A timely reality check
As the World Privacy Forum pointed out yesterday, companies like Google are not governed by the Health Insurance Portability and Accountability Act or HIPAA. “Don’t assume your medical records are protected no matter where they are: HIPAA privacy protections generally do not follow the health-care files,” the WPF warned. “HIPAA’s protections generally do not ‘travel’ with or follow a medical record that is disclosed to a third party outside the health-care treatment and payment system. … After you have disclosed your health care information to a PHR (Personal Health Records) outside the privacy protections of the health care system (HIPAA), your information can be used or redisclosed by the PHR in ways that would not be permitted for the same information if held by your doctor or health plan.