Hazardous to Your Privacy?

By Steven Levy
Wednesday, February 27, 2008

The Cleveland Clinic, the renowned nonprofit medical center, has kept electronic records of its patients for some time. But despite the easy transport of everything digital, by and large those records have been as immobile as scrawled doctor's notes stored in manila folders. And, in their traditional form, the clinic can't view records of patients who visit outside practitioners.

"When doctors have all the information related to the patient, they make better decisions," said the clinic's chief information officer, C. Martin Harris. "There's also a cost benefit -- if doctors don't have the right information, they may [needlessly] repeat tests."

To make that possible, and point the way for a nationwide system enabling patients to control their personal medical records, the clinic announced last week that it was participating in a pilot project with a company that's very used to moving and sharing data: Google.

The Cleveland program is the unofficial kickoff for a long-awaited project called Google Health, which will be open to the public later this year. This is only one of many programs aimed at putting electronic personal health records in the hands of consumers. Alliances such as Wal-Mart and Intel are setting up systems, and start-ups such as AOL founder Steve Case's Revolution Health are staking out their niches the health-care infrastructure. And earlier this week came the announcement that AT&T would help create a network of health records in the state of Tennessee. But the most interesting new players are Google and its perpetual rival. Yes, Microsoft is already offering a beta version of a health-records service, boasting a relationship with the Mayo Clinic.

Google's system allows outside doctors to send information through Google that the Cleveland Clinic can merge with existing files. And more significantly, with a special health section of Google, where it will become part of a consumer-controlled dossier -- perhaps existing alongside a user's Gmail account, blog postings and purchase history using Google Checkout.

In one sense, an electronic personal health file, parceled out only with permission to necessary medical providers, seems like a no-brainer. But there are treacherous aspects -- namely, privacy concerns. Personal health records contain our most intimate details: information that could affect landing a job, obtaining insurance and even one's social life.

Medical files in the care of health-care providers like doctors, pharmacies and hospitals enjoy legal protections specified by the Health Insurance Portability and Accountability Act (HIPAA). Covered files are strictly controlled, can't easily be subpoenaed, can't be exploited for profit and have to be stored securely. But Microsoft and Google aren't health-care providers.

"When you move records from a doctor to a personal health record, your protection evaporates," said Robert Gellman, author of a World Privacy Forum study on the subject released last week. He concluded that such systems "can have significant negative consequences for the privacy of consumers."

Marc Rotenberg, head of the Electronic Privacy Information Center, said companies like Google and Microsoft should not start their services until Congress extends the HIPAA protections to cover such businesses.

Obviously, Google and Microsoft think otherwise, and both companies are taking considerable pains to address privacy issues. Both have detailed privacy policies drafted after consultations with experts in the field.

The name of Microsoft's service, Microsoft Vault, addresses the issue head-on. ("It wasn't an accident that we picked that," says product manager George Scriban.) In pitching its trustworthiness, Microsoft notes its history of protecting business-sensitive data. Google makes a similar point. "Google's whole business is based on privacy and trust," said Vice President Marissa Mayer, who heads the project.

Will consumers have to worry that advertisers will be able to target them so vendors can sell treatments for ailments documented in their records? No, the companies say. Although beefed-up searching for medical issues is a big part of both services, personal files, at least as of now, won't be taken into account in search results. Both firms also vow that the customers will have total control over their records -- no releases without explicit permission.

But the very existence of a detailed health dossier accessible in an instant can make control difficult. What if the government subpoenas the records? What if a potential insurer demands to see all the records, telling you that you can't get a policy if you don't provide them? What if your spouse -- or even someone you're dating -- demands to see all your records?

While the tech companies entering the medical-record business spend a lot of effort addressing privacy and security concerns, they much prefer to dwell on the benefits of empowering consumers with their own health files.

"If you only talk about the risk of these plans, and not the benefit, you're having the wrong conversation," said Peter Neupert, head of Microsoft's health solutions group.

Fair enough, but underestimating the risk would be computational malpractice.

Steven Levy, a senior editor at Newsweek, can be reached atsteven.levy@newsweek.com.

© 2008 The Washington Post Company