This Week in Elder News: 15 March 2008
You’re Never Too Old to Rock ‘n’ Roll

Online Electronic Health Records

category_bug_journal2.gif Medical errors could be reduced, efficiency could be enhanced and costs reduced if physicians and hospitals stored patient health records electronically. Nevertheless, medical and health facilities have been slow adopters and so far, there hasn’t been much forward motion to standardize the technologies and software that do exist.

Even though the health industry, the federal government and EHR (Electronic Health Records) proponents have discussed electronic storage for years, most of what can be found on the web are mind-numbing papers and reports that could interest only a policy wonk. And little has been done.

Into this breach have leapt corporate technology behemoths Microsoft and Google. Microsoft’s HealthVault is online now and GoogleHealth is expected to launch at mid-year.

In an effort to see for myself what these websites look like and how they operate, I intended to create an account at HealthVault. I was thwarted by the requirement to use only Microsoft’s proprietary Windows Live ID. I once signed up for it, so I tried to log in but had forgotten my password. Following the instructions twice to recover it by email (this was on Saturday), I am still waiting this morning for Microsoft’s message to arrive.

I’m all for tight security, particularly on a health records website, but this is going too far, and Microsoft doesn’t give a lot of information about HealthVault without an account. Generally, it appears, you can upload health records and use certain health monitoring devices to upload readings. And, you can give access to physicians, family and others you select.

From what I can tell without an account, Microsoft’s HealthVault is a free service. Google, which is currently running a beta test with the Cleveland Clinic, has announced that some features will require a paid subscription.

Online health records services are controversial, particularly in regard to security. It is not encouraging to read that when Google announced GoogleHealth and was questioned about the possibility of an employer firing a worker after finding health records online, Google advisor and CEO of non-profit HealthTech, Dr. Molly Coye, replied,

"But those are human actions. They have nothing to do with the technology."
- USA Today, 26 February 2008

Perhaps Dr. Coye should stick to medicine; the whole idea is that technology be secure enough to prevent unauthorized access and adverse “human actions.”

With a bit of searching, I discovered WorldMedCard, another health records service that is free, HIPAA compliant (which neither Microsoft nor Google mention, that I can find) and is owned by VR Surgeon, Inc. about which I can find no information.

But it is helpful, if you don’t have a Microsoft Live ID, to get an idea of what the online record storage system might look like. The site has a good set of screenshots from a link on the home page which you can view without an account.

For convenience, safety, cost containment and efficiency, EHR is an idea whose time is long past due but as much as I'd like to have all my scattered records in one place, nothing I’ve read convinces me that online storage is secure enough yet for me to participate.

[At The Elder Storytelling Place today, Claire Jean tells of learning a new skill at age 50 in Esther Williams Revered.]


Electronic medical records are extremely important in assuring consistency of care in any population but particularly in elders. If done correctly: hospitals, doctors, and patients, this allows for true coordination in care. It also assures that medicines are not duplicated or have interactions. All EMRs within health systems are HIPAA compliant and are secure. I personally fear posting of health records on public domains such as Google.

I can attest to this need if done correctly. My mom is 94. She cannot remember her medicines or her history. She went to the emergency room of a local hospital and they pulled her up on their screen, and were able to connect to her medical doctor's record of her history also. So they were up to date with everything and even better, so was her doctor. All done in real time.

Where I work, we have EMR across a continuum of care: doctors offices, assisted living, home care and even hospitals with whom we have partnered. And the people who live here have online access to their medical records. They can grant their spouse or child access also. Everything is password protected. Knowledge is power. Knowing your own history, being able to even print it, is incredibly empowering. And even though most people here had not had access to Internet or computers, most make use of this tool as they learn to adapt to this technology.

I cannot say enough about this. Good post Ronni. Happy to have this discussion going!!

