Google Health Opens To the Public

Several readers noted that the limited pilot test of Google Health has ended, and Google is now offering the service to the public at large. Google Health allows patients to enter health information, such as conditions and prescriptions, find related medical information, and share information with their health care providers (at the patient's request). Information may be entered manually or imported from partnered health care providers. The service is offered free of charge, and Google won't be including advertising. The WSJ and the NYTimes provide details about Google's numerous health partners.

Privacy

[whoever57 (658626)]

I for one won't be using it while their terms of service explicitly states that HIPAA doesn't apply to Google.

Re:

[TubeSteak (669689)]

How do I opt-out?

Maybe the laws need to be re-written.
I can't imagine that Federal & State Law foresaw 3rd party control of medical files.

Exactly

[dreamchaser (49529)]

You don't opt out. You have to sign up and opt in for them to get your records.

I agree 100% with GP. I even wrote Google to that effect. Not that I expect them to do anything with my feedback other than send it to the bitbucket.

This is a horrible, horrible precedent to set, allowing a 3rd party to have access to people's medical records without any protection under the law.

HIPPA *does* need to be updated, immediately, to cover online databases.

You misunderstand HIPPA

[dreamchaser (49529)]

Your medical provider is covered by HIPPA and CANNOT release your records to a third party without your consent. When you go to a new doctor they generally make you sign something saying they can share it with your insurance company, who also cannot share it with Google without your consent.

The way Google Health works is you give them your data and they store it.

Re:

[Evanisincontrol (830057)]

Only online access provided by medical providers that are explicitly covered under the Act. This new generation of info-providers such as Google, MS, etc. are NOT covered by HIPPA. Even the Government has said so (link is posted elsewhere in this discussion by someone).

That is the third time in a row you've referred to the HIPAA (Health Insurance Portability and Accountability Act) [wikipedia.org] as "HIPPA", even after being corrected by someone else. Is there some reason you keep doing this?

Re:

[Seoulstriker (748895)]

That's because... HIPAA doesn't apply to Google by nature of the law of HIPAA. You know absolutely nothing about the actual letter of HIPAA law by making a statement such as yours.

Re:

[Uncle Focker (1277658)]

That's because... HIPAA doesn't apply to Google by nature of the law of HIPAA.

That was... sort of the point.

Re:

[Seoulstriker (748895)]

Google does not provide medical services, which is why they are not bound to the provisions of HIPAA. HIPPA is a regulation of privacy and portability for providers of medical services, not for companies that act as a storage medium for your personal health information. If people use Excel to store their medical records, will Microsoft somehow be responsible for complying with HIPAA? Of course not.

Re:Privacy

[kabocox (199019)]

I for one won't be using it while their terms of service explicitly states that HIPAA doesn't apply to Google.

I don't trust Google. I'm of the opinion that companies have to obey the rules/laws of government. I'd rather "trust" the government if they said that HIPAA doesn't apply to Google rather than Google saying that HIPAA doesn't apply to them. There is a part of me that actually hopes that Google gets slapped by the government for violating HIPAA.

Re:Privacy

[morgan_greywolf (835522)]

Okay, here is the government telling you that HIPAA doesn't apply to Google [hhs.gov]. Google isn't a health care provider, nor is it a health care insurance plan, nor is it a health care clearinghouse, by the legal definitions of those terms (check the law if you like), so, no, HIPAA most certainly does not apply to Google or any other company or entity providing a similar service.

Why not?

[RealityThreek (534082)]

Why isn't Google a health care clearinghouse