Health

How will Google Health work?

Google Health is a personal portal that can be used to upload, store and view personal medical information, retrieve records, investigate health matters, set medication reminder alerts, etc. But in the HIPAA world, how can this work?

I recently had to go to the doctor for a recurrence of a health problem that I had had some 20 years ago. My original doctor has since retired so this doc was a new one. In preparation for that first appointment, I was asked to get my old records from the doctor who helped me all those years ago and any recent medical records pertaining to the condition. Since doctors keep the same hours I do, this meant I had to take a couple of afternoons off work to go scrounging around for my records.

In addition to that, since the first doctor had retired, I had to find a way to get my medical records from him. I looked in the phone book. No luck. I Googled him. No luck. And because I have a memory like a sieve, my medical details, for all intents and purposes, were lost forever.

My situation came to mind when I read today about Google Health. Here's the description of the site, according to ZDNet.co.uk:

The site, which is currently available for healthcare purposes in the US only, is a personal portal that can be used to upload, store and view personal information; retrieve records from partners; investigate health matters; set alerts such as a reminder to take medication; and run applications that can, for example, keep track of how many miles a person has walked.

Personal Health Records are not new. In fact, there are already many standards, open specifications, and efforts toward standardization of PHR information, and services. But Google claims its service will be different from those others in three ways:

  1. Privacy -- Their privacy policy and practices have been developed in thoughtful collaboration with experts from the Google Health Advisory Council.
  2. Platform -- Google Health lets you automatically import information such as your doctors' records, your prescription history, and your test results into Google Health to easily access and control your data.
  3. Portability -- You can access and have control over your health data from anywhere. (For people who travel a lot.)

I don't really understand how anyone could pull something like this off in the world of HIPAA, but it sounds like it would be a timesaver.

What do you think?

About

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

23 comments
GSG
GSG

I don't trust Google. I don't want someone to google my name (such as a prospecitve employer) and find out that I have XYZ medical condition. And don't tell me that Google says it won't happen. It will. I also think it will be a cold day before they can gaurantee HIPAA compliance. I've worked in hospitals for almost 20 years, and it's hard enough for us to be HIPAA compliant. It might be fun to ask Google to see their HIPAA policies, and their BA (Business Associate agreements). Once they start carrying PHI (Personal Health Info), they will have to have a BA agreement with every single entity that they do business with. That means that if they hire a 3rd party company or contractor to clean their carpet, that person will have to sign a BA. If they don't and if I challenge them to produce it, then I could turn them in and they could get audited. That gets very expensive.

a.avallone
a.avallone

Is it true that since Google is not a health care organization and does not meet certain criteria that it does not have to be compliant to HIPAA? If this is accurate, why would anyone even consider using it?

bekk31
bekk31

Kiss your personal privacy goodbye completely.

bekk31
bekk31

Kiss yuor personal privacy goodbye completely.

Gast?n Nusimovich
Gast?n Nusimovich

When the likes of Google, Yahoo! and others have provided confidential records of given individuals to governments (like the PRC) with the excuse that it is lawful to do so, I wonder what will happen with confidential health records of individuals if the same types of laws and government regulations may apply.

120529-000107
120529-000107

The system will not be HIPAA compliant unless every person that comes in contact with the data has been trained, tested and has receieved written instructions. Even then, it is unlikely that critical information will be encrypted individually for maximum protection. And even HIPAA compliance did not stop a HIPAA-trained person at a HIPAA-compliant hospital from sell information to a tabloid. People snoop because it is human nature to want to know something "secret" or hidden. Besides, you should worry more that a simple administrative summons, not even a subpoena, can reveal your data to the world if it was among the data that was hacked... nobody says anything about the amount of data provided to the government or the hacker's lawyers in a breach of security prosecution.

GSG
GSG

Good point. If we printed our HIPAA policies, I wouldn't doubt that we'd fill at least 5 reams of paper. We had 10 Healthcare experts on a team take a year to develop our policies, and I currently perform random audits looking for violations. I just don't think that Google is ready for the ramifications.

