Google’s entry into PHRs raises concerns. Sources: www.shore.com

The pilot program, sponsored by Google and Cleveland Clinic, which intends to put patients in charge of their own medical records, has raised privacy and data security concerns for some privacy advocates.

The pilot, an invitation-only opportunity offered to a group of Cleveland Clinic personal health record (PHR) users, plans to enroll between 1,500 and 10,000 patients. It will test secure exchange of patient medical record data such as prescriptions, conditions and allergies between their Cleveland Clinic PHR to a secure Google profile in a live clinical delivery setting, according to both companies.

The goal of the patient-centered and controlled model is to give patients the ability to interact with multiple physicians, healthcare service providers and pharmacies, according to the Cleveland Clinic.

Greg Sterling, an analyst at Sterling Market Intelligence in San Francisco, calls Google's initiative a "good idea." But, he adds, "the problem and the challenge arise in the context of consumer privacy and data security," reported USAToday. Both Microsoft and Google have given assurances that all data will be protected and will remain privately controlled by each individual.

Every day, patients who go to the hospital are forced "to become their own medical historians," C. Martin Harris of the Cleveland Clinic said, USAToday reported. "They have to record information from one physician and transmit it and communicate it to another physician. If they don't do that accurately, it can be dangerous."

The benefits of such a system outweigh the risks, added Peter Neupert, vice president of the health solutions group at Microsoft. "In today's paper-based, fragmented, disconnected health system, bad things happen all the time."

But critics worry that the risk of sensitive medical information falling into the wrong hands such as those at insurance companies, employers, drug companies and marketers is too great.

Robert Gellmand, a privacy and information policy consultant in Washington, D.C., said that when people put their records online, they're no longer protected by that law. Gellman issued a report for the World Privacy Forum critical of the PHR companies, USAToday reported. Even if companies have good intentions, they could be forced to turn over material if, for instance, they're subpoenaed, Gellman said.

Sterling added that even companies that promise privacy exist in a world where data breaches happen. "Unless or until there are legal protections and punishments, this kind of thing is of great concern," he said, according to USAToday.