DC Medical Malpractice & Patient Safety Blog

There’s an app for that.

Ever since Apple claimed primacy over the smartphone universe, we’ve all become familiar with that refrain. And as noted in a recent report on NPR, mobile medical applications are hot property. Even the stodgy American Medical Association (AMA) has introduced an iPhone app that keeps track of your medications.

It’s all good. Or is it?

We’ve discussed the benefits of electronic medical records. But when it comes to apps, as convenient as such medical assistants might be, there is reason to be concerned about breaches of privacy. That might not induce worry if your techno assistant is helping you adhere to a healthful diet, but some monitor blood sugar, blood pressure and screen for depression. Are you comfortable with strangers having that information?

Medical apps aren't covered by HIPAA, the federal privacy law that controls how doctors and health-care providers store and share patient health information. "They are offering to store and share some pretty sensitive information," Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, told NPR.

Because of that hole in the law, what you consider private, personal information might be little more than marketing data to a medical app manufacturer. As McGraw said, "If their privacy policy says, 'From time to time we will share your information with advertisers,' they can do that."

And what if you lose your phone? What if it’s stolen? What if you share your phone so someone else can peruse your photos—what’s to prevent him or her from perusing other information you might otherwise choose to keep private?

Some app developers, including the AMA’s, offer password protection. That’s good but not impenetrable. Here’s what the AMA app disclaims:

When you purchase this application, you will be responsible for protecting the privacy and security of the information that you enter, and for deciding who to disclose, and give access to, the information. The AMA assumes no responsibility, and shall have no liability, for protecting the privacy or security of the information entered in the application or shared with others either intentionally or unintentionally.

Some med apps invite users to share their medication info with their doctors, pharmacist, family, etc., via email, but anyone who hasn’t recently moved here from Jupiter knows that email is hackable. And who hasn’t made the mistake of sending an email to the wrong recipient? A survey of doctors’ email habits concluded that most didn’t even follow AMA email protocol.

You’d think oversight of med app privacy would fall to the FDA, but last summer that agency was considering limiting its watch-dogging to apps that “could present a risk to patients if the apps don’t work as intended.” If it’s a consumer convenience and not a medical device intended for treatment, the FDA is going to pass.

That leaves the protection of your privacy up to you. In the era of sharing, of Facebook, of tweeting every thought that crosses your mind, the security of medical information seems awfully vulnerable.

Last week, the New York Times summed up pretty well what a lot of people have been thinking: “Poorly designed, hard-to-use computerized health records are a threat to patient safety, and an independent agency should be set up to investigate injuries and deaths linked to health information technology, according to a federal study…”

The paper was referring to “Health IT and Patient Safety: Building Safer Systems for Better Care," a report by the Institute of Medicine (IOM) calling for greater oversight of health-care technologies.

The U.S. Department of Health and Human Services (HHS) requested the IOM to evaluate electronic health records in the first place out of concern that some such products raised safety risks for patients. Practitioners were wondering if the boom in digital record-keeping is fostering a rash of medical errors thanks to balky, difficult or malfunctioning technology.

The report doesn’t decry the move – for reasons of both cost and care efficiency – from paper to electronic records, it just emphasizes that oversight must be part of the deal: “To achieve better health care, a robust infrastructure that supports learning and improving the safety of health IT is essential. Proactive steps must be taken to ensure that health IT is developed and implemented with safety as a primary focus. If appropriately implemented, health IT can help improve health care providers’ performance, better communication between patients and providers, and enhance patient safety, which ultimately may lead to better care for Americans.”

The IOM said an investigative agency -- like the National Transportation Safety Board, which investigates airline accidents and examines safety issues -- should be established for health-care technology. And that it should include tracking the safety performance of electronic health records.

So far, such efforts have yielded mixed results: There are tales of success, such as hospitals that use computerized, bar-coded prescription systems, but also tales of patient harm, such as delayed treatment due to lost data and/or problems with human-computer communication.

The IOM advised the Department of Health and Human Services (HHS) to devise a plan within 12 months to monitor patient safety risks associated with health IT, and to report on that progress every year. If, within a year, such progress is insufficient, the scientists’ group said the FDA should regulate these technologies, and that the agency should start planning for that now.

The IOM report is big on transparency. It is the government’s job to ensure that the private sector demonstrates concern for consumers by freely exchanging information about product use, “including details relating to patient safety.” You can’t establish a body of knowledge and develop a functioning market of safe products if you don’t share details of their risks.

