We Want it; We Don’t Want it; and Google

Actually we do want access to our own health information. The title is a reference to three things:

1. Personal Health Records, why PHRs May Threaten Privacy, published by the World Privacy Forum.

I think this is less about not using a Personal Health Record (PHR) and more about understanding HIPAA, and its useful. The paper states clearly that the discussion is a different one for HIPAA-covered entities (such as Kaiser Permanente and Group Health). I would recommend that people review the information or at least the summary document to be familiar with what an organization can or can’t legally do with personal health information. I think that’s the key – even if an organization states it is not going to do something, there may be no legal protection if they change their mind.

So could a personal health record threaten privacy? Sure. Is it a reason not to use one? That’s a personal decision of benefits vs risks. I think it would be a challenging statement to say that these concerns should keep all Americans from having access to their own health information, and certainly the situation is different for HIPAA-covered entities, where there is both access and legal protections. I also think that we should not rely on information technology to create trust for us using software, or the system we have long been waiting for will never arrive.

2. Deloitte’s 2008 Survey of Health Care Consumers, published by the Deloitte Center for Health Solutions

This is a very well done representative survey sample of Americans with regard to health care with a focus on online access an alternative treatments. The conclusion is very clear: consumers want access to information created by themselves with their physicians, hospitals and health plans. And only 6 percent have this access. So, a huge discrepancy between what people want and what they are getting.

I keyed in on some very important statements, that buttress a fact from my travels, that “uninsured does not mean uninformed”:

The attitudes and preferences of the uninsured mirror those of the insured

Interest in online appointment scheduling, e-mail access, and online access to medical records and test results is equally high in the uninsured and insured groups.

There was a similar attempt at creating “personas” of the various consumer groups in this paper, much as we did here, for the stakeholders we are working with. I would say that the technique is less effective in this report because the personas aren’t based on standard terms and are likely to be forgotten. In the health system world, it seems easier to segment by known groups, like Gen X, Gen Y, baby boomer, or by insurance status or by care system.

One other item of note is that 60% of respondents state that they are on medications. That’s an impressive number, especially when I think about the power of the compounds that we prescribe today. Having access to one’s information is more than a convenience. I wrote about a real-life example that I encountered recently, on my blog.

3. Google. See for yourself. I think this ties together a lot of the ideas above. John Halamka makes some comments about HIPAA and the Google product based on his experience being on the Google Health Advisory board. I think patient-centeredness may become mainstream. Comments are welcome of course.


Alot of the PHR efforts are about centralizing a repository for patient's medical information, with the data still housed in scanned documents, medical jargoned lab reports, imaging results etc.

It's still provider centered info. Helpful as the patient moves from provider to provider, but reflects interest in facilitating the provider decision support and revenue cycle–it may help reduce reduncancy, but not necessarily patient empowerment.We need an approach to medical information that empowers patients with information that reflects their level of understanding, and choices that work for them. We have a long way to go.

Okay, so I'm commenting two months later, prompted by the launch this week of Google Health.

I don't get it, and neither do the other people over on the e-Patient blog, and certainly not the GOOG skeptics commenting on Slashdot.

Sure, the general idea of mash-ups is great. But handing one's data to Google, which is not subject to HIPAA protections?? And which has some serious hypocrisy issues in its past, when push comes to shove?

This looks like a solution in search of a problem. My concerns would be infinitely lower if the data were being managed by an open-source not-for-profit organization, but even then I'd ask what problem this solves.

Hey Dave,

I just set up a profile briefly but I don't have any medical data housed in any of the providers listed (currently). I tend to be optimistic about something like this. There is a problem of patients not being involved enough and having access to their medical information in an understandable form (not everyone gets care in a system with a great patient access tool like we do), so this work is changing the conversation about whether that should continue, in a good way. Maybe sufficiently so that there will be an option to use the same standards to transport the data to a consumer governed non-profit health record bank, for example.

On the issue of standards, my understanding is that this action is actually supporting the CCR, which I don't think is open source itself, but fully licenced under Apache 2 (I'll need a CCR expert to validate this part). Having just returned from a CCR workshop, I see the promise of the standard and there is benefit in Google deploying it.

I don't know…maybe in a future world you might have data from specialist x, lab y, your blood pressure meter q, and you want your primary physician's EHR to get a snapshot (along with a few blog entries over how you're feeling) from your secure RSS feed. How would that be?

Exciting times,


Ted Eytan, MD