Skip to main content

Your private health details may already be online

  • Story Highlights
  • Many medical institutions, insurers post medical records online
  • Other private companies beginning to offer similar service
  • Expert: Ask specific questions before you sign up, about access, accountability
  • Next Article in Health »
By Elizabeth Cohen
CNN Medical Correspondent
Decrease font Decrease font
Enlarge font Enlarge font

ATLANTA, Georgia -- Imagine my surprise when, in the course of doing research for this story, I stumbled upon my own personal health information online.

Doug Smith spotted his own thyroid cancer after Dr. Jim Jirjis ordered a CT scan to diagnose chest pain.

There it was in black, white, and hypertext blue. My annual mammograms; the visits to the podiatrist for the splinter in my foot; the kind of birth control I use -- it was all on my health insurance company's Web site. And that's not all: The prescriptions drugs I use were listed on the Web site where I get my prescription drug insurance.

I had no idea this was all on the World Wide Web. Welcome to the 21st century, says Dr. Steven Schwaitzberg, associate professor of surgery at Harvard Medical School and a medical informatics expert.

"There's more information out there about people than could ever possibly be realized," he says.

Yes, indeed. Every diagnosis, treatment, and doctor's appointment I'd had since 2003 was on the Internet. All I needed to get them was a phone call to my insurance company and information other people might know, such as my Social Security number, date of birth and address. Someone's spouse in the middle of a divorce could try to access personal health information. An employer could try to do the same. And what about hackers? If a 17-year-old year old can hack into an iPhone, couldn't someone just as clever get into my insurance company's Web site? Video Watch CNN's Elizabeth Cohen report on online medical records »

Should I try to get my health information off the Internet? Or maybe I should be glad it's there -- perhaps it could be helpful to me in some way. As electronic medical records become more and more common, here are five questions we all need to ask.

1. What are the advantages to having your health information online?

If your health records are online, you can, to some extent, double-check your doctor. In a world where physicians are busy and medical errors are epidemic, that's no small thing

Here's one example: Two years ago, Dr. Jim Jirjis CQ ordered a CT scan for his patient Doug Smith, who was having searing chest pain. Jirjis heard from the radiologist that Smith's heart was just fine.

"I was relieved and immediately called him on the telephone and said, 'Great news,' " says Jirjis, an internist at Vanderbilt University Medical Center in Nashville, Tennessee.

Thanks to Vanderbilt's online medical records, Doug could read the CT scan report himself. Several pages in, he saw something Jirjis hadn't: The radiologist had noticed a lesion on the right side of his thyroid.

That lesion turned out to be cancer. It was caught early, when it could be treated easily. "Online records empower the patients," Jirjis says. "Most physicians are reviewing an enormous amount of lab results every day. The patient is reviewing just one person's lab results."

Another advantage to online records is that they travel with you. Let's say you become ill while on vacation and can't remember the name of every medication you take, or your exact diagnoses. Just get to a computer and the out-of-town doctor has your records instantly.

"Having medical records online helps me take better care of you, and helps you take better care of yourself," says Dr. Daniel Sands, an assistant clinical professor of medicine at Harvard Medical School and senior medical informatics director at Cisco.

2. What are the disadvantages?

Electronic health information enthusiasts, like Sands, still have concerns about privacy. "Absolutely, there are risks associated with online medical records," he says.

Online health Web sites are "https" secure sites and password protected, but is it 100 percent secure?

No, says Amanda Angelotti, a spokeswoman for Google Health, a recently launched site where users can store their health information.

"In some sense, no one can ever really know about the data they hand over, whether it's financial data or medical data or anything else," Angelotti says. "In some sense you can never be truly protected. But if we can't protect people's personal information, they wouldn't trust us and use our products."

Google's privacy policy states the company doesn't sell user health information, and doesn't share with others unless the user explicitly authorizes it (one exception is if there's a court order or subpoena to hand information over).

Microsoft has a similar service called HealthVault. On the site, the company says it may disclose a user's personal information to comply with the law, to protect the "personal safety" of members of the public, or to defend the rights of Microsoft."

It adds that it uses "a variety of security technologies and procedures to help protect your personal information from unauthorized access."

3. If your medical information is already online, can you make it disappear?

If your health insurance company, or your healthcare provider, put your information online and you don't want it there, it's worth asking if they can take it off.

I found out I can get my health information from my insurance company's Web site (although it wasn't obvious how; they had to show me). At Cambridge Health Alliance in Massachusetts, where Schwaitzberg is chief of surgery, members can also opt out of online health records.

Before you do that, though, find out what's online -- it might not be as revealing as you think. For example, my insurance company says it doesn't include information about substance abuse, mental health, sexually transmitted diseases, or "sensitive issues around reproductive health."

4. Should you put your health information online with a service like Google Health or Microsoft HealthVault?

If you like the idea of electronic medical records, you can create your own at Google Health, Microsoft HealthVault, or other Web sites.

If you, like many people, still have paper medical records, you can have them scanned into an electronic record. There are various ways to do this, some at a cost of $15 to $150.

Sands advises everyone to ask specific questions before signing up. "You really have to read the fine print," he says. "You need to ask, 'Who other than me will have access to this information? Will there be an audit trail -- a list of who else has seen this information?' " he says.

If you do decide to build your own electronic medical record, Schwaitzberg says to put in only information "you wouldn't mind reading on the front page of your local newspaper."

"My white cell count, my potassium levels, aren't very interesting, so I don't mind having them in an electronic record," Schwaitzberg says. "But DNA test results showing I had a propensity for cancer might be interesting to someone, like an insurer or a future employer."

5. What's the best way to use your online medical records?

Making the most out of your medical records will require some work. While some information is relatively easy to understand (like Doug Smith's lesion on his thyroid), other information is confusing "medspeak."


Group Health, a health care system based in Seattle, Washington, offers the Healthwise Knowledgebase to its patients. Accessible to anyone, it has definitions of various diagnoses, medications, and medical tests.

The Medical Library Association offers a "deciphering medspeak" glossary, and a list of commonly used medical abbreviations. Labtestsonline has an A-Z guide to common medical tests.

CNN's Jennifer Pifer, Sarah Edwards, Sarah Hill and Leon Jobe contributed to this report.

  • E-mail
  • Save
  • Print