For an industry that stands to make billions of dollars on electronic health records (EHR) – if we can get people to use them – storage vendors are strangely passive on the issue of health privacy. Even the good guys like HP and NetApp are silent. What’s up?

The problem
According to Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights said in a recent column in the Wall Street Journal:

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Insurance Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

But patients are right to fear the release of potentially embarrassing information on such health issues as STDs, depression or substance abuse problem, abortions or miscarriages and other issues that should be between a patient and their doctor – not a mortgage company or an employer.

Today our lab test results are disclosed to insurance companies before we even know the results. Prescriptions are data-mined by pharmacies, pharmaceutical technology vendors, hospitals and are sold to insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research. Self-insured employers can access employees’ entire health records, including medications. And in the past five years, according to the nonprofit Privacy Rights Clearinghouse, more than 45 million electronic health records were either lost, stolen by insiders (hospital or government-agency employees, health IT vendors, etc.), or hacked from outside.

One poll found that 1 in 8 people have withheld information from doctors out of privacy concerns. Another poll found that fully 59% were not confident that their health records would be protected if stored electronically.

This is America, where non-compliance with “official” policy is a way of life. If you hope your company will make billions on the EHR market, maybe you think again.

The solution
Dr. Peel’s organization is lobbying Congress to protect patient privacy. Kudos to the ONLY computer or storage company that has joined her in the fight: Microsoft.

The StorageMojo take
Maybe I expect too much from vendors. Why should they care if rampant abuse hoses the EHR market and sours public attitudes towards major users of storage products?

But somehow it doesn’t seem like too much to ask for at least IBM, HP, Oracle and NetApp to get involved to ensure that massive data storage infrastructures are not abused. Having millions of consumers hate and fear your products – or their use – seems counter-productive.

I hope this is just an oversight and that vendors jump aboard. Vendors?

Update: Sign a petition to Congress for a Do Not Disclose law that gives you control over your health information. End update.

Courteous comments welcome, of course.