This is thwarted today by the common practice of including nondisclosure clauses in contracts with vendors of IT health products. Such provisions impede efforts to improve safety by discouraging users from sharing information.

The report notes that clauses that limit liability (known as “hold harmless”) also undermine best-product practice by shifting liability “from the vendor to the users when an adverse event occurs.” As the story in The Times said, “Such language often limits the freedom of doctors and hospitals to publicly raise questions about software errors or defects.”

No one wants to stifle technological developments or the will to manage health care more efficiently. The key, as the IOM says, is to foster innovation without compromising safety.

Check out this graphic display of some of the statistics of hospital hazards. Infections, malpractice, errors due to poor record keeping, medication errors, mistakes due to sleep deprivation of trainee doctors: It's all displayed here, courtesy of a group called Medical Billing and Coding Certification.

Pharmaceutical companies love dish about doctors and patients almost as much as they love drug profits. One source of information they like to plunder to expand their markets is doctors’ prescribing histories. These “who,” “what,” “why” reports are one component of so-called “data mining” that has gotten much attention lately as a sometimes sneaky way to unearth potentially sensitive information.

The companies buy the reports from prescription drug intermediary (PDI) agencies that, as explained in an article in the New England Journal of Medicine, collect the prescription records from pharmacies and link them to physician information purchased from the American Medical Association.

Pharma sales representatives crunch the numbers in order to refine their sales pitches when they visit doctors’ offices. Critics of this process, known as “detailing,” claim that it:

• raises costs by increasing the use of brand-name drugs;


• jeopardizes patient safety through wider uses of drugs that haven't been studied appropriately; and


• compromises the privacy of doctors and their patients.

As the NEJM writers note, several states have passed laws to curtail detailing and restrict PDIs from providing prescribing information that identifies physicians. One PDI/pharma effort challenged a law in Vermont that prohibited pharmacies and PDIs from selling/licensing/exchanging prescriber-identifiable prescription information and from permitting its use for drug promotion. The case ended up in the U.S. Supreme Court on the claim that it unconstitutionally restricted free speech.

How information that is supposed to be private between a doctor and a patient can qualify as free speech seems preposterous on its face, but the court ruled in favor of the commercial interests in a long and carefully parsed finding that Vermont was biased against detailers and their free speech.

The authors of the NEJM article looked at both sides of the issue. “If laws like Vermont’s were to become widespread,” they wrote, “they would undercut pharmaceutical companies’ ability to detail physicians effectively, with the probable consequence that detailing would be greatly reduced. Although this outcome might well reduce the cost of prescription drugs, it would also reduce the amount of information that doctors receive. … detailing can have educational value. For all its problems, detailing — like its troublesome cousin, direct-to-consumer advertising — is probably of some benefit to patients.”

They explain that PDI databases are used to benefit public health as research material, and if PDIs were deprived of data-mining income, they might not invest in keeping such complete records. They also explain that landmark legislation to protect patient privacy remains strong. “[T]he Court defended the patient privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, noting that HIPAA imposed a general ban on disclosure except in ‘a few narrow and well-justified circumstances.’ Although the Court did little to define the boundary between unconstitutional laws such as Vermont’s and sacrosanct ones such as HIPAA, it is clear that some restrictions on data sales will, if tailored finely and fueled by strong governmental interests, survive.”

The writers suggest that data-mining prohibitions could survive judicial scrutiny if they:

• broaden the ban so as not to finger only drug marketers; and


• sharpen the focus on privacy issues.

In other words, the authors found reason for hope that this one decision does not establish an impenetrable precedent for commerce to boost drug costs, pose a threat to public safety and invade private files.

Of course, doctors can always close their doors to sales reps, but that’s more pipe dream than likelihood. Because even if doctors are as loath to open their files to Big Pharma as the industry is hungry for the information, and even if doctors know that a sales pitch is less than objective, they still can learn something new, and they value the free samples.

If you’re concerned about this issue, and your doctor prescribes a drug:

• Ask if there is a generic option, and if it’s suitable for you.


• Ask if he or she embraces the AMA’s Physician Data Restriction Program (PDRP), which allows doctors to withhold prescribing data from sales reps but still share it for research purposes. According the NEJM, only 4% of physicians have signed on, probably because “the AMA’s financial interests cut against strongly promoting the program.”


