>So until the provider community decides to step up and commit to one (or even a couple) standard electronic health record platforms, G-Health won't be much more than a curiosity.

Standard health record platforms are not necessary. Standard health record formats are essential.

I'm going to have to look into this. My husband has epilepsy and can (and has) ended up unconscious in emergency rooms all over the place. If he could have a MedAlert bracelet with a G-Health code, so that any doctor (or emergency services personnel) could access his history that would be a massively helpful thing.

Google is in a race for our hearts and minds with Microsoft Health Vault.

The industry direction is in the standardization of health record transmission formats. The goal, for better or worse, is to allow the user to import and export data in a standardized form to and from health-record repositories.

Ezra,
I work at a pediatric hospital and have only seen the Microsoft pitch for online health integration service (I forget the brand name). But the idea is that the data-entry and synthesis will be handled by third-parties. The G-Health and Microsoft-equivalent will be open-source platforms, the same way that PCs/MS-DOS supports programs used by anyway who knows how to program.
Finally, on the issue of Privacy, HIPAA, The Health Insurance Portability and Accountability Act is the gorilla in the room on this subject. There are very strict limits on what companies/hosptials ("Covered Entities") can do without your express approval and limits on what they can do based on your explicit approval. However, if you control your medical records, as could be the case, then the major problem you'd have to watch out for is Google not properly certifying researchers requesting access via G-Health.

A few thoughts:

Its not clear to me that funding is necessary for this to happen. Funding probably will occur due to lobbying from the AMA, and it would certainly make adoption quicker, but its not necessary. Why?

-- There is a good case (although disputed) that implementing health IT is a positive ROI for providers.

-- Trends towards outcomes-based reimbursement will accelerate the ROI case-- if you need to show that 90% of your diabetic patients had their HbA1c checked every 6 months, that's a daunting task if your medical records are paper. If they are electronic, its a pretty simple task. If let's say 10 to 20% of physician compensation gets tied to these measures-- the ROI for health IT increases significantly.

-- The market may demand it. The thing that I find interesting about Google Health is that they are attempting to partner with organizations-- top-flight hospitals liked BIDMC, pharmacies, etc. If they get more adopters among providers, the market dynamics could shift. Patients may start demanding (or shifting to) providers that link to Google Health, which combined with the ROI dynamics above, could provide the impetus for change.

That said, I think its a you've highlighted a key problem with the Google model:

If Google gets all this information, then squirrels it away, it's robbed of its potential to improve care.

Its hard to see how this isn't the business model for Google. It would take substantial investments for Google Health to really work the way they envision, and those dollars need to come from somewhere. Now perhaps they envision some price differntiation between commercial (pharma for example) users and public ones that have free access (government, academia), but I think we should push for some more clarity on how Google intends to use and/or share this information if they are successful. It'll make all the difference as to whether they are a potential help to real health care reform, or a hindrance.

William,

The bigger problem is that Google isn't covered by HIPAA, and they are resistant/lobbying against reforms to make them a covered entity.

'..if you control your records..' One problem with that scenarion is states like Oregon where you dont own your records by state law.

In Oregon doctors own your records like lab test results. Through Hippa now you can gain access to them through a protracted process, sometimes. Google is going to have a tough time threading needles like that.

The fact that Google Health isn't covered by HIPAA is troubling for me, not only because I don't trust them (or any other entity whose legal obligation is only to the bottom line) in the long run, but also because because owning (ahem) all this information makes them a very high-value target.

In the current anything-goes climate of electronic records/transaction security, it seems really stupid to be talking about putting medical records (that is, even more records than are already held by insurance companies and medical-information clearinghouses) in hacker-accessible form.

And of course I can't wait to see what happens to the current paper files when they get transcribed to "standardized" digital form by the lowest bidder.

I wrote a blog post about HealthVault earlier this year. I didn't find it convincing:

At SxSW this year, I attended the Transforming Hospital Systems: The Digital Future of Healthcare panel. In it, we got a pitch from the Microsoft representative for their entry into the electronic medical records field, Microsoft HealthVault.

I asked him the following question, which I admit was kind of tough:

"Microsoft operating systems and software are famously insecure, and Microsoft itself has the unfortunate reputation for being a corporate predator. What is Microsoft doing to win the trust of medical consumers, and show them that Microsoft would be a good steward of their private medical information?"

His answer was disappointing. He admitted that Microsoft has had problems in the past, but claimed that the premise of my question was based on outdated information about the security of Microsoft products. He didn't provide an answer about what proactive steps Microsoft was taking to reassure people about the safety of their medical data.

In my view, merely asserting that security problems are a thing of the past, then in effect asking for the public's trust, is woefully insufficient. We still often hear reports of malware and security breaches in Microsoft products. And many people (I'm not one of them, btw) believe that Microsoft is just plain evil; bland assurances of safety will not cut the mustard.

