HIMSS08: Google unveils details of PHR

There are no EMR/PHR or traditional record systems that are 100% secure. To be sure, there are various levels of authentication "strength," but multi-factor authentication and extremely complex password and client VPN systems are more deterrent than worthwhile. These strategies appeal to tech-heads but are probably overkill for most people just trying to store old EKGs or web-based medication lists so future doctors (authorized by them) can have this info to treat them.

I trust the internet for thousand dollar transactions when I log into my bank or stock broker. It doesn't take much sophistication to understand the basics of secure browser transactions and to conceive of the benefits of a simple, patient-controlled starting point like publishing medication allergies or do not resuscitate wishes on a secure site. This makes one's records much more portable and available to future doctors (in or out of their current network). In the real world of clinical practice, we understand that 128 bit browser-based security is sufficient, and the "improvement in accessibility" tradeoff is well worth the infinitesimal and probably inconsequential risk of network breech.

I think Google's strategy will circumvent the fears about "less than military grade" security strength by allowing patients to opt-in and decide for themselves if this is sufficient for them. It would be for me. In my opinion the paranoid over-hype about excessive security and theoretical hacker risk is extremely overblown and artificially limits us. The biggest real threat is the lag in our medical industry to embrace any standards. This very slow adoption rate is much more dangerous to our health care delivery system because most people lack technical sophistication and listen to fear-mongering theoreticians. This generates a misinformed reluctance to build a PHR from both sides. From the practitioner side, we are afraid to recommend on particular product because of fear of fractionation and lack of standardization.

A sober review of history reveals much. We hear a lot about the 50 million VA records that were compromised (mine was one of them). What actual harm actually came from this? Not much except from the confidence setback.

I'm glad to see one of the recognized global players taking a stand. As an active Emergency Physician, this would help me render improved care for the majority of patients who come my way unexpectedly in the Emergency Department.

--John Ogle, MD, MPH, FACEP

I don't really think that these PHR's could be any less secure than my banking website. It sure is safer than my social security number. As a consumer, I think this is the way we need to go.

Bring it on.

Dear Anne:

I read your mention about Google Health, as well as the informative comment from Dr. Ogle with interest. It goes without saying that the significance of these giants’ bold entry into the PHR market was underappreciated until last week. I think you and others have made it clear to many that the 2008 HIMSS meeting may well be forever known as a vital turning point in achieving a national EHR system - and at a fair price to boot. Isn’t that wonderful? Consumerism always trumps mandates in the end - even in Cuba. Sometimes it just takes a lifetime and a fresh family member.

It is my opinion that without the two IT giants competing for consumers and on behalf of consumers, HHS Secretary Michael Leavitt’s plans for EHRs were destined to run aground because of lack of consumer appeal. Without trust, EHRs are worse than useless, they are dangerous. Unlike absurdity, trust cannot be mandated.

Here is what I hope will happen: Acceptance of EHRs will soon reach a consumer-driven tipping point for solo physicians - attaining an impressive 40% of the market by, say, October 25th, 2008. The adoption of viable, interoperable EHRs will cost taxpayers much less than it will cost for Leavitt to bribe another 1200 physicians just to try EHR systems that are so lousy that they will otherwise continue to sit on the shelf. Consumer demand for government mandated EHRs is understandably absent. After all, it is a mandate for Pete’s sake. At best, patients are indifferent about today’s EHRs. A free-market EHR effort supported by Microsoft or Google on the other hand will actually generate tax revenue in a traditional manner instead of bearing yet more senseless burdens on our nation’s competitiveness in the world market. We already have those.

While there is nothing holding down the cost for providers (patients) to fund an unfunded mandate, consumer-driven, free-market EHRs - unencumbered by the mostly meaningless HIPAA rule, will cost nothing to taxpayers and will boost healthcare productivity by eliminating most of the recently added IT jobs in the nation - saving real money in healthcare. Since employee theft of identifiers is increasing, cutting staff will slow data breaches for the first time… ever. It would clearly be awkward to argue otherwise.

I just don’t understand how a person can put any faith at all in HIPAA’s ability to protect privacy. HIPAA is a ruse. Consider this: More than 160,000 EHRs have been fumbled on Leavitt’s watch in less than three years, yet he continues to screw things up with reckless abandon. If Google fumbles fewer than 1.6 PHRs, it will hurt Google, but it will especially hurt Eric Schmidt. Quite simply, quality is directly proportional to accountability. For Schmidt to continue to bring success to Google, he must hold himself accountable to consumers. Leavitt, on the other hand, heads a traditionally insulated bureaucracy. He is accountable to the President, who is accountable to big business. Consumers are the target rather than the beneficiary of this administration’s machinations.

With Google Health one has the choice to opt-in. With HIPAA, there is no way out. Consumer rights are better than no rights at all. Darrell Pruitt