Two of the nation’s leading medical researchers recently published an article that warns of new challenges that are likely to become raised when large non-medical companies, such as Google and Microsoft, become involved with the online storage of personal health records.

The doctors, Kenneth D. Mandl and Isaac S. Kohane, are both researchers and physicians at Children’s Hospital Boston, Harvard Medical School’s primary teaching hospital for pediatrics.  In their article, published in the New England Journal of Medicine, the researchers suggest the inevitability of a “seismic change” in the way personal medical records will be stored and accessed if they are posted online, a change bringing implications of stewardship and control issues that have yet to be addressed thoroughly.

Patient medical records are currently kept within the healthcare system that generates them.  This information can be shared with other entities as long as some stringent federal guidelines are maintained.  Researchers can access patient records, too, but they have no access to personal identities or other information that might identify a specific individual.

Individual patients, too, can obtain copies of their own medical records but few do.  Records can be scattered from one healthcare facility to another, depending upon the individual patient’s medical history, and the very process of getting one’s own medical records is so cumbersome it dissuades many people from doing so.

It’s the Health Insurance Portability and Accountability Act (HIPAA) that keeps such close tabs on a person’s medical records.  HIPAA became law in 1996, before entities such as Google and Microsoft considered the possibility of storing personal health records online.

The researchers are not opposed entirely to the concept of storing medical records online.  They just see the need for a system of safeguards to be established to regulate contracts and maintain certification standards.  They suggest possibly extending the scope of the current HIPAA law and developing programs for consumer education.  One fear is that making medical data easily accessed by the patients themselves will only make them more vulnerable to false advertising and questionable marketing practices devised to harvest patient data.

Peter Neupert, however, balks at the idea of extending HIPAA’s reach.  Neupert is a Microsoft vice president responsible for the company’s health group who claims to admire the two researchers.

Neupert’s objections stem from the way the limited paternalism suggested by the researchers can be manipulated.  He suggests a third-party review process, much like an outside auditor reviews financial data.  He feels this third-party review system will be instrumental in earning public trust for online storage of private medical information.