Privacy and Credibility
Privacy is the chief concern in the arena of online health, whether it be in the context of personal health records or health social networks.
Some health consumers may have a false sense of security as a result of being fully indoctrinated into the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was enacted by the U.S. Congress in 1996 with a Privacy Rule added in 2003. One of its goals was to regulate the use and disclosure of Protected Health Information (PHI) by insurers and healthcare providers. Microsoft and Google are not insurers or healthcare providers. Neither are any of the health social networks. As a consequence they are not covered by HIPAA requirements. In addition, these are all "opt-in" services, and the usage agreements of each service spells out what can be done with your information.
In a sense, the opt-in nature of the services also serves as an incentive for vendors to keep their users' data safe and private. If consumers don't trust you with their most valuable information (most people would rather lose their credit cards than their medical records), they are not going to use your product. The HealthVault privacy model ensures that any data stored in the repository will not be remarketed for any reason, even with indentifying information removed, without the explicit consent of the user. Google Health takes a similar stance with the caveat that they may share information "in limited situations ... such as when Google believes it is required to do so by law."
A more intractable problem than privacy is the credibility of the information in the PHR. If a medical record is created and controlled entirely by a healthcare provider, as is the case with most electronic medical records, a doctor can generally trust the information and make decisions accordingly. If the information is entered or edited by the patient, is the data as trustworthy? It is not uncommon for patients to misreport symptoms in order to influence a doctor's actions. What happens when these distortions are backed up by a PHR that the patient has doctored? Drug companies have a tremendous financial incentive to show high adoption and efficacy rates for their products. How do we know that the extraordinary effectiveness of a new drug being reported across CureTogether and PatientsLikeMe wasn't put there by a marketing department?
These are risks, but like any new health treatment, they are known risks, and steps can be taken to mitigate them. HealthVault, for example, maintains an audit trail that records every change to a record, who made it, and when. If a doctor sees a diagnosis of "mild" schizophrenia on a patient's chart, he or she will know if that was entered by a doctor or if the patient themselves changed it from a diagnosis of "severe." The open community of the health social networks itself provides a de facto peer-review dynamic that can raise red flags and alert the community to fraud and malfeasance. It is up to the consumer, whether they be patient or doctor, to weigh the risks against the benefits.
Networking the PHR
While both personal health records and health social networks present tremendous opportunities in health and wellness, the biggest opportunity may be in bringing them together.
In the nascent science of social networks there is a concept known as "object-centered sociality." Successful social networks are not just a set of links between people. They are connections among people centered on an object of common interest. That object may be a job, a hobby, or a medical record. Entering medical data into health social networks is laborious and error-prone. If portions of a PHR could be incorporated into a disease forum or shared privately with a "friend," the value of the networks and the PHRs would be dramatically increased.
There are signs that thing are moving in this direction, with new partnerships and service offerings being announced almost daily. PatientsLikeMe has recently announced a partnership with personal genomics company 23andMe, Inc. to create a "genetics search engine" for the ALS community. This will allow sufferers of Lou Gehrig's disease to share disease-linked genetic information and use it to find other patients like themselves. With more than 5% of patients currently diagnosed with ALS already site members, PatientsLikeMe represents the largest ALS database in existence. Adding genetic data to the mix can only increase the depth and value of the resource. And with more than 20,000 downloads of the HealthVault software development kit to date, it is only a matter of time before PHRs are added to the mix.
Companies Featured in This Article
Google Health: www.google.com/health
Microsoft HealthVault: www.healthvault.com