Google Wants Your Medical Records
from the well-of-course-they-do dept
While it's been rumored for years, Google is finally revealing a little bit about its Google Health plans, as it's opening up the service to a few thousand patients of the Cleveland Clinic. Those patients will be turning over their medical records to Google which, of course, is raising security and privacy concerns. It probably doesn't help that the news of this is breaking at about the same time as reports that Google accidentally exposed Gmail accounts in Kuwait. Exposing emails is bad enough, but your health records? Obviously, one hopes that Google is doing everything possible to protect the info, but as the AP report points out, Google is not covered by HIPAA (the Health Insurance Portability and Accountability Act,), meaning that even under the best intentions of Google, handing your records over to the company could make them easier for the government or legal adversaries to get at those records, since they've left the bounds of protected communication between a doctor and patient.Despite all of that, there is something to be said for granting individuals more power to manager their own medical records. Assuming Google could make those records more searchable, more understandable and more useful by putting additional services around them, you could see how that could be valuable. On top of that, one of the benefits of such a service could be to allow medical providers easy access to specific, relevant portions of your medical history. However, Google isn't the only player trying to build such a system (with Microsoft having already announced something similar), and as we discussed about a year ago, perhaps a better solution than a centralized system (which is prone to attack) is to allow individuals to store and manage their own records. While some people may feel comfortable trusting Google to store the records, it seems likely that plenty of others will rather control the data themselves, while still being interested in making use of the value-added features one imagines Google will be providing.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: centralized storage, google health, medical records, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Better or worse
I'm not sure what Google's track record is concerning security and privacy. Other corporations have already had spectacular failures in those areas.
It's difficult to see how Google could do worse. It's easy to see how Google could do much better.
[ link to this | view in chronology ]
HIPAA
[ link to this | view in chronology ]
Re: HIPAA
[ link to this | view in chronology ]
Re: Re: HIPAA
[ link to this | view in chronology ]
Targetted Ads
[ link to this | view in chronology ]
Why not just put them on a Thumb Drive?
[ link to this | view in chronology ]
But overall, I think legacy AT&T was one of the first companies to consider pursuing it.
[ link to this | view in chronology ]
Email leak
[ link to this | view in chronology ]
If the article is correct, the patients give their medical records to Google. If the clinics were to give Google the records, that would be a different story, either the clinic would be in voilation of HIPAA or they would have to ensure that Google was HIPAA compliant. If you give your medical records up, that is your choice, but you can't expect protection from HIPAA.
[ link to this | view in chronology ]
Global System
AV
[ link to this | view in chronology ]
Anybody who does not trust Google, does not know Google. They are the opposite of Microsoft!
[ link to this | view in chronology ]
Not Google's Fault
-- It's not Google's fault... The ISP was caching the content.
[ link to this | view in chronology ]
Google doesn't access the medical information through those same channels, the patients give them the information. If someone walks up to you and hands you their medical records, would that make you a covered entity? Of course not.
[ link to this | view in chronology ]
It was doctors that used the AIDS scare as a scare tactic to get HIPAA pushed through, oh, go protest, they are going to discriminate against people with AIDS, so go out and call them all sexists, and embarrass them into passing this very, very bad law, that not only doubled the cost of medical treatment in the us, but exposes the public to bad doctors/medicines for a much longer time before they are discovered. Doctors and hospitals didn't like that lawyers were mining databases of medical records finding patterns that allowed them to easily detect bad doctors and bad hospitals.
[ link to this | view in chronology ]
electronic medical records
[ link to this | view in chronology ]
HIPAA was in response to electronic medical records, just like Part 11 was in response to electronic signatures.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Manage their own?
Use a professional. Is that Google? Remains to be seen. Could be, they have an excellent privacy track record so far.
[ link to this | view in chronology ]
I Fix Medical Equipment
I was also required to give my policy and procedures to one client as part of my contracting, which also included a policy on HIPAA compliance.
[ link to this | view in chronology ]
Privacy Concerns Unwarranted
[ link to this | view in chronology ]
Ever try to get your Records fixed
[ link to this | view in chronology ]
PGP/GPG Sign the data, use CD/DVD/Thumbdrive...
I think that would be a great idea, as if you're traveling and need access to your medical data it's all right there.
Unfortunately, it's all right there.
The solution is to use cryptographic tools that are completely open and free. Any GPG is a free (open source) version of the OpenPGP standard. Doctors could sign the portions of the records they create, and the whole thing could be signed encoded to unlock only with the patient's private key.
Now, keeping the private key secure would be an issue, however if this is occurring within an expanded environment, then the data could be encoded using a symmetric key, which is then it's self encoded to only be unlocked with the private key. The tool could then provide or remove that one file, thus authorizing access or not.
[ link to this | view in chronology ]
Another alternative
The danger with Google Health and HealthVault is that somebody in the future crack their security systems.
Also the fact about a private company getting data about your health must concern us.
There is an alternative, http://www.keyose.com/, designed by the doctor that described the first case of Wiiitis, its philosophy is based on total anonymous users. A smart mechanism allows the store of clinical record without asking you any personal data (not even your email).
Confidentiality is in such a way assured.
[ link to this | view in chronology ]
Health Privacy Agreement
[ link to this | view in chronology ]
i love you
[ link to this | view in chronology ]
yummy exotic food
[ link to this | view in chronology ]
poop
[ link to this | view in chronology ]
poop
[ link to this | view in chronology ]
poop
[ link to this | view in chronology ]