HIPAA Expands to Personal Health Records â€” Just Not Google's or Microsoft's, If You Ask Them
Neil Versel of BNET reports:
Although Google and Microsoft have gotten plenty of attention for their Web-based personal health records, both companies have long maintained that theyâ€™re not bound by the privacy protections of a 1996 federal law known as HIPAA. And despite a recent HIPAA change â€” one intended to extend its privacy provisions to services like Google Health and Microsoftâ€™s HealthVault â€” both companies still insist theyâ€™re not bound by the law.
… â€œOur understanding is that HITECH, which is the jargon for [the health IT] part of the legislation, did not change the definition for a covered entity or a business associate, so our service is offered directly to the consumer,â€ Google Health Product Manager Roni Zeiger told Modern Healthcare last month. â€œ[O]ur understanding is that we are neither a covered entity nor a business associate,â€ he continued. â€œWeâ€™re providing a service directly to the consumer or a patient.â€
iHealthBeat has more on this issue.