Although Dossia is not subject to HIPAA regulations, it is subject to consumer protection laws that govern sensitive health information outside the scope of HIPAA, and much of the data that it stores comes from organizations that must comply with HIPAA regulations. The consortium has made information security a high priority, Munini says. For example, all health-care data is encrypted and there are several layers of firewalls in place, he says.
Dossia has also implemented infrastructure components, such as redundant servers, backup storage systems, uninterruptible power supply systems and generators, to ensure that its data center is highly available to users who need access.
"It's important that no single failure of a device should have an impact on customers," Munini says. "We've done a tremendous amount of benchmark stress testing and performance testing. We effectively handled the open enrollment at Wal-mart, which is one of the largest employers in the country."
Employees who are signed up for the program can access their health records via a user name and password. An employer, such as Wal-mart, is responsible for authenticating that an individual is actually an employee of the company. Personal health records are available to the individuals but not to employers, Munini says.
Users decide exactly what information is stored in their personal health records and who can send information into their file and who can gain access.
Employers can offer an "enhanced experience" to users, Munini says. For example, Wal-mart offers access to tools and applications on the WebMD site, and specific information on WebMD can be catered to individual users based on their health-care needs.
Munini wouldn't say which other companies he expects to launch access to the Dossia service. But he expects others to follow Wal-mart's lead this year. "We're quite happy with Wal-mart as the initial customer," because of the company's large size and influence in the business community, he says.