• Tell him or her that you’re uncomfortable with your drug history being shared, and request that he or she not entertain pharmaceutical sales calls.

These measures alone probably won’t change anybody’s practice, but they will let your caregiver know that you’re informed and concerned. And that you can always find another doctor.

Here's a case that opens a window on how tabloid newspapers get intimate details of celebrity's medical lives: They pay hospital employees to rifle through private medical records.

The University of California, Los Angeles (UCLA) Health System has agreed to pay the federal government $865,000 to resolve allegations that its employees violated patient privacy, according to investigative journalists at ProPublica.

Between 2005 and 2008, UCLA employees repeatedly snooped in patient medical records, including those of celebrity patients Farah Fawcett, Britney Spears, Michael Jackson and former California first lady Maria Shriver. ProPublica had reported earlier how Fawcett (now deceased) had set up a sting operation to catch leaks to the National Enquirer about her cancer. In 2010, a former UCLA employee pleaded guilty to four counts of illegally reading private and confidential medical records.

The agreement with the U.S. Department of Health and Human Services requires UCLA to train health system employees who have access to patient records, to sanction those who break the rules of the Health Insurance Portabilityand Accountability Act (HIPAA) and to assign an independent monitor to assess its compliance for three years.

One person, two scenarios: the first almost effortless, the second chock-full of hassles. And with those hassles comes the danger of a malpractice event and a preventable patient injury. Consider:

Our Patient -- we'll call her OP -- had an appointment for a chest X-ray in the morning, and an appointment for a blood draw in the afternoon. The radiologist was on time, the procedure took mere minutes and it required only a small co-pay. Can a medical visit get any better?

Yes! When OP asked for a copy of the image for her own records, the office manager offered to put it online via an IT service that manages their office records on the cloud--an Internet data storage system accessed by log-in, enabling patients and doctors to share information.

Now for Scenario No. 2: After Our Patient had the blood drawn at the doctor's office, she was told to wait three days before calling for the lab results. When she asked that copies of the whole blood panel be sent to her for her records, she was told there would a processing charge unless she wished to make an appointment to make her own copies at the office. There was no option for online file sharing.

Lots of patients at that point would say to heck with it and would skip getting the lab results, with possible negative consequences for their health if the results showed something abnormal and the test result slipped through the cracks at the office of the ordering doctor -- a frequent problem with offices deluged with paper test results.

Last autumn, we reported about a study by the Institute of Medicine (IOM) to identify best policies and practices for improving health-care safety and reducing malpractice when using electronic health records. Its focus is the prevention of health IT-related errors, rapid reporting of patient safety concerns and methods to promote safety-enhancing features of electronic health records. Although the study results and recommendations are several months away, electronic record-keeping remains front and center.

Despite a vigorous campaign by the federal government and some large health-care providers to move the nation’s patient records from the Jurassic Age of paper to the Electronic Age of digital communication, most physicians and clinics have been slow to embrace the transfer. Apart from radiology, which the Los Angeles Times notes leads the digital charge, there are two overriding reasons for the health-care establishments to lag other industries in digital record-keeping.

The concern for patient privacy resonates with many people, especially in light of what seem to be daily disclosures of hackers compromising the customer data base of a bank, a social media platform, a large retailer… Both health-care providers and patients rightfully wonder about privacy and security.

The second impediment to efficiently computerizing medical records reflects the labyrinthian nature of codifying a wide variety of medical specialties and medical office practices to be organized by a myriad of IT companies vying for the business. According to MarketWatch, “Critics say the architects of the plan left out a means of ensuring that the systems in the emerging patchwork of proprietary software will be able talk to each other. On top of that, the very act of digitizing millions of patient histories represents a technological leap for the legions of doctors who remain attached to paper record-keeping.”

Because health care represents one-sixth of federal spending, and because, according to federal estimates, 80% of doctors and hospitals had yet to embrace even rudimentary measures to computerize records, the federal economic stimulus in 2009 included incentives for doctors to digitize their records. It’s hardly been a resounding success, and one physician’s experience might indicate why: His practice purchased a system from a small vendor for $400,00 ($80,000 per doctor), but looks to recover only one-sixth of the cost from the feds. “There’s no uniform code by which the medical community is operating, and no widely used software standard like Microsoft’s Windows being used,” MarketWatch reported.

