Health care privacy laws can’t keep up with rapid technological advances on health websites and social networks, according to a paper in the spring edition of The Neurodiagnostic Journal.

While the Internet has increased the ability to store, communicate and reference medical information, study author Jacquelyn M. Polito of the Neurology Department at South Shore Hospital in Massachusetts wrote that advances in medical information technology have also raised new ethical questions about confidentiality and caused disputes over who is ultimately responsible for a patient’s privacy.

The paper also noted that many of the health information websites that patients rely on to gather information may be inaccurate. One study compared 60 websites with information on childhood diarrhea with recommendations from the American Academy of Pediatrics and found that 80% of those websites contained inaccuracies.

Other findings:

  • In a poll, 60% of medical school administrators said they were aware of unprofessional postings, with 13% of those infractions being breaches of patient confidentiality.
  • A 2008 review found that some medical school students were making online posts about medical situations in a way that made it possible to identify the patient.
  • Not only are laws failing to keep pace with technological advances, but they often give patients and doctors layers of confusion. “The regulatory framework can be a seemingly chaotic tangle of laws and policies by local, state and federal agencies,” Polito wrote. “With such ambiguous wording and layers of potentially confusing regulations, therein lies the capacity for different interpretations and misunderstandings among health care providers, patients and their families.”

In another poll, 86% of physicians said they had consulted the Internet for the latest medical information and for consulting experts on difficult cases. That, however, could cause problems, Polito wrote, because many organizations that offer electronic health records - including Google Health, which is being discontinued and Microsoft’s HealthVault - are not required to follow HIPAA rules. Those sites usually operate under their own privacy policies, which they can amend at any time without consent, according to the Internet Business Law Services

“Despite nearly two decades of burgeoning Internet use, no online activities can be guaranteed absolute privacy. Clearly, these sites and their usage must be closely monitored, yet by whom and how?” Polito concluded. “As technologists and health care professionals, we need to be ever-mindful of safeguarding privacy, of the uncertain integrity of information received, and of emerging policies and laws with regard to Internet use of electronic protected health information with every patient, every time.”

Image courtesy of Shutterstock.