to healthcare.
Broader use of health information technology, and electronic medical records in particular, is a centerpiece of healthcare reform proposals from policymakers of all political stripes, from President Bush to Sen. Edward Kennedy (D-Mass.). The three leading presidential contenders, Sens. John McCain (R-Ariz.), Hillary Rodham Clinton (D-N.Y.) and Barack Obama (D-Ill.), also back these technologies.
The Bush administration, led by Health and Human Services (HHS) Secretary Mike Leavitt, has been working with technology companies and healthcare providers since 2004 to establish interoperable technical standards for storing and transmitting personal medical information. To the same end, numerous lawmakers, including Kennedy and Rep. Edward Markey (D-Mass.), are pushing legislation to promote health IT.
Meanwhile, the technology sector has been moving forward.
Last month, Google unveiled the first phase of its Google Health application. The company partnered with the prestigious Cleveland Clinic in Ohio to provide personal health records for its patients through a Web-based platform with an appearance and interface similar to its e-mail and news reader applications. Google CEO Eric Schmidt personally announced the product’s launch in a speech at a health IT conference in Florida.
Google Health is designed to allow patients, medical providers, pharmacies and others to submit information into the record. Microsoft preceded Google when it launched its HealthVault personal health records application last October.
These two rivals are not alone in their efforts to command this lucrative market. Outfits like Revolution Health, a company started by AOL founder Steve Case, and WebMD are also offering personal health records. Other technology players like IBM and Verizon also provide or are developing similar applications.
The administration believes that technology companies’ interest in electronic medical records signifies that its efforts have advanced health IT, said Christina Pearson, assistant secretary for public affairs at HHS.
As a result of the HHS-led activities, “this issue has moved forward … [and] helped give [the private sector] the spark that we hoped,” she said.
Pearson also noted that the federal government, through Medicare and Medicaid, will be able to drive the adoption of uniform standards by healthcare providers.
The vice president of the American College of Physicians, Michael Barr, agreed that the government still has a role to play even as these companies are positioning themselves in the market for electronic medical records.
Uniform standards for sharing medical information still need to be established because healthcare providers are responsible for maintaining complete “medical legal records” for their patients, Barr said. “They’re working on one end of it and not the other,” he said of Google, Microsoft and the other technology companies.
While useful to patients, “these [personal health records] that Microsoft and Google are providing will not replace the medical charts … for documentation purposes,” Barr added.
Medical providers are also legally responsible for protecting the privacy of patient information under the Health Insurance Portability and Accountability Act (HIPAA). Concerns about privacy appear to be the main point of contention about the forays into health IT by Google, Microsoft and the others because these companies are not covered by HIPAA, though they would be under Kennedy’s and Markey’s bills.
In public statements, representatives of Google and Microsoft maintain that their success in offering these records depends on maintaining the trust of their customers, which provides them with a strong incentive to protect their privacy. In addition, both products allow patients to opt out of having their information shared with other entities.
Those assurances are inadequate to some privacy advocates, including Pam Dixon, the executive director of the World Privacy Forum. Personal health records are worth a lot of money to companies like Google that trade in information, Dixon said.
“Consumer health data is the last frontier of data,” she said.
Even though patients can opt out of having their information shared, once they agree on sharing as a condition of using the applications, they have no recourse. Under HIPAA, providers or others who misuse private information can be sanctioned.
Dixon said that the healthcare industry’s slow pace to agree on standards for electronic medical records and invest the money in the systems needed have left the door open to the technology sector to step in and stake a claim to the revenue that can be generated from these applications.
“The healthcare sector is a slow-moving leviathan, but the technology sector is not, and they beat the healthcare sector to the punch,” Dixon said. She added that the issue of privacy protection is moving into “brand-new territory,” given that federal privacy laws do not cover the companies storing medical records.
But another privacy advocate contended this development would be good for patients worried about the security of their medical information.
“The security protections of Microsoft and Google … are far above” what is guaranteed by HIPAA, said Deborah Peel, the founder of Patient Privacy Rights. “We think extending HIPAA, which is a data-miner’s dream, would be a mistake.
“The vendors need to compete on the basis of privacy,” Peel said.
Echoing Google and Microsoft, Peel predicted that such companies would strive to protect health information more strenuously than the medical providers and others covered by HIPAA because consumers will demand it. Peel’s organization has established a not-for-profit entity to provide privacy certifications to electronic medical records providers for a fee. Microsoft already has agreed to an audit of its HealthVault.
Privacy advocates are not the only ones worried about HIPAA and the protection of patient information. The Health Information Trust Alliance, a private cooperative led by representatives of healthcare and technology companies, released a survey of health IT executives on Monday showing widespread concern about the absence of a uniform, HIPAA-compliant information security framework that medical providers and companies can employ.