Another issue wasn't dealt with in the panel, and I can't find a mention of it on the HealthVault site, either. That's the Roach Motel problem, where your data checks in, but it never comes out of the Microsoft system. In the past, Microsoft has been infamous for that kind of lock-in, implemented through proprietary formats and by providing no tools for extracting data. According to the site's privacy statement, you can delete your account and personal information, but there's no mention of ways to get the data — your data — out of the HealthVault system, should you choose to switch to another electronic medical records system.

It's clear that all of these systems, from Microsoft, Google, or others, must be required to have an interchange format that all of them can read and write. That's obviously something that would need to be mandated by the government, and possibly regulated, too.

Without a much better answer for health information security, and without knowing how my medical records can be made portable, there's no way I'd be interested in using HealthVault. A name that merely connotes security is no substitute for real security.

Even with a mandated interchange format, you only solve a fraction of the Roach Motel problem. You can bet that Microsoft and Google will be competing to sign up healthcare providers, so that getting your data out to another repository won't necessarily mean your provider can get to it easily. And in addition to making sure a copy of your data can leave, it would be really nice to guarantee that another copy doesn't stay (you know, just in case you decide someday that you want to switch back, entirely for your convenience).

I showed my 78 year old mom Google Health the day it came out and the very next morning she entered in all of her various procedures, tests, and meds using the handy interface. She thought Google Health was a very handy tool to quickly make a record of her procedures to use as a reference for filling out health forms, etc.. She's not linked up to any of her more private files (at the pharmacist or doctor) but if you view Google Health as a kind of health calendar or spreadsheet it's pretty handy - even if it doesn't solve any macro health records problems.

shorter me: it's handy!

Sadly, Google Health is no better than Microsoft. Import all the data you want; export nothing.

Google not being covered by HIPAA is just the tip of the iceberg. But there's a reason every other entity that takes care of your health *is* covered by HIPAA -- it protects consumers.

Google's only purpose is to find a way to monetize this information. They know third parties will pay to get access to it, even in the aggregate. Or to sell these services to consumers who use it.

At the end of the day, it's just yet another way to market to the consumer. That's it. It will do nothing to improve patient outcomes that consumers couldn't use a spreadsheet or piece of paper for today.

I no longer believe that any of my personal medical information should be free of cost to anyone other than my own doctor. If any entity desires, they can pay ME to use their system. After all, they are benefitting from my information. That goes double for any medical surveys, and I'm starting to think that if my doctor wants to have a trainee come take a look at me with him/her, they can PAY ME for the teaching experience. I am so done with subsidizing this insanity supposedly so they can make better products and health services - which I still have to pay a lot of money for - even with insurance. So forget it. Do I smoke? Guess. How much fruit and vegetables do I eat in a day - I know, my doctor knows and you don't. And if you really really need to know, you owe me $5.00. The cigarette info - you owe me $1,000. Meds I take - wooo - big pharma has the money, shall I say $5000.00 per Rx info. Per person. Get the info while it's cheap. These prices are for today only.

I second (or fifth, or whatever) the posters upthread who pointed out that the key to interoperability is having shared standards of data transmission. This project is actually pretty far along, and good standards already exist for some purposes (LOINC, SNOMED, the combination of HL7 and X-12 called CCR, etc.). We do not have "out of the box" interoperability due to resistance from companies that survive by being Roach motels, particularly some of the old-line electronic medical record companies. But HHS and many other public agencies and nonprofits understand the need for it, and a workable standard that can be used help to create the NHIN (national health information network) is only a couple years away.

Google or not, most people will be able to freely share most of their medical records electronically within 10 years.

The biggest sticking point is just getting providers to buy an electronic system in the first place. There is now a certification standard called CCHIT, and very quickly this standard will be tied to the national health information network. Buying a CCHIT certified EMR will soon mean that it is set up to link (probably through a local intermediary) to the NHIN.

As for Google and Microsoft, the winner will be whichever one decides not to be a roach motel and to work with providers and health plans on the free, two-way flow of information for patients who request it. It seems that Microsoft's business model is actually better designed to accomplish this, because they are not trying to be a portal to access information or capture eyeballs the way Google is. They are trying to be a neutral repository of data and a conduit for the flow of information into and out of it. At least, that's the line that I've heard. Maybe it's not the reality.

The problem is not about HIPAA or not HIPAA. The problem is centralizing the medical information of millions of patients in a database. Do you know how much value has that database?

When you have a very valuable thing you need more and more efforts to protect the thing. But there is no 100% secure system.

As a family doctor I am really concerned about the privacy threats of the Personal Health Records.

I lead a PHR project: http://www.keyose.com/

It is the first totally anonymous personal health record. No name, no email or other identification data required.

By providing a anonymous database we solve the privacy equation: not by rising the security costs but decreasing the potential value of our database for non-authorized intruders.

You may take a look...

"Confessors will not ask your name. Why do we?"