As a medical professional for the past 30+ years, I worry for readers. The opening sentence is the marketing pitch for EMRs, but is not what the evidence shows. There are very real reasons why the medical community and professionals are not rushing to adopt these, and it isn't their incompetence, nor simply concerns over security.
Also, it is important to know that NO third-party EMR service that isn't your care provider is bound by HIPAA (NONE of those listed above), regardless of what they may claim or promise. For elderly or anyone who feels they need EMR,they or their family would be strongly advised to use one of the electronic softwares that you control, versus the information stored on an outside server.

Has anyone had experience with this site?

I don't have much time to look at it this morning, but it looks promising...

Many of us do not accurately remember everything about when we had shots, etc. I carry an Excel file on my TREO that has my own version of my healthcare/dental history (and separate worksheets for provider information (name/address/phone/specialty), URLs of insurance/health care provider web sites, medication/supplements that I currently take, blood history (mostly lipid panels), and blood donation history. If I need to know when I had my last tetanus shot (or whatever), it is simple for me to look it up--assuming that I have my TREO phone/PDA with me. Obviously, the same file is available on my home computer since the two are synchronized every couple of days.

Ronnie, are you completely INSANE!???? Have you just been hired to shill for Big Brother?

Folks: Do you really want your personal records, your genetic code, every medical procedure, visit and perscript, in fact ALL of your health (related) records available to anyone who wants to see them? (Including your psychological records - they are fair game and part of this 'scheme' Including all the fun drugs the shrinks love to hand out so it looks like they are doing something useful...) Look, these organizations are gathering data so they can sell it. In whatever form 'agglomerated' or individually. They can, and they will. Repeat: they will. You give it to them willingly, it is theirs.

Do these 'sites' promise to keep your data safe? Sure they do. But in fact, none of them are HIPAA compliant or fall under that restriction. NONE OF THEM. Google makes money by selling advertising.. They may want to sell some other things as well. I love my 'home page'. But I stop short of keeping my personal data on anyone's server BUT MY OWN. And as a computer professional, involved in security and privacy issues, I think you should too. You should at least not be so blaze about allowing someone you don't even know access to your private information. Insurance companies are notorious for denying coverage. Unlike most medical establishments these people are smart, and they know how to keep records. They can do it on a whim. Ever seen a shrink? You will probably be denied coverage. Ever taken any drug for depression, even if it was not perscribed by a shrink? You will probably be denied coverage. Ever take a drink of alcohol? Ever have more than a couple in 24 hours? Don't answer that question!

Once your information is on someone else's server, it is no longer your information, regardless of what they tell you. Sue them? Who's them? Sue Google. That's a laugh. Also, regardless of my feelings about Google (I love Google, by the way, they really do some very cool things and I use them like crazy, and I click on their advertising links when I'm interested, because it gives them revenue). However, things change in this industry on an hourly basis. What is true right now, may not be true in the next minute. Google could literally go away, and someone else come along and pick up the (YOUR) records...

My advice: Keep your own medical records. Demand copies of what the docs write in their records, put them in your health folder. Do not sign up to have your DNA analyzed so you can 'see where your family came from'. And hope that this 'wonderful Brave New World' does not come to be. But here's the newsflash: It will. The snowball is already on the way down hill and is far too big to stop.

If there is a gene to predicts the possibility of some chronic 'disease' in your future, such as diabetes and the data is 'out there' somewhere, and you decided you actually still want to get a job (we're not all retired, nor do we necessarily WANT to be). What are your chances you will be hired and given benefits?

One more thing before I turn this rant off, delete this blog from my 'interesting things to read' list and go back to work:

Hospitals and doctors already have an enormous amount of your personal information available. They screw it up all the time. The AMA has published stats that something like 100,000 people die of 'medical error' (just in hospitals) every year. Even if that number is not correct by 20% that is still 80,000 people dying of medical errors in hospitals EVERY YEAR. (Most 'experts' think that hospitals have gotten very good about covering up their manslaughter statistics).

Comparison numbers: There were about 20,000 alcohol related (auto) fatalities in 2002. Let's just say that the number is the conservative 100,000 manslaughter incidents in hospitals. That works out to:

Minutes in a year: (60*24*365) = 525,600 1 Drunk Driving Deaths every: (525,600/20,000) = 26 minutes 1 Hospital Manslaughter: (525,600/100,000) = 5 minutes

You think I am paranoid? I find, constantly, that I am not paranoid enough.

