Report Raises Privacy Concerns About Online Health Record Services
On Wednesday the San Diego-based World Privacy Forum released a report that warns consumers about using third-party Web sites to consolidate their personal health records because the sites might not be subject to federal privacy and security regulations, the San Francisco Chronicle reports.
The report does not cite specific companies or examples of consumer problems but offers questions consumers should consider before signing up for a PHR service.
Pam Dixon, executive director of the World Privacy Forum, said some companies that keep PHRs are not covered under the Health Insurance Portability and Accountability Act, which sets basic privacy and security standards (Gage, San Francisco Chronicle, 2/20).
Dixon said the most important consideration in signing up for an online PHR service is to determine whether the vendor is "covered by HIPAA" or "compliant with HIPAA." In many cases, technology and Internet companies that operate PHR services are not bound by HIPAA's medical privacy rule and can change their privacy policies at any time, Dixon said (Knight, Dow Jones, 2/20).
Californians have more protections than residents of many other states because California's Confidentiality of Medical Information Act restricts companies from marketing medical information without informing consumers and allowing them to opt out (San Francisco Chronicle, 2/20).
The report is on WPF's Web site (.pdf).