120529-000107
120529-000107

1. No matter what you say, no doctor, clinic, or hospital will allow you to give them a USB-flash drive or any other electronic media to be used on their system. 2. No staff member is going to access your file on any website -- no matter how well you are known. 3. No doctor is going to wade through scads of test data and poorly written digitized notes in the short time period they have for an exam. 4. In an emergency, they will do their own triage and then order the tests that they feel are necessary at the moment. Baseline values and other information, if not presented almost instantly to the treating physician -- will be most likely ignored. Subsequent doctors will also be unlikely to read your material. 5. The formats used by Google and Microsoft are unlikely to match those used by doctors and their facilities -- so they are not compatible. Sad, but true, if you do not bring the important stuff with you and present it clearly within the first five minutes of the visit -- you are out of luck. Information given to the patient may exclude certain doctor's impressions and notes which may make the interpretation of the presented results somewhat sketchy. There is much more to the Google and Microsoft programs -- can you spell "commercialization" and monetization of your health records.

a.avallone
a.avallone

After many years of being a DBA of health information, I have transformed into a HIPAA Security and Privacy Officer and Trainer. Coming from an IT perspective, I see many risks with this plan and have similar concerns with the intended use, if and when, this takes off. Personal data is to be kept secure, confidential, free from being improperly altered and only available to those who are authorized to view and use the said information. I like Google and use their services on a daily basis, but this time, I think they may have gone too far. Google, please prove me wrong!

j.bryce.reeves
j.bryce.reeves

I can agree with the others here. My career in IT has been for Companies that do Electronic health and medical records or process Medical Billing claims. I really really don't see how they will comply with HIPPA very easily doing this. While I like Google, I will say I don't trust them enough to just accept this without them really proving that there will be no transfer of this information either to their partners or otherwise.

sthurman
sthurman

I am beginning to think Google was somehow purchased by the Bush administration a few years back. Both seem to act as if they are entitled to others private information, selling it as a benefit to society. Good thing I only visit witch doctors.

khauser
khauser

I work for a company named MedeFile International. In brief, MedeFile is an electronic medical records management service that collects, digitizes, stores, and organizes all of our member's ACTUAL medical records. MedeFile gives you the member, the ability to access your complete medical history 24 hours a day, 7 days a week, from virtually anywhere in the world. In addition, we provide each full MedeFile member with a MedeDrive. The MedeDrive is a portable USB device that works with any Windows based PC. This device simply plugs in to a USB port and instantly auto loads that member's vital emergency information (Allergies, Medications, Medical Alerts, Emergency Contacts, etc). The MedeDrive also has a password protected area that contains all of that member's ACTUAL medical records as well. Our system also provides for the storage of Advanced Directives (living Wills, DNR's, Health Care Proxies) The MedeDrive does NOT require any internet connection to view its contents, and can be updated anytime with no additional charges. We have been featured on various news segments with regard to the devastating Hurricanes we have seen in the recent years. We do not sell or mine any data. All information is encrypted. MedeFile also may qualify as a medical expense under a Medical Information Plan in IRS Publication 502. We unlike Google will go out to not just "partners" but any and all providers of our members. I urge you to visit our website at www.medefile.com for more information. Please feel free to contact me with any questions that you may have. Thank you in advance.

elmidwill
elmidwill

I dont't know who would want all their personal health information at the finger tip of google executives. I think what Google will eventually do is market Google Heath as a conduit for people to use, and lets say, save their information to a portable secure Flash Drive that the consumer owns. They will then capture the information and use it for demographic information for all their clients. Google will then sell this info to big drugs companies, who could care less about your health and probably all of their drugs are placebo anyways. Another win for big business.

bkamhi
bkamhi

I don't know. I try to be very protective of my privacy, but I've come to think that it's better to store personal data on some anonymous server somewhere on the farm than to keep it on my flash drive. Sooner or later my flash drive is bound to get lost or die, and then where am I? Plus, if I'm not encrypted the files, then a lost flash drive really could lead to an invasion of privacy. Now, I wouldn't put it past Google to mine my health files so that they can target me with specific ads, but maybe this is a good thing...maybe. Apart from that, I would want to be sure that the site is HIPAA compliant.

