The parade of healthcare organizations lined up behind one or the other of the two battling information technology giants, Microsoft Corp. and Google, in the personal health record arena just added a first Blues plan. Blue Cross and Blue Shield of Massachusetts announced it was partnering with Google Health.
According to a news release today, the Boston-based payer claims that it is the first insurance company to sign an agreement to integrate with the Google Health platform. When the link is done, Blues plan members will be able to import their claims data into their Google Health profiles. That link should be completed and ready for members to use sometime this fall, according to Susan Leahy, spokeswoman at the health plan.
Google, Mountain View, Calif., has already lined up a major Boston-area provider, 585-bed Beth Israel Deaconess Medical Center, to use its service, which it launched in May with the announcement that the Cleveland Clinic was conducting a pilot program.
Microsoft, Redmond, Wash., got out of the PHR gate first with its October 2007 launch of its PHR platform called HealthVault and made its first splash with a big-name partner in January when it announced a joint development agreement with Mayo Clinic Health Solutions, Rochester, Minn.
Leahy said the Blues went with Google over Microsoft because Google was the first one to approach us. But that doesnt necessarily mean it will remain an exclusive relationship. We want to get some experience with Google and then look to other providers, she said.
Google is not a so-called covered entity under the 1996 Health Insurance Portability and Accountability Act of 1996. HIPAA privacy protections dont apply to it, even though it will handle protected health information that payer and covered organization Blues plan is obliged to protect under HIPAA privacy rules. Normally, covered organizations provide protections with IT services providers by signing business associate agreements with them to extend HIPAA protections to data transferred to those vendors.
The Blues plan did not sign a business associate agreement with Google, Leahy said, an approach similar to that taken by other providers that have previously signed deals with both Google and Microsoft, since it is the patients, and now, the members, who are agreeing to allow their data to be sent to the PHR vendors.
Google health is not a HIPAA protected entity; we are, Leahy said. They told us they are not going to share this information. We did not ask them to sign a business associate agreement.
"We do have a confidentiality agreement in place with Google, but no business agreement because we are not disclosing PHI (personal health information) to Google for BCBSMA's operations or purposes," Leahy said. "We will disclose data at the request of, and after receiving authorization from, the member."