Take a look at this article on Sandy Swarcz's excellent site: (You want to get an education, read her articles.)

Anonymous JustParanoid:

Actually, I agree with some of what you have written and I'd like to make the point that I have not recommended online storage while still noting that electronics records are something we must move toward one way or another and some companies are trying it online.

That said, personal attacks - straight out or insinuated - against me or anyone who comments are not allowed on Time Goes By.

Anyone who cannot keep a civil tongue is not welcome here.

You are right. I was out of line. I'll keep my very uncivil tongue
in my head, and off your blog.

But for the record: My background is in the technical end of security
and privacy, it is what I do for a living (I am an EE, and amazingly,
a girl! OK, an old lady!). From my perspective, the implications of
what you suggest are terrifying. Perhaps less so for us over 50's,
but for our children and most importantly for their children and
grandchildren. We are laying the ground work NOW, for how personal
information will be (ethnically) handled in the future, and it doesn't
look good. My brother works in Houston on the Human Genome
project... He's scared to death as well, from the medical perspective.
He is adamantly opposed to electronic recording of an individual's
health records by third parties.

There are states that have non-consensual (most parents don't even
know it!) requirements to collect DNA samples from newborns, and have
instituted tandem mass spectrometry analysis that detects conditions
in the DNA sequence. Whether those 'conditions' have any known health
related issues or not, but it is stored and parents do not have a
choice about it. They aren't even necessarily told about it.

It is possible that this is done For The Best Of All Possible Reasons,
although I doubt it. But, for a moment, consider the possibilities
for abuse... Just think for a few minutes about that information in
the hands of our government. But if you really want nightmares think
of it in the hands of a corporation - that has eyes on the bottom
line... (You going to live to be 94, but need a lot of health care
after the age of, say 75??? Can this be predicted by your DNA? If
not now it certainly will be available in the not to far distant

I read a really interesting monograph from the AMA (previous post)
that stated that 100,000 folks are killed by health-care provider's
mistakes IN HOSPITALS (alone). One of the observations was: "Well,
most of them would probably have died anyway".

News flash: We're all going to die 'anyway'. It is just a matter of

Goodbye now,


I actually had a similar gut reaction as NotparanoidEnough when I read this.

I view this Brave New Medical Records World with great alarm. It will a long time before I willingly and deliberately place such information online. Sure, bits and pieces of it are out there already. To think otherwise is naive. But it's scattered and not readily available in one nicely prepared bundle to facilitate ease of insurance denial and blacklisting.

To me this is a slippery slope and we should proceed with extreme caution. I love technology as much as the next person, but this concept literally raises the hairs on my neck. It just instinctively feels wrong, for me anyway. Maybe not for others, but it's a definite "no" for me at this point.

I read with great interest your article on electronic personal health records and HealthVault thought you would find MyMedicalRecords of interest. MMR has contracts with organizations covering more than 30 million lives to provide our services.

Contrasting MMR to other popular EMR products, MMR is delivering the most user-friendly, convenient and versatile web-based Personal Health Record available today. Using our proprietary patent pending technologies, complete patient information including actual lab test results, radiology reports and images, progress notes and all of a patient’s charts can be uploaded or faxed with annotated voice notes and comments directly into the user’s password-secured account. Users do not need to install any special software or use any special hardware to use our service.

MMR also has integrated other advanced features, such as multilingual translation, a drug interaction database of more than 20,000 medications, calendaring for prescription refills and doctor appointments, and private voicemail for a doctor’s message and other personal uses.

There also is a special “Emergency Log-In” feature that allows a doctor to access a user’s account to view their most important medical information in the event of a medical emergency. To ensure individual privacy, specific data, such as prescriptions, allergies, blood type and copies of actual medical files or images, are pre-selected by the user for inclusion in the online read-only Emergency Folder.