So it might be a while before patients and their caregivers can access all of their records with efficiency and security. If you are considering keeping and transferring your records in electronic form, here, according to the Los Angeles Times, is what you need to ask to ensure they’re secure:

• *Is the IT company managing the records legitimate? Find out from the practitioner or facility that recommended it whether they have a "business associate agreement" with the vendor. This is a contract required by the federal Health Insurance Portability and Accountability Act (HIPAA), which spells out when health-care providers may share protected health information with other people or companies. The details of how that information is secured are established in a business associate agreement. Such a contract signals that the company that stores your medical information is HIPAA-compliant and that your privacy is being protected.


• *Will your data will be stored in the United States? Will all information will be encrypted before being sent across the network? “Yes” is the only acceptable answer to both.


• *Is contact information available on the vendor’s website? If the company’s site does not include staff member names, a company address and telephone number, decline its services.


• *What happens if something goes wrong? If the company goes bankrupt or is acquired by another, what happens to your data and who owns it? If the contingency isn’t clear or treats your records like a tradable commodity, decline its services.

Article first published as The Too-Slow Evolution of Electronic Medical Records on Technorati.

Medication errors in a hospital’s psychiatric unit were cut drastically with two techniques: an electronic prescription drug ordering system and a computerized method to report adverse events, according to new research from Johns Hopkins University.

The leader of the study, Geetha Jayaram, MD, MBA, an associate professor of psychiatry and behavioral sciences at Johns Hopkins School of Medicine, says that “with the use of electronic ordering, training of personnel and standardized information technology systems, it is possible to eliminate dangerous medication errors” altogether.

The findings published in the March issue of the Journal of Psychiatric Practice illustrate how the psychiatric unit at The Johns Hopkins Hospital in Baltimore went from a medication error rate of 27.89 per 1,000 patient days in 2003 to 3.43 per 1,000 patient days in 2007. And none of the medication errors during the study period caused death or serious, permanent harm, Javaram notes.

“Having something typed eliminates bad writing — and most errors — immediately,” she says. “It’s a good reason for going electronic.” Medication errors, which can be lethal, are known to be caused by illegible handwriting, misinterpretation of orders, fatigue on the part of medical personnel, pharmacy dispensing errors and administration mistakes. A pharmacy may misread what a physician has written or give the wrong medication or the wrong drug dose to a patient.

The computer program used in the psychiatric department also includes integrated decision support for drug dosage selection, drug allergy alerts, drug interactions, patient identifiers and monitoring — things that can be lost with a manual system that relies on layers of human beings to ensure the correct decisions are made, Jayaram says. The more the number of steps involved in the process, the greater the likelihood of mistakes.

Source: Scienceblog

You can read the complete study here.

The Institute of Medicine (IOM) will conduct a year-long study to identify best policies and practices for improving healthcare safety and reducing malpractice when using electronic health records. The study will focus on prevention of health IT-related errors, rapid reporting of patient safety concerns and methods to promote safety-enhancing features of electronic health records.

After reviewing the available evidence about how health information technology (HIT) affects patient safety and care, the study will issue recommendations to maximize the safety of HIT-assisted health care services. In addition, the study will discuss the potential effects of government and private sector HIT efforts.

Highlights of the study are expected to include:

• Summary of existing knowledge of the effects of HIT on patient safety;
• Identifying approaches to promote the safety-enhancing features of HIT while protecting patients from any safety problems associated with HIT;
• Identifying approaches for preventing HIT-related patient safety problems before they occur;
• Identifying approaches for surveillance and reporting activities to bring about rapid detection and correction of patient safety problems;
• Addressing the potential roles of private sector entities such as accrediting and certification bodies as well as patient safety organizations and professional and trade associations; and
• Discussion of existing authorities and potential roles for key federal agencies, including the Food and Drug Administration (FDA), the Agency for Healthcare Research and Quality (AHRQ), and the Centers for Medicare & Medicaid Services (CMS).

The study will be carried out under a $989,000 contract announced today by the Office of the National Coordinator for Health Information Technology, the agency charged with coordinating U.S. government HIT efforts.

Source: Earth Times

You'll find more information about the Institute of Medicine’s activities and projects here.

Many patients (and a few doctors) continue to be amazed that the law requires that patients be able to obtain a copy of their own medical records. And reading them is good for your health, I and other patient safety advocates maintain.

