We have been working on adding additional features of Community Health Network's Personal Health Record (PHR) and a question occurred to me.
What is the expectation of privacy a patient has about the data they enter into a PHR on a health care provider’s web site?
If we used the information to help with providing patient care, do we need to ask the patient's permission before viewing the information? Or is there an assumption that we can use the data because they have entered it into a health care organization's PHR as long as we follow the requirements detail in HIPAA?
Google, Microsoft, Revolution Health and the other non-health care organizations offering PHRs do not need to follow HIPAA guidelines as far as I understand because the law was only written for health care entities.
I think I'm leaning to that we should ask for permission but it is not required for us to view it. Or we should detail in the PHR terms of use that we can use the information to help provide patient care and that we will not sell the information.
What do you think?
Posted by: Spencer on Saturday, June 28, 2008
I hear what you're saying but believe the laws are already changing as now they want PHRs to possibly comply with HIPAA... If the research is going to possibly help/advance mankind than I am all for it....if its just for someone/big business to mnake $$ I am against it! I only feat that using Google would somehow have my medical records show up in search results...instead I used www.MedicalRecords247.com which is secure and has hacker-safe certification on it. This way I expect my personal health records not to be displayed in search results.....just my $.02