Articley.com The world's largest article portal

HIPPA = SPAM: Google, Microsoft pledge to keep your online medical records private — But are they asking forgiveness or permission?

My grandfather used to say when I was faced with difficult a choice, “It’s sometimes easier to ask forgiveness than it is to ask permission.”

A deeply thoughtful, wiser-than-his-years Veteran of WWII who died peacefully before I turned fourteen, he wasn’t advocating I live a life devoid of consequences, of respect for authority or of moral responsibility (at my age, though, it sure sounded like he was giving me the nod to take my mom’s old Ford LTD out for a spin). I realized later in life that he meant adults sometimes act like kids and fight over silly things. So when I have a decision to make and I feel strongly about it, he was saying it’s best to trust my conscience, read my moral compass, make a choice and live with the outcome.

I sure miss my Grand Daddy. But in this age of technology-takes-all, I am sort of glad he’s not around to see what’s happening to the world he once knew.

It’s hard --- almost painful --- to imagine him Tweeting, updating his Facebook account or even using a telephone without a cord attached. Still, after suffering through several open-heart surgeries when replacing your own valves with those from a pig was your only hope for staying alive, it’s a blessing and a curse he’s not here to see how technology is changing medicine. His sage advice about making responsible decisions has never been more relevant when I think about how we’re evolving, revolving, around technology; especially when it comes to healthcare reform.

While the Cat’s Away, the Mouse will Play

Some billion will move fast into the pockets of health insurance providers, information technology companies and medical practices when (or, more appropriately, if) Congress passes healthcare reform this year. Depending on whom you ask on Capitol Hill, the reform bill is either on its way to the President’s desk, or it’s a badly injured mouse in the midst of the biggest cat fight in D.C at the moment.

While the bill is still under debate and changing by the minute, one provision of reform that both Democrats and Republicans apparently agree upon is mandating the paper-heavy healthcare industry adopt electronic medical records by 2013. The argument is that paper breeds inefficiency and thus costs the industry a lot of money in lost productivity. Paperless medicine creates affordable healthcare, say proponents.

Four years is the equivalent of the entire Ice Age in IT. But Google and Microsoft are among other server farm custodians who may have to ask Congress for forgiveness before the mandate becomes law. That’s because they’ve poured billions into Internet-based patient medical record repositories that are completely unregulated while Congress is too busy arguing the details of reform to pay full attention to patient privacy.

What’s more, as far as anyone can tell, these free subscriber-based services are exempt from the Health Insurance Portability and Accountability Act (HIPPA). This means all the information you, your insurance company or your authorized physician(s) store on Google or Microsoft servers is a simple keystroke away from becoming public information for all the world to see.

Bill Gates, M.D.

Google Health, one of the latest data integration components from the Silicon Valley search engine giant, and HealthVault, Microsoft’s near-mirror service, market themselves to consumers who want to simplify their medical histories using their servers as the electronic filing cabinet. Once you sign up, you can grant permissions to your doctor, hospital, insurance company and pharmacy to read, review and add to your record. To save time at the doctor’s office or in the event of an emergency, the services tout, you can print a wallet card of your medical history and account information to carry with you.

Both companies place the security burden on the user, and have specific language in their respective use agreements that hold them harmless for any breach of data caused by a compromise of a user account. But Phil Cox, principal consultant at network security company SystemExperts, told Information Week magazine recently that security at both Google Health and Microsoft’s HealthVault is lousy.

“Given the security issues with generic credentials, I worry that individual users will have little recourse if their information is compromised,” said Cox. “I do think this will cause some very interesting legal challenges."

Cox and other IT security experts believe that both services will eventually be brought under HIPAA rules, which might cause Google and Microsoft to drop the services rather than bring them up to regulatory standards. Google and Microsoft plan to evolve their services to a complete data repository of health information, which would be a "HUGE collection of highly sensitive data" with "inadequate" protection, Cox said.

OMG! Becky has High Cholesterol!

Aside from other potential security breaches associated with storing information in “The Cloud” --- that nebulous place IT guys refer to which really means someone else’s hard drive other than your own, both Google and Microsoft use generic credentials. Your existing Windows Live ID and Google ID, which have had security violations in the past, is now the only firewall behind your medical history. This isn’t as big of a deal if say, an e-mail to your friend is sacrificed during a server outage. But data being protected in your medical records repository is much more sensitive than your calendar sporting the parties you’re headed to next weekend.

Simple blips of social data, work documents and web pages are the stuff that Windows and Google credentials were built to protect. Not the latest results of your C.T. Scan, your prescription for anti-depressant medication or your physician’s note revealing you have a terminal illness.

But technology analyst Richard Moore counters that privacy and security concerns for services like HealthVault and Google Health are overblown. Sure, he admits, a major security breach of healthcare information from either of those services would be a disaster. But the companies will use top-of-the-line security to protect data. And right now the data is scattered around small physician practices and hospitals, which have data breaches regularly. "I am of the opinion that your records will actually be safer and more secure than what is happening today," Moore said.

Find More spam firewall Articles