Here's what I wrote on a New York Times blog about this:

Getting and reading your own medical records is Step One of the advice I give patients to become involved, intelligent, and actrive in their own care. There are at least three things the patient learns:

1. Am I communicating well with this doctor? Is the history of my problems recorded in the records recognizable to me and reasonably complete?

2. Is there some lab test result that I need to know about where the communications has fallen through the cracks somehow?

3. Are there any errors that need correcting?

These are vital questions that help patients get to the right doctor and make sure tragedies don’t occur. Top providers like Brigham & Women’s Hospital, the Cleveland Clinic and the Veterans system make it easy for patients to read their own records online. Eventually, we will all read our records routinely, and we’ll be healthier for it.

Read comments from other Times' readers here.

A lot of doctors fret about patients reading over their shoulders, but as a non-physician who reads medical records every day, I can say without doubt: It's a good thing.

One hundred thousand preventable deaths from medical errors in hospitals each year: That is the usual statistic cited by patient safety advocates. It comes from a 10-year-old report issued by the Institute of Medicine of the National Academy of Sciences. The fact is, though, that the death and injury rate could be substantially higher. No one is sure, because no one is counting "adverse events" in a rigorous, systematic way, and evidence keeps piling up that hospitals under-report these events to health authorities and worse, cover them up.

An investigation by the New York Daily News of the city's municipal hospital system -- with eleven hospitals and 1.1 million patients treated last year, the nation's busiest city-run system -- found dozens of examples of failures to report egregious errors, and subsequent cover-ups including alteration of medical records to make it look like nothing had gone wrong.

The Daily News reported:

The coverups hid a trail of human suffering among patients who were maimed and relatives who were never told the truth about how their loved ones died or were injured unnecessarily.

The newspaper found a pattern of failures by state health authorities to act on evidence of fraudulent behavior in covering up the injuries. Moreover, it found that the state reporting agency itself was dysfuctional. According to the article:

The state is supposed to track and analyze all medical incidents and implement improvements. The problem is this oversight system — the New York Patient Occurrence Reporting and Tracking System (NYPORTS) — is a disaster.

Since 1999, all New York hospitals have been required to self-report a long list of medical incidents to NYPORTS, which in turn analyzes the incidents and implements patient safety reform.

Sunday NYPORTS barely functions. The Statewide Council that oversees it hasn't met in more than two years. Though NYPORTS is supposed to release "annual" reports, the last one filed is dated 2004.

To avoid needless injury, patients have to be vigilant about their own health care. That is why I wrote my book, "The Life You Save," which lays out a system of nine simple steps for patients to follow to get the best medical care and avoid the too-frequent disasters that happen in our fragmented care system.

A column in the New York Times by Pauline Chen, M.D., relates how a colleague of hers named "Ed" crashed and burned on his way to becoming a general surgeon, seemingly because of his difficulty in learning from his own mistakes.

The blog comments by both doctors and patients are revealing. Many make the point that physicians can deal with the stresses of medical practice, and become better at their craft, by being less obsessed with perfection and more open to working with others in a supportive, teamwork environment. I particularly enjoyed a comment (No. 121) from "Susan," that linked the issue to the recent story by Jane Gross in the Times about the Sisters of St. Joseph near Rochester, New York, who have figured out that putting the patient's wishes at the heart of the enterprise makes for more humane and better health care.

Here is the comment I posted on the Times' site:

Susan’s comment is right on target. A team ethic, and the recognition that “we’re all in this together” — patients included, goes a long way toward making the inevitable small mistakes a teaching moment rather than one step toward a disaster for the patient. And when disaster does happen, honesty is always the best policy. I represent patients in lawsuits against hospitals and doctors, and can say emphatically that the medical industry could greatly reduce its exposure to legal actions if hospitals and doctors would just respond with maturity and complete candor when mistakes happen.

One more change in philosophy could help reduce the toll of medical error. If patients were more involved at every step of the process, we could help nip a lot of disasters in the bud and get better care for ourselves and loved ones. There is much that we can do, starting with reading our own medical records. I just wrote a book about this called “The Life You Save: Nine Steps to Finding the Best Medical Care — and Avoiding the Worst.” Chapter One can be read at http://www.lifeyousave.com.

Evidence continues to pile up for why patients need to read their own medical records. A new study finds it is distressingly common for primary care practices, especially big ones, to fail to inform patients about abnormal test results.