elmidwill
elmidwill

Well here is an idea; how about a Google health app, that runs on your iPhone, smart phone, whatever and the data is then encrypted on and you can send a kill command to it if it ever gets lost, and the kill fuction only erases your health documents - if you so choose. Much like the Iron key USB Flash Drive it would have a tamper proof mechanism. I was a little ambiguous in my last post, but my point is, it would seem if you have enough marketing dollar behind any venture you might be able to convince a broad spectrum of soctiety that the sky is green when in fact it isn't. Maybe, just maybe there are emough people out there to make this a profitable venture for Google but maybe there isn't - Only time will tell.

dschrishuhn
dschrishuhn

Google has been databasing hordes of information and since their only source of revenue is advertisements, I hardly want to volunteer my personal medical information. We, as a society, have become to dependent on convenience. For example, if someone loses a cell phone, we become helpless. I bet the majority don't even have their own mother's number memorized. So instead of depending on a file server in Mountain View California, why don't we better manage ourselves. We can scan and file just as easily. Along with Google Desktop, Streetview, and Earth, Google Health is another piece in building the ultimate online big brother. What is their obsession with collecting information?

rbrown
rbrown

I don't know about anyone else, but unless they are in compliance with HIPPA, I'm not using them. I certainly don't want my private records viewable by Google for potential advertising revenue from drug companies wanting to do targeted marketing. The idea is sound but the "cost" is too high for me.

Lordan
Lordan

Google Health and Microsoft Health Vault are coming. They have invested too much to halt production of their new products. What they know is that the Health sector in the USA will be the largest contributor to our Gross National/Domestic Product by the year 2015. They want their piece of the large healthcare pie. Just about every EMR(Electronic Medical Record) vendor already has their own version of a PHI(personal health record) in production or is working on one. The difficutly will be for the end user to decipher how to extract the information from the various/numerous PHI products. If this is not very obvious to the medical provider - they will not use it, or will require the patient to print it out and carry it in for their visit. This could force Healthcare providers to have kiosks where patients can come in to the clinic/hospital...connect to the internet and download/print the information they need at the visit, but they may not know what information is needed and this could force the healthcare provider to have triage type nurses that visit with the patient prior to the actual visit to help determine what info may be needed. This creates increased costs and security risks for healthcare companies, who will need to pass on the additional costs to the patient. The other side of this is that this type of product could be used by(and already is) individual companies to try to help bring down insurance premiums. Each employee would have their own PHI and would be asked to update information such as excercise levels and/or diet information. I have a friend who is a cancer survivor. He wears a pedometer everyday and downloads the information from the pedometer to his health insurance company. If he meets a certain quota...his premiums can be reduced by as much as 15-20%. These products create a huge risk for healthcare providers/phi vendors and mostly the patient themselves, but their are too many reasons why it will come anyway...we just need to figure out how to make it work well. I personally would prefer to stay away from google. They are in the "collecting information" business and that is what they are interested in doing. Do you think that they might be interested in knowing what meds you use and how they could use that info to target advertise.

Shellbot
Shellbot

Google Health Advisory Council ? What?? I can't wait for the : Google Childrearing Advisory Council or Google Morality Advisory Council or Google Safe Food Advisory Council ]:)

jck
jck

Google where to get a good beer Advisory Council ]:)

bkamhi
bkamhi

Health Insurance Portability and Accountability Act

a.avallone
a.avallone

Not to get away from the main topic of this discussion, but I agree...HIPAA! It is a major pet peeve of mine, especially when you see it printed wrong on official office forms.

gsveeb
gsveeb

I thought the information will be uploaded voluntarily by the ?patient?. So, where?s the problem? It?s just like any other piece of information about ourselves that we choose to post on the Internet.

Editor's Picks