In addition, MMR also includes an online ESafeDeposit Box feature that enables users to securely store any important document in a virtual “lock box” and access them anytime from anywhere using an Internet-connected computer or PDA. These documents can include Advanced Directives, Wills, insurance policies, birth certificates, photos of Family, Pets and Property, and more. MMR is clearly one of the most complete user-friendly Personal Health Records available today (I can provide details).

Incidentally, MMR has built a two-way data interface to Google Health and our understanding with Google is that MMR will be part of their public launch expected shortly. This will enable users to move information from their Google Health account to their MyMedicalRecords account and vice versa. This will enhance the Google Health user experience by allowing the individual to store documents, images, and other personal information in MMR’s easy-to-use personal health record and will have the benefit of all the additional features MMR has that are not available directly within Google Health.

I would encourage you to visit MMR and set up a complimentary account. Simply go to and sign up using registration code MMRBLOG. I would be interested in your experience and hope that you will include us in any further discussions of Personal Health Records. I could also send you more information by email or snail mail (the latter allows me to send a bit more than I’d want to clog your email with). Recently, we sent out a release about MMR Pro, which will better enable physicians to put patient records into secure, online accounts.

The state of Vermont some years back had a program in which all basic medical records were kept on a miniature microfiche that the patient kept. Brining this up to date would be a good idea, not the third party health records.

Even in the days of only written records, it was impossible to delete erroneous information out of a patient's records.

In Alaska, 35,000+ people's personal info from the entire university system, including social security numbers, were open for the taking because one tiny campus 400 miles away refused /unable to believe in minimum security systems. Their little campus was hooked directly into the statewide system.

One of Alaska's regional corporate health monopolies bills for tests never ordered or done. A federally funded health clinic issues keys to custodians which also access all patient records.

These examples don't argue for a centralized system but rather for the inherent flaws in any electronic or analog information system. It's bad enough that insurance companies and Medicare/Medicaid keep records accessible anywhere. But without a thorough thinking through of world-wide medical tracking, seems to me that keeping information close at hand with a backup off-site is best.

I am a medical doctor. I see patients every day. Including the Emergency Room where I work.

During thousands years physician have follow this hippocrates oath sencente: What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.

So at the moment I designed the keyose ( service, I have a very clear idea: privacy must be the priority number one!

Keyose is the first Anonymous Personal Health Record online, so privacy is guaranteed.

The technology is available, but most healthcare providers are reluctant to pay the price. A seamless medical record would do nothing but enhance patient care as long as it is HIPPA compliant.

Thanks for bringing up this topic for discussion. I think we need lots more information, such as some of what I've read here, before I could enthusiastically support this gathering of health info as you describe.

Hope you keep us updated on this, as does bear following.

I do like the idea of having ready access to all reports about me and think routine reviews for accuracy could be easier -- if corrections can be accomplished. I had a situation over the holidays when medical info about me, dictated by a Dr., then sent to me once I was home to give to my Dr. contained some pretty significant errors. I was glad to be able to correct them, though one Dr. didn't accept the corrected copy or change his file copy I noticed. I'm going to check further with him on that.

Hi all,,, on the PHR track, wanted to let ev1 know that does not post Ads beside your Medical information... only during login & exit to the tool

Look over parent company.

Does anyone else remember the FEAR from 15+ years back when Banking ONLINE from home was not 'Safe' ? Trends change, society adapts and I venture to say that anyone reading this post does 90+% of banking online without thinking twice over the sharing of 'personal' bank information.


It's not having our financial or health records available online that is the worry; it is the security of the databases holding that information.

Hardly a week goes by that there are not news reports of such databases hacked into or discs stolen or even entire computers taken that hold our information.

Or, as a couple of weeks ago with the passport files of the presidential candidates, workers snooping into personal information.

And most of those database breaches are never reported. There are laws covering the loss of personal financial data, but no recourse if, for instance, a potential employer doesn't hire someone for having a medical condition (who would know?) or someone is fired for it.

Although I like the idea of having medical records easily available to ourselves and our physicians and emergency rooms, etc., I'm not comfortable with the security issues and promises from websites of having x-bit security isn't impressive these days.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)