The study was published in the Archives of Internal Medicine and was reported by Nicholas Bakalar in the New York Times. The study was also featured in Tara Parker-Pope's "Well" blog at the Times, which features a number of horror story comments by readers.

Overall, the study found seven times out of 100, abnormal test results were not conveyed to patients. In two large primary care practices, one in four abnormal test results were never mentioned to the patient.

Bottom line: Patients who don't hear back the results of their testing can never assume that no news is good news. People need to ask for a copy of their test results from either the doctor's office or the lab where the test was done.

Getting and reading your own medical records is Step One in the nine-step system I recommend for getting the best medical care, in my book, "The Life You Save: Nine Steps to Finding the Best Medical Care -- and Avoiding the Worst."

The NY Times Well blog has a podcast of Dr. John Hickner, professor of family medicine at the University of Chicago, discussing why patients should always call their doctors to follow up after having a medical test done.

We have previously discussed the issue of medical test results getting lost in transmission: the patient will expect the doctor to call if there is bad news, and will feel reassured if he or she hears nothing, while the doctor's office will wait for the curious patient to contact them, or will simply forget, and the patient "falls through the cracks." As a result, the patient may not hear about important test results.

The best way for patients to deal with this is to remember to call their doctors after testing and keep in mind that no news is not necessarily good news.

Another thing that patients can do is always ask the testing facility for a copy of the test results. Some laboratories and radiology offices resist this, but every patient has a right to their own records.

Serious injuries can happen to patients from delayed treatment due to these failures of communication, so it's important for patients to be pro-active about their test results.

A new study from the journal Quality and Safety in Health Care, and discussed in the NY Times Well blog, reveals common testing mistakes by primary-care doctors. Of course, the same kinds of errors can happen in hospitals and other health care settings.

Out of close to the 1,000 mistakes experienced by 590 patients, the following testing mistakes were the most common:

-13% involved ordering the wrong test or failing to order a test

-18% involved performing the right test, but doing it improperly

-25% involved delays in getting tests back from the laboratory, failure to get the tests back at all, or errors on the results report

-7% involved failing to follow up with patients after receiving results from the laboratory

-75% of the mistakes caused the patient to suffer (through delays in proper treatment, greater expense, physical pain or worsened overall health).

What can a patient do about this? A possible solution would be to carefully ask and write down what specific test your doctor has ordered for you. Ask when the results of the test are expected from the lab. Then make sure you call to follow up after the doctor's office should have received the results. Read the results report, if you can get hold of it, to see the name of the test and make sure that the results are for the same test that was ordered and performed. All of these things might help reduce your risk. Calling the doctor to follow up is probably the most important item on the list, as Dr. Lamberts says in his quotation in the linked NY Times blog post.

Alisa Miller at Nursing Online Education Database has an article on how to start taking control of your health records. "Taking control" in this case means storing, updating and sharing them in a way that is convenient for you.

The article is chock-full of useful links on the following subjects:

-what are the options for electronic health records, how they work and how you can use them

-which resources for medical record storage are available for free

-which resources for medical record storage are available, but charge money

-which services are available for people with specialized illnesses or needs

-which services are available for health care professionals

Checking the article out and browsing the links would be very helpful for anyone interested in learning more about these topics. Getting and reading your own medical records is a key step in making sure you receive high quality medical care.

Tara Parker-Pope has an article on the privacy implications of big companies like Microsoft and Google entering the medical records storage business. We have discussed this issue before, stressing the importance of patients needing convenient access to all of their medical records.

Parker-Pope, however, discusses a potential downside to this development: a loss of privacy for patients. Violations of medical privacy have been in the news lately. See, for instance, UCLA Medical Centers' employees' violations of the privacy of several well-known patients. If data is stored in Web-based systems by the same companies that track users' online activities, what kind of privacy can patients expect? These concerns become even more pressing when you consider that HIPAA--the law that guards patient privacy--did not anticipate and most likely will not apply to these proposed personalized Web-based systems. As Parker-Pope comments:

Even more surprising is the response of Peter Neupert, the vice president in charge of Microsoft’s health group, who resisted the suggestion of extending Hipaa to newcomers like Microsoft and Google.

This resistance is predictable but disturbing, to say the least. Privacy should be a huge concern for both creators and users of these systems, and customers should insist on Google and Microsoft addressing these issues.