Google’s (Nasdaq: GOOG) recent announcement that it is creating a home for personal health records online is a natural outgrowth of Silicon Valley’s Web 2.0 consumer Internet focus. The question this raises is whether a market-driven system is better for keeping health records than one run by the government.
Groups like the World Privacy Forum worry that initiatives like Google’s might threaten privacy because tech companies “are not subject to the HIPAA (Health Insurance Portability and Accountability Act) health privacy rule.” This is interesting given that the WPF also seems to have a number of complaints against HIPAA, and many experts on HIPAA agree that the law is more about the portability of medical data than about privacy.
HIPAA benefits the government and big business at the expense of consumers, according to consumer advocates like Sue Blevins at the Institute for Health Freedom. “HIPAA takes power away from individuals and gives the decision to the government as to who can access your data.”
Managing Data
As most people know by now, when you sign the HIPAA consent form at the doctor’s office, it isn’t so that you can make a decision about who gets your data, because that’s already decided by law. Rather, the purpose of the consent form is to enable doctors to prove they notified you, and that your data can be shared and used. That’s a pretty perverse idea of privacy, but should any of us be surprised? The government almost always does a bad job at responding to consumer needs and managing information. Those tempted to disagree might recall their last encounter with the Department of Motor Vehicles.
“That’s the reason concierge medicine is taking off,” says San Francisco-based private doctor Jordan Shlain. “There’s no consumer brand like Starbucks for healthcare yet.”
A recent study by the Deloitte Center for Health Solutions showed that 88 percent of those surveyed want to manage their health data online. Yet despite this demand, rules that create perverse incentives stymie the current system in which most people operate.
Government-driven systems fail at creating a good user experience, not because government is inherently bad, but because there’s no incentive to be responsive. Consider for a moment the consequences of a privacy breech under the government’s HIPAA system versus those under a market-based Google or Microsoft-led system. (Microsoft (Nasdaq: MSFT) launched HealthVault last year).
A What-If Scenario
If your data were stolen or sold by someone operating under HIPAA, you would have to file a case with the U.S. Department of Health and Human Services. If, after much deliberation, officials determined that your claim was real, the person who violated your privacy would have to pay a fine to the government. You would get nothing, as there is no private right of action under HIPAA. So, under HIPAA, the federal government actually makes money when your rights are violated.
Now think about what would happen if someone breeched the security systems of Google or Microsoft. First, there would be a massive amount of media coverage. The companies would be under immense public pressure to fix whatever happened within hours — not the days, weeks or months that a government committee would take. You would demand action now, and if the violation was contrary to their stated privacy policy, you could sue them and be paid the damages.
Neither government nor private systems like Google’s health accounts will be perfectly secure, but it seems obvious which one would handle the problem better. Plus, there is the nagging issue of control.
Embrace the Movement
Health information is very sensitive. For instance, would you want your neighbor to know if you ever had herpes? Well, right now it is not the individual that gets to decide where their personal data goes. Right now, the government makes all the decisions. Of course, it could be argued that government rules are better than nothing and will at least provide mediocre privacy protection — bureaucrats probably won’t give your data to your neighbor. Fortunately, however, we don’t live in a world where the choice is between the government or nothing. A third option can give consumers real power.
To create a better system where consumers are truly in control and can access their data anytime they want, a market-based system like Google’s personal health records or Microsoft’s HealthVault is the way to go. For those who worry that the companies would then claim that all information on their servers is theirs, perhaps a law clearly making all health data the property of the consumer would be in order.
The management of health data is currently a mess, and innovative tech companies are looking to clean it up. Everyone should welcome this advance and embrace the movement towards health 2.0.
——————————————————————————–
Sonia Arrison, a TechNewsWorld columnist, is senior fellow in technology studies at the California-based Pacific Research Institute.
Health 2.0: A Promising Prescription
Sonia Arrison
Google’s (Nasdaq: GOOG) recent announcement that it is creating a home for personal health records online is a natural outgrowth of Silicon Valley’s Web 2.0 consumer Internet focus. The question this raises is whether a market-driven system is better for keeping health records than one run by the government.
Groups like the World Privacy Forum worry that initiatives like Google’s might threaten privacy because tech companies “are not subject to the HIPAA (Health Insurance Portability and Accountability Act) health privacy rule.” This is interesting given that the WPF also seems to have a number of complaints against HIPAA, and many experts on HIPAA agree that the law is more about the portability of medical data than about privacy.
HIPAA benefits the government and big business at the expense of consumers, according to consumer advocates like Sue Blevins at the Institute for Health Freedom. “HIPAA takes power away from individuals and gives the decision to the government as to who can access your data.”
Managing Data
As most people know by now, when you sign the HIPAA consent form at the doctor’s office, it isn’t so that you can make a decision about who gets your data, because that’s already decided by law. Rather, the purpose of the consent form is to enable doctors to prove they notified you, and that your data can be shared and used. That’s a pretty perverse idea of privacy, but should any of us be surprised? The government almost always does a bad job at responding to consumer needs and managing information. Those tempted to disagree might recall their last encounter with the Department of Motor Vehicles.
“That’s the reason concierge medicine is taking off,” says San Francisco-based private doctor Jordan Shlain. “There’s no consumer brand like Starbucks for healthcare yet.”
A recent study by the Deloitte Center for Health Solutions showed that 88 percent of those surveyed want to manage their health data online. Yet despite this demand, rules that create perverse incentives stymie the current system in which most people operate.
Government-driven systems fail at creating a good user experience, not because government is inherently bad, but because there’s no incentive to be responsive. Consider for a moment the consequences of a privacy breech under the government’s HIPAA system versus those under a market-based Google or Microsoft-led system. (Microsoft (Nasdaq: MSFT) launched HealthVault last year).
A What-If Scenario
If your data were stolen or sold by someone operating under HIPAA, you would have to file a case with the U.S. Department of Health and Human Services. If, after much deliberation, officials determined that your claim was real, the person who violated your privacy would have to pay a fine to the government. You would get nothing, as there is no private right of action under HIPAA. So, under HIPAA, the federal government actually makes money when your rights are violated.
Now think about what would happen if someone breeched the security systems of Google or Microsoft. First, there would be a massive amount of media coverage. The companies would be under immense public pressure to fix whatever happened within hours — not the days, weeks or months that a government committee would take. You would demand action now, and if the violation was contrary to their stated privacy policy, you could sue them and be paid the damages.
Neither government nor private systems like Google’s health accounts will be perfectly secure, but it seems obvious which one would handle the problem better. Plus, there is the nagging issue of control.
Embrace the Movement
Health information is very sensitive. For instance, would you want your neighbor to know if you ever had herpes? Well, right now it is not the individual that gets to decide where their personal data goes. Right now, the government makes all the decisions. Of course, it could be argued that government rules are better than nothing and will at least provide mediocre privacy protection — bureaucrats probably won’t give your data to your neighbor. Fortunately, however, we don’t live in a world where the choice is between the government or nothing. A third option can give consumers real power.
To create a better system where consumers are truly in control and can access their data anytime they want, a market-based system like Google’s personal health records or Microsoft’s HealthVault is the way to go. For those who worry that the companies would then claim that all information on their servers is theirs, perhaps a law clearly making all health data the property of the consumer would be in order.
The management of health data is currently a mess, and innovative tech companies are looking to clean it up. Everyone should welcome this advance and embrace the movement towards health 2.0.
——————————————————————————–
Sonia Arrison, a TechNewsWorld columnist, is senior fellow in technology studies at the California-based Pacific Research Institute.
Nothing contained in this blog is to be construed as necessarily reflecting the views of the Pacific Research Institute or as an attempt to thwart or aid the passage of any legislation.