Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Council Teleconference: Application Rationalization — Hidden Costs and Smart Decisions
November 17 at 11:00 am US/Eastern (GMT-5)
Join Honorio Padrón, of The Hackett Group, who will share the drivers for companies to tackle application rationalization and the results of research that define the hidden cost of complexity. Additionally, we will discuss key decision milestones—to start or not, holding the course steady and fulfilling expectations.
Virtual Desktop Cost-Benefit Analysis — Michael Jacobs, Catlin Group
The analysis contained in this presentation measures the cost of everything from the machines and licenses to the infrastructure for virtual vs. traditional desktop environments.
Honor your best senior team members - Apply for the CIO Ones to Watch Award
Get well-earned public recognition for your top up-and-coming team members, your IT organization and your enterprise. Award winners will be announced, publicized and feted in May 2010, great timing to help attract new IT recruits to your company.
Learn more about the CIO Executive Council »October 15, 2006 — CIO —
Privacy rules don’t always cover popular personal health records.
In 1999, WebMD started offering an online "personal health record," or PHR, to help consumers record, store and transport their medical information to any doctor or hospital. Today, the $168 million provider of online healthcare information works with clients such as Microsoft, Starbucks and health benefits company Wellpoint to gather employee health information and import insurance claim data into the personal digital records.
PHRs offer numerous advantages. For example, Microsoft employees can go to their company’s healthcare portal to conduct online health risk assessments and create personal health records. They can also find healthcare providers in their area and some even have the ability to incorporate information from labs and other sources into their record. Over the past several years, smaller companies including FollowMe, Laxor and Medem have sprung up to offer similar services. PHRs are not replacing EMRs but they are growing in popularity, especially since large corporations have started offering them to employees.
As interest in PHRs grows, however, some doctors and privacy advocates question whether such digital repositories are covered by federal privacy regulations. "Organizations that operate the PHR may not be covered by HIPAA," says Paul Tang, VP chief medical information officer at Palo Alto Medical Foundation. "The people who own the databases that hold your medical records are not regulated by HIPAA in terms of what they do with the data." Tang’s concern is that third-party PHR providers are not technically governed by HIPAA so they don’t have to comply with it, even though many say they do.
A spokesman for the Department of Health and Human Services acknowledges that PHRs are not technically covered by HIPAA. However, organizations that maintain PHRs and are themselves covered under HIPAA (health plans and healthcare providers, for example) are subject to compliance. But certain types of entities that provide PHRs may not be covered by HIPAA. HHS is examining privacy and security issues related to PHRs, and considering what steps need to be taken.
Craig Froude, WebMD’s executive vice president of health services, says PHRs are private and secure because the companies that WebMD works with are covered under HIPAA. "We’re compliant and our clients are compliant," he says. WebMD’s privacy policy states that it abides by HIPAA guidelines, even though it is not technically covered by the regulation. This means that WebMD agrees not to sell or release personal healthcare information.
However, other PHR providers may not have such stringent privacy guidelines. "As a consumer, you will need to read the privacy policy of any group providing a PHR," Froude says.