When I lecture about the new generation of personal health records such as Google Health and Microsoft Healthvault, I emphasize that these applications are not covered by HIPAA. Google and Microsoft are not healthcare provider organizations and thus their privacy is only as strong as the policies they post on the website. Since Google and Microsoft monetize these sites by attracting search traffic, they are highly motivated to build secure and trustworthy systems. As a member of the Google Advisory Council, I know that the Google privacy policies are stronger than HIPAA. Microsoft has very similar policies.
