Google and Microsoft have plans to get into the health data business. The basic idea is that people would permit their medical records (or parts of them) to be copied onto servers controlled by Google (Google Health) or Microsoft (Microsoft Vault).
There are numerous advantages to having your medical records available online. One is that you would be able to access your own records easily when you needed them. For example, if you wondered when you last got a tetanus booster, you could look it up.
Another is that your records would be available to medical professionals anywhere in the world (with internet access). So, for example, if you were injured while on a trip to another state or country, your records would be available to the physician treating you. If, for example, you are fatally allergic to penicillin, such information could be a literal life saver.
There are, of course, serious concerns about having medical records available online. First, there is the concern about the security of online records.
In the United States patients enjoy the powerful legal protection of the Health Insurance Portability and Accountability Act (HIPAA). This act requires, among other things, that medical records be properly secured and that they cannot be exploited for commercial gain. Obviously, the system is not perfect and your information’s security depends entirely on those people who are supposed to keep it safe. In general, though, the record is quite good. One reason is, of course, that actually getting to medical records in a doctor’s office or pharmacy would require effort and the very real risk of being caught and punished.
In the case of online records, the chances of someone gaining access to the records increases dramatically. This is because, obviously enough, online files can be (in theory) accessed from anywhere. A hacker could, for example, tap into your records from another country and post them online, sell them or use them in a blackmail scheme (“Mr. Jones, please send me money or Mrs. Jones will get a copy of your records showing that you were treated for syphilis last year”). Also, as has happened with things like credit card numbers, access to them might be granted by accident or error. Because of these problems, the system would need to be safeguarded from hacking and accidents. Of course, this is true of any system that deals with important and confidential information and it is something that can most likely be achieved.
In addition to illegal intrusions and accidents, there is also the concern about legal access to the information. As noted above, American medical records are protected by HIPAA.While intuitively one would think that HIPAA would automatically extend to the online files, this is not the case. The law would have to be modified so that HIPAA (or similar rules) governed the online services.
Since Google and Microsoft are in the business of making money, it would be wise to carefully check to see what rights and protections you have before you decide to use either service (when and if they become fully available). The brief history of the internet is dotted (pardon the pun) with cases in which “private” information was not really very private-especially when there was money to be made.
I am not, of course, suggesting that companies would make private medical data available to other companies (such as insurance companies, pharmaceutical companies and marketing companies) or other divisions of their own company. There is obviously no need to make that suggestion at all.
From a logical standpoint, whether you should use such a service depends on two factors. First, how likely are you to benefit from the service? Second, how much harm would you suffer if your records were compromised? If such a service would be useful to you and you have nothing to hide, then it would be reasonable to sign up. If the service would not be very useful, then there would be little reason to bother. If your medical records being revealed could do serious damage to your private or professional life, then you should probably not use such a service (and, in some cases, you might wish to reconsider your way of life).