Google’s recent announcement that it is creating a home for personal health records online is a natural outgrowth of Silicon Valley’s Web 2.0 consumer Internet focus. The question this raises is whether a market-driven system is better for keeping health records than one run by the government.
Groups like the World Privacy Forum worry that initiatives like Google’s might threaten privacy because tech companies “are not subject to the HIPAA (Health Insurance Portability and Accountability Act) health privacy rule.” This is interesting given that the WPF also seems to have a number of complaints against HIPAA, and many experts on HIPAA agree that the law is more about the portability of medical data than about privacy.
HIPAA benefits the government and big business at the expense of consumers, according to consumer advocates like Sue Blevins at the Institute for Health Freedom. “HIPAA takes power away from individuals and gives the decision to the government as to who can access your data.”
As most people know by now, when you sign the HIPAA consent form at the doctor’s office, it isn’t so that you can make a decision about who gets your data, because that’s already decided by law. Rather, the purpose of the consent form is to enable doctors to prove they notified you, and that your data can be shared and used. That’s a pretty perverse idea of privacy, but should any of us be surprised? The government almost always does a bad job at responding to consumer needs and managing information. Those tempted to disagree might recall their last encounter with the Department of Motor Vehicles.
“That’s the reason concierge medicine is taking off,” says San Francisco-based private doctor Jordan Shlain. “There’s no consumer brand like Starbucks for healthcare yet.”
A recent study by the Deloitte Center for Health Solutions showed that 88 percent of those surveyed want to manage their health data online. Yet despite this demand, rules that create perverse incentives stymie the current system in which most people operate.
Government-driven systems fail at creating a good user experience, not because government is inherently bad, but because there’s no incentive to be responsive. Consider for a moment the consequences of a privacy breech under the government’s HIPAA system versus those under a market-based Google or Microsoft-led system. (Microsoft launched HealthVault last year).
If your data were stolen or sold by someone operating under HIPAA, you would have to file a case with the U.S. Department of Health and Human Services. If, after much deliberation, officials determined that your claim was real, the person who violated your privacy would have to pay a fine to the government. You would get nothing, as there is no private right of action under HIPAA. So, under HIPAA, the federal government actually makes money when your rights are violated.
Now think about what would happen if someone breeched the security systems of Google or Microsoft. First, there would be a massive amount of media coverage. The companies would be under immense public pressure to fix whatever happened within hours — not the days, weeks or months that a government committee would take. You would demand action now, and if the violation was contrary to their stated privacy policy, you could sue them and be paid the damages.
Read more here.