LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Google health records online
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 21 May 2008 07:55:48 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (87 lines)

Now online:  http://www.google.com/health <http://www.google.com/health>
>
>   The Google eHealth terms of service states:
>
> "Google may only use health information you provide as permitted by the
> Google Health Privacy Policy, your Sharing Authorization, and applicable
> law.  Google is not a "covered entity" under the Health Insurance
> Portability and Accountability Act of 1996 and the regulations
> promulgated thereunder ("HIPAA").  As a result, HIPAA does not apply to
> the transmission of health information by Google to any third party."
>

Well, from the "Let's Open Up a REAL Can of Worms" file...

Not covered by HIPAA, I'm assuming because individuals who elect to use this
'service' do so of their own free will and agree to this 'Sharing
Authorization' which frees Google from any responsibility for what may
happen to the content.  And that makes sense... for Google.

What they haven't defined very well, and here's where people should exercise
some caution... is how the information is stored and backed up, who has
access to it and in what manner, how they would respond to a legal action
regarding records of an incapacitated or deceased account holder when
successor family members wanted access to the information (remember the
Yahoo suit from a deceased soldier's family?) and what happens if someone
inappropriately gains access to this cache of information under whatever
conditions.

Keep in mind what happened during Hurricane Katrina, when records that WERE
under a third part agreement and protected by HIPAA were opened up by a
simple call from the DHHS allowed open access to the prescription records of
thousands of citizens
http://www.cantonrep.com/index.php?Category=23&ID=242208&r=0

They 'suspended' the rules of HIPAA and other State rules as well, combined
all of the records of numerous pharmacies in to one database and said  the
'database program would end once the evacuees were resettled in their
homes".... well, for tens of thousands of Gulf Coast residents, this STILL
hasn't happened... and there are others who were NEVER DISPLACED, but their
records were gathered as well and are now in the hands of people they didn't
authorize to have them.  This was in September of 2005, there was an entry
strategy but no exit strategy... something that seems a common practice for
this current Administration.

The whole concept of EMR/EHR is far from foolproof, and as with many other
deployments of technology, it's simple to gather the content and put it into
a system, it simply takes time and money... but what about the protection of
the data, the care and feeding, and the long-term accessibility?  There has
been talk about the savings and safety that would be realized from creating
this "Pie in the Sky" National Healthcare Database, but we constantly see
the stories of loses and exposure of critical PII and PHI here and abroad,
simply because insufficient safeguards were built in.  This, like many other
things seems as if it's an unfunded mandate that hasn't been clearly thought
through.

And the initial subjects will be the military personnel records, and those
of Federal employees under the guise of greater accessibility and decreased
cost to manage content.  Thankfully, I'm in neither of those categories.
And when it comes to the Google product offering, well, I think I'll pass
for the time being.  Maybe after the first exposure of someone else's
records or the conclusion of the first court case involving someones records
being subpoenaed for access and the wrong records being exposed... but not
now.

If anyone wants to read more on some of the cases where EMR/EHR exposure has
happened or concerns exist within the privacy or medical community, try any
of these blog posts and the embedded links.

http://blogs.computerworld.com/node/994
http://blogs.computerworld.com/another_stab_at_emr_ehr_another_potential_bleed_out?rec=1
http://blogs.computerworld.com/node/2017
http://blogs.computerworld.com/node/1185


Thanks for the warning Liz.

Larry
-- 
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US