Will the New PHR Gorillas Embrace HIPAA? Taking a cue from clinical research

In April, the WSJ’s Health Blog pointed to an article that asserted that Microsoft and Google were not ‘covered entities’ under the HIPAA patient-privacy law.  Something more interesting than the article itself (from the New England Journal of Medicine), a link in the comments lead to this post, which mentions that insurance company Aetna is also getting into the PHR-management market, with its own systems.  In short, we are beginning to see large corporations grow into the health space with offers to log and store Patient Health Records (PHRs) on internal or external systems.

Great news for the shareholder, you might ask, but what’s this got to do with clinical research?  What’s this got to do with open solutions or clinical trial software?  OpenClinica was originally devised to cover all points of HIPAA, and because of that the amount of personally identifiable information is minimal, and can be removed entirely.

Without proper oversight and auditing, however, these large systems could easily turn into a headache for the end-users, which in Google’s case is the Cleveland Clinic, and in Microsoft’s case is the Mayo Clinic.  Both are large clients with a lot of important PHI.  OpenClinica, in its drive to be HIPAA compliant, also created a set of audits on its database, keeping track of who changed what parts of the clinical research data inside it. 

Microsoft’s HealthVault site has certainly received lots of accolades, and, while the Google Health announcement is not much more than a blog post itself, both pages have something in common; they both state that they are committed to the users’ privacy without ever mentioning HIPAA.  Here is hoping that they are holding themselves to a higher standard.

Leave a Reply