HIPAA Expands to Personal Health Records — Just Not Google's or Microsoft's, If You Ask Them


Neil Versel of BNET reports:

Although Google and Microsoft have gotten plenty of attention for their Web-based personal health records, both companies have long maintained that they’re not bound by the privacy protections of a 1996 federal law known as HIPAA. And despite a recent HIPAA change — one intended to extend its privacy provisions to services like Google Health and Microsoft’s HealthVault — both companies still insist they’re not bound by the law.

… “Our understanding is that HITECH, which is the jargon for [the health IT] part of the legislation, did not change the definition for a covered entity or a business associate, so our service is offered directly to the consumer,” Google Health Product Manager Roni Zeiger told Modern Healthcare last month. “[O]ur understanding is that we are neither a covered entity nor a business associate,” he continued. “We’re providing a service directly to the consumer or a patient.”

iHealthBeat has more on this issue.

About the author: Dissent

2 comments to “HIPAA Expands to Personal Health Records — Just Not Google's or Microsoft's, If You Ask Them”

You can leave a reply or Trackback this post.
  1. Anonymous - April 9, 2009

    You have to wonder what will happen with all of this information in one place. Without HIPAA, there are no penalties if Google’s beta goes awry. We already have problems with physicians dumping records. If Google drops a few million users info on the net for a few minutes, the results could be catastrophic.

  2. Anonymous - April 9, 2009

    It’s a potential privacy Chernobyl, to be sure.

    What do you think about their interpretation of the new law? Do you feel that the law does cover their services?

Comments are closed.