After a year and a half of development, Google announced yesterday that it was now offering personal health records on-line.
According to Google's Health website, "Google Health allows you to store and manage all of your health information in one central place. And it's completely free. All you need to get started is a Google username and password.
"Google believes that you own your medical records and should have easy access to them. The way we see it, it's your information; why shouldn't you control it?"
"With Google Health, you manage your health information — not your health insurance plan or your employer. You can access your information anywhere, at any time."
So, why is Google doing this?
“It’s what we do. Our corporate mission is to organize the world’s information and make it universally accessible and useful. Health information is very fragmented today, and we think we can help.”
Google has partnered with over two dozen organizations, including hospitals (Beth Israel Deaconess Medical Center, The Cleveland Clinic), pharmacies ( Longs Drugs, Medco Health Solutions, RxAmerica, Walgreens), diagnostic laboratories (Quest Diagnostics) and medical information providers (SafeMed, Heathgrades) which have agreed to provide electronic copies of medical information (or help interpret the information) to add to your Google personal medical record. You can go here to get profiles of Google's partners.
Google also promises to keep your medical information private:
"You should know two main things up front:"
"1. We will never sell your personal health information or data"
"2. We will not share your health data with individuals or third parties unless you explicitly tell us to do so or except in certain limited circumstances described in our privacy policy."
"We make it a point to let you know what information we collect when you use Google Health, how we use it, and how we keep it safe."
I personally would take this assurance with a grain of salt. A person's Google health record is not covered by HIPAA (Health Insurance Portability and Accountability Act of 1996).
So how is Google going to make money on the effort if it is free? It says:
“Much like other Google products we offer, Google Health is free to anyone who uses it. There are no ads in Google Health. Our primary focus is providing a good user experience and meeting our users' needs.”
That is a good, very coy, non-answer if I ever saw one. I will remain skeptical, if you don't mind, about Google not deciding in the future to change its, “We will never sell your personal health information or data” tune to one more like “We will never sell your personally-identifiable health information or data.” Aggregated health data is seen as a gold mine by medical researchers, pharmaceutical companies, and the government alike.
Of course, the value of the data depends on how accurate it is. Google makes a big deal that the individual is in charge of their medical record; that the individual decides how much is actually going to be disclosed to whom, and; that the individual can edit their medical information as well.
This is where it gets interesting to me. How much will doctors trust Google (or Microsoft’s or anyone else's) personal health records if they start encountering a number of patients who are wholesale editing their personal medical information? Or do doctors just assume that the information provided is incomplete or biased?
It occurs now with paper-records, but I wonder if the perception of selective editing of medical records will change with an electronic health record.
Also, will insurance companies start demanding that patients disclose to them all their Google-stored information if the patient wants to get a doctor’s visit paid for? And what happens when an insurance company finds a record that is edited?
Comments (4)
While I certainly agree with many of the complaints listed here, the lack of applicability under HIPAA is not one of them. Having had a run in with HIPAA in the past, I'm completely convinced that the whole thing is a joke.
The most damning consequence of a HIPAA violation is a slap on the wrist (along the lines of $100) and perhaps some bad press (though probably not). Hell, do you owe the hospital some money? If so, under HIPAA, the hospital can give your medical records to everyone's favorite people, aka debt collectors.
At least with Google people may be inclined to feel uneasy about the information being shared--a step up from the workings of the real-world medical system.
Posted by Mike | May 20, 2008 7:51 PM
Posted on May 20, 2008 19:51
So a person's user name and password are all that's needed? Banks are now required to do better authentication than just relying on passwords for online banking (although what most have done is only a minor improvement). If people are going to trust Google to maintain their health records, access to this information should be protected by stronger authentication. Phishers want to trick people into revealing personal information because the information helps to steal identities and break into online financial accounts. If Google is going to rely only on weak authentication based on passwords, the risk that online health records will be stolen will be much greater.
Posted by B | May 21, 2008 8:32 AM
Posted on May 21, 2008 08:32
I totally agree. As usual Google gathers very precious information which can give incredible gains if properly boxed and sold... I like the idea, but it's nothing I can't do with my own PIM, away from someone else's hands... I wrote a post on www.deepvoidlog.com about this issue.
Posted by DeepVoid | May 22, 2008 7:29 AM
Posted on May 22, 2008 07:29
Personally I am not crazy about Gooogle trying to corner another part of the infomration market. I am also a little worried about their claim that they won't make any money on it.
Posted by Healthy Directory Gal | May 22, 2008 10:06 PM
Posted on May 22, 2008 22:06