Perhaps you have received an email from Medhelp about their new Personal Health Records Service, which works "by storing and managing your medical records and health information online in one safe, secure place." so says the email.
Given the concern a number of people have expressed about their privacy on Medhelp, I'm expecting to get questions about the new service, so I'll address the matter here.
My personal opinion is the storing practically ANY personal information on someone ELSE'S computer is a matter anyone should ponder at length before proceeding. Except for my email and similar data, I disclose nothing to anyone regarding the details of my life which have to do with my personal relationships, my finances and my health and medical data, among a few others.
The issue, for me, is not so much about the CHANCES of accidental disclosure or deliberate theft of the data. It is more about the CONSEQUENCES of it. What would it mean to me -what would it mean to YOU- if, by some unforseen event, the details of your health and medical history were no longer confined to your medical files kept by you or your medical providers? Bear in mind that such data not only describes you, but often your family members as well. If disclosure of this information would not bother you, then by all means, consider the whatever convenience there would be by placing it with Medhelp. And of course, what you decide to place in Medhelp's custody is entirely up to you. You might, for example, list drugs to which you are allergic, but say nothing about other medical concerns which you wish to keep to yourself.
That said, one could argue about the presumed convenience of the service in the first place. Any medical information which has to do with saving your life should be kept on your person -perhaps a bracelet or similar well known alert. I rather doubt that your doctor or a hospital ER will NOT ask you questions or test you because you say everything they need to know is on a web site somewhere. That leaves other data which may be important or convenient to have handy on-line. I can envision a situation in which I might refer a new doctor or a specialist to my on-line data before my initial visit, but unless they stop handing me forms to fill out, I'm not certain of the pay-off for all the work it takes to develop the data on Medhelp's service or anywhere else. I suppose I could print off copies, take them with me, and write "see attached" on their forms -but I don't need Medhelp to do that.
As to the actual security of your data on Medhelp, I can't venture a guess. There is an extensive explanation of what Medhelp does and does not do with your personal information at
http://www.medhelp.org/privacy.htm and they give assurances of encryption, limited employee access to your files, etc. The news, to my mind, is not all good -so I encourage you to read through it for yourself. Some of the material is, indeed, rather cryptic in and of itself, such as these lines which I quote from the Medhelp privacy policy:
"If a website accesses your health information and stores a copy of your information, that copy will be governed by that website’s privacy policy. Others at that facility – like an on-call doctor – may be able to view your information."
’? –? –?
I suppose that those characters stand in for punctuation, but the apparent lack of diligence in reveiwing their own material does not encourage me to entrust them with MINE.
And that brings us to the misty and nebulous area of government regulation - HIPAA in particular. This set of regulations, published in massive volumes, is tough even for the experts to decipher, but the general idea is that people who have custody over personal and medical information have an extraordinary responsibility to show it to no one except the patient and those authorized to have access. Which is why, for example, you must stand behind a line at the drug store waiting for your turn, so you can't see over the shoulder of the person in front of you. I cannot say that Medhelp does or does not comply with HIPAA or has been reviewed by HIPAA enforcement, but I can say that there is no mention of it in their privacy material (that I can find, anyway).
In conclusion, it is my opinion that the new Personal Health Records service is something that demands your most careful evaluation. Thanks for reading.