Does HITECH have teeth? Google may not think so
I was astounded today to read in Modern Healthcare (the fact that I apparently was blacklisted from writing there for reasons never explained to me makes me reluctant to link to the story) that Google says the new privacy and security rules won’t change its PHR plans.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted last month as Title XIII of the American Recovery and Reinvestment Act of 2009, strengthens much of the privacy and security language of HIPAA. Some of the language effectively gives business associates the same responsibilities as covered entities when it comes to protecting patient data. Section 13408 specifically includes personal health records.
Reporter Joe Conn, my former boss and an all-round good guy (rare at MHC these days), quotes Google Health Product Manager Roni Zeiger, M.D., as saying the new legislation has no effect on the company’s offering. Zeiger actually said that Google Health, as a service offered directly to consumers, is neither a covered entity nor a business associate under the new law.
Excuse me? I’ve been struck since Day 1 with the arrogance Google seems to be exhibiting with its entry into healthcare (actually, since before Day 1, since Google says CEO Eric Schmidt’s speech to the 2008 HIMSS conference was not technically a product introduction), but it seems to me Zeiger is intimating that the law doesn’t apply to Google.
This is almost as ludicrous as former Vice President Dick Cheney suggesting in 2007 that he was a fourth branch of government.
Neil, In this case I agree with Roni – Google Health and HealthVault both are not and should not be HIPAA covered. The basic premise is simple. Let patient decide what to do with the data. Empower them with simple intuitive tools and clear instructions to take control of the data. why do you need some external body of law to govern what they can or cannot do with their own data?Think about the bigger picture here. You are trusting and empowering patients to take control of their health data and in turn helping them better manage their diseases. In longer run this will drive down the health care cost more than any other measure.
Chintan, the law does not dictate what people can or cannot do with their own data. The law is meant to protect the data people entrust to third parties like Google or Microsoft.