Google, Microsoft Back Online Health Records Privacy Framework
The Markle Foundation rolled out a set of best practices backed by medical professionals, health insurers, consumer groups, healthcare providers, employer coalitions, and tech companies.
Nearly half of Americans are interested in using Web-based tools to collect and manage their personal health information, but 90% are wary of the privacy and safety of that sensitive data, according to a new survey commissioned by non-profit organization Markle Foundation.
However, a new common framework of technology and policy practices also unveiled by Markle on Wednesday, and endorsed by a diverse group of health industry and technology companies, aims to alleviate those consumer fears.
The new framework was developed by Markle Foundation's Connecting for Health private-public collaborative, with input from 46 organizations ranging from medical professional groups such as the American Academy of Family Physicians; health insurers like BlueCross Blue Shield Assoc.; consumer groups like Consumer Union; healthcare providers like New York-Presbyterian Hospital and Geisinger Health System; and employer coalitions Pacific Business Group On Health and Dossia, which is developing a personal health record system for millions of its own members' employees; and technology providers like Google and Microsoft, which are also offering up their own personal health record tools for consumers.
The framework "provides four overviews and 14 specific technology and policy approaches for consumers to access online health services, to obtain and control copies of health information about them, to authorize the sharing of their information with others, and sound privacy and security practices," according to a Markle statement.
Among the practices covered by the framework are provisions for online services to provide consumers with audit trails on who accesses their online health data, and processes for consumer to request corrections or dispute information in their records.
Work on the framework began about 18 months ago, said Dr. Carol Diamond, Connecting for Health chair, during a teleconference on Wednesday. During that time, several companies, including Microsoft and Google, as well as health care providers and employer groups, have begun rolling out their online personal health record services for consumers.
Many of the organizations that have been involved with the development of the framework have already started building those new Connecting for Health privacy and technology policies and practices into their offerings.
"We've been involved with Markle before the launch of HealthVault in 2007," said George Scriban, Microsoft senior manager of HealthVault, which is Microsoft's offering of Web-based personal health records tools and services for consumers. "We're been largely aligned [with the framework] from the beginning," he said.
Meanwhile, Google, which has also been involved in the development of the framework and recently made publicly available its Google Health personal health record tools for consumers, has made some "small changes" in its offering to align with the framework's suggestions, said Alfred Spector, Google VP of research and special initiatives. Those changes related to third-parties informing Google of "any breaches they have" if a consumer using Google Health gives consent for third-parties to access their health data.
"The beauty of the framework is that there are a lot of details," said Spector.
Meanwhile, for other companies looking to jump on to the consumer personal health record bandwagon, the framework has been assembled early enough in this emerging market so they too can develop their products and services with the framework's privacy policies and practices in mind, Diamond said.
"The framework comes at a critical time," she said.
In a survey of 1,580 American adults commissioned by Markel and conducted in May by Knowledge Networks, the poll found that 46.5% of respondents would be interested in using online personal health record services, which represents about 106 million Americans. However, nearly 90% of those surveyed said "privacy practices" are a factor in signing up for such services. Also, only 2.7% of respondents, representing about 6.1 million of Americans, have an electronic personal health record today.
With the Markle framework addressing the types of privacy concerns that Americans have about online personal health records, "a major logjam" to adoption of those tools is broken, said Markle president Zoe Baird.
Many of the online personal health record services offered to consumers by tech vendors like Google or Microsoft aren't protected by HIPAA's security and policy regulations because those companies are not health care providers. However, the framework aims to help fill those gaps, said Steve Findlay, a health analyst and publisher of Consumer Reports, the publication of consumer group Consumers Union, which also endorsed the framework on Wednesday.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.