Following Microsoft and Google’s intentions to enter the medical field with programs designed to store medical records, two leading researchers point that such services don’t fall under federal privacy laws.

Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, physicians and researchers at Children’s Hospital Boston, the primary pediatric teaching hospital of the Harvard Medical School, in an article published Wednesday in the New England Journal of Medicine say they’re against the idea of huge companies merging together to host millions of confidential medical files.

The thing the two doctors are concerned about is the fact that neither Google nor Microsoft has privacy policy measures that govern the confidentiality of a person’s medical information, meaning that it is quite possible for files to be accessed by people who have nothing to do with them.

“I’m a great believer in patient autonomy in general, but there is going to have to be some measure of limited paternalism,” Dr. Kohane said in an interview, according to the New York Times.

Microsoft is currently working with New York Presbyterian Hospital and Google with Cleveland Clinic to have those institutions provide their patients with an electronic copy of their own records. However, neither of the two companies is bound by the privacy restrictions of the Health Insurance Portability and Accountability Act, or HIPAA, the main law that regulates personal data handling and patient privacy.

HIPAA, enacted in 1996, did not anticipate Web-based health records systems like the ones Microsoft and Google now offer.

Peter Neupert, a VP in charge of Microsoft’s health group already said in an email to the Times that Microsoft is not so thrilled about the idea of extending HIPAA to companies like itself or Google.

“Philosophically and politically, I am skeptical of the concept of paternalism. It never turns out to be ‘limited.’ We have to earn the consumer’s trust for our brand. So I can imagine a scenario where we have a third party verify that our system works the way we assert it does,” much as an auditor reviews a company’s financial reporting.

However, this is not the only thing we should worry about when it comes to online storage, according to Pamela Hartzband and Jerome Groopman of Harvard: “We have observed the electronic medical records become a powerful vehicle for perpetuating erroneous information, leading to diagnostic errors that gain momentum when passed on electronically. It takes human effort to wade through all the data and isolate the information that is pertinent to the patient's current problem.”