With recently launched platforms like Google Health and Microsoft’s HealthVault, it is now possible to keep your health records in a centralized location online. You can store your records (prescriptions, medical devices, lab results, immunizations, etc.) find a doctor, search to learn about your condition, and more. You can also share this information with family, doctors, hospitals, and pharmacists. In addition to the convenience of having all your personal health information in one place (all of it that you choose to put there, that is) using the service can help avoid errors and duplication in the records, alert you about drug interactions and allergy information, and allow you to import information directly from providers like hospitals, pharmacies, and labs. Because it’s online, the information is available whenever and wherever you need it.

Privacy and security are obvious concerns, and both companies have made every assurance they understand these concerns, and state clearly that they will not give out any info without explicit permission. Some people might assume that their information stored and shared with these services would be protected by HIPAA, but that’s incorrect. The fact is that Google and Microsoft aren’t considered healthcare providers under HIPAA, so the law doesn’t apply. They’re only providing the technology—you are responsible for managing the information. Some people worry that third-party vendors partnering with these services might not be as secure or private as Google and Microsoft.

Yesterday, Google, Mircosoft, WebMD, the AARP, health insurers, nonprofit groups and other organizations (full list here) participating in personal health record services agreed on a set of privacy standards and best practices for Web-based health records. The framework is the result of 18 months of research coordinated by the Markle Foundation.

What is the FDA’s stance on Google’s and Microsoft’s services? FDA Commissioner Andrew von Eschenbach scheduled a meeting on June 10 with several FDA and non-FDA participants, including RJ Pittman of Google, to discuss Google Health, but no post-meeting report could be found at this time.

My concern is whether Google and Microsoft are doing enough to make people understand the importance of safely managing their health information. Let’s face it: some people are bad drivers, some aren’t great cooks, and some people aren’t the best Internet users. Who’s going to explain the risks of posting and sharing this info? Some might say, “Don’t put sensitive information in your profile if you feel it’s too risky.” But doesn’t that defeat the purpose of a personal health record? If you send a doctor your incomplete Google Health record, what if you forget to mention during your visit the information you left out of your profile? That opens the door for drug interactions and other problems the electronic health record is supposed to help avoid.

Even the tech savvy could be caught off guard—being sick, or having a loved one who’s sick, can leave one feeling worried and vulnerable, and the desire for help or information could cloud a person’s judgment. Mark Senac notes on his blog one possible flaw of Google Health: it keeps you signed in after the initial login—what if someone is on public computer and forgets to log off? Or a shared computer at work or school? Suddenly, the whole office knows about those test results…. This kind of mistake isn’t much different than forgetting an envelope full of paper medical records in a public place, but these blunders are easy to achieve online—and the information is especially easy to spread around, and can be considered quite valuable, once the cat’s out of the bag.

With the right understanding of how to use these services, with Google and Microsoft providing a secure service, and with yesterday’s best-practices framework put into place, these personal health record services can be a helpful tool for people to manage their health information online.