Google and Microsoft access and storage of PHRs could bring seismic change in industry. Source: Collective Solutions

Commercial online personal health record (PHR) services could have significant effects on how clinical research is conducted and raise new issues with the storage of private patient health data, according to an article published April 17 in the New England Journal of Medicine (NEJM).

Kenneth D. Mandl, MD, MPH, and Isaac S. Kohane, MD, PhD, both physicians and researchers at Harvard Medical School's Children's Hospital Boston, said that medical professionals and lawmakers have not yet considered the implications of companies like Google and Microsoft having large amounts of private medical information.

According to the authors, the companies have the potential to bring "a seismic change" in how those data are managed and used.

“Technology companies such as Google and Microsoft see business opportunities, whereas Fortune 100 companies see efficiencies and cost savings when patients can securely store, access, augment, and share their own copy of electronic health information,” the authors wrote.

Mandl and Kohane expressed concern that the control of health information, which is driven largely by a need to provide assistance with clinical care processes, will also profoundly affect the biomedical research enterprise.

Most patient records currently exist within the health system, and federal regulations mandate how such information can be shared among health organizations and insurers and how much can be used by researchers, according to the New York Times.

However, in the article, Mandl and Kohane describe the development of a new "personalized, health information economy" in which patients are able to notify their hospitals, physicians and care providers which information to send to their PHRs and decide with whom and how to share that information.

The authors warn that because technology companies like Microsoft and Google are not under the purview of HIPAA medical privacy rules, consumer control of PHRs could open up access to patient information and raise the possibility of marketing and false advertising efforts by outside parties, the NY Times reported.

Mandl and Kohane said they are enthusiastic about the potential benefits of online PHRs but suggested that stricter patient information privacy standards be required, including an extension of HIPAA medical privacy rules to cover online data-sharing providers, certification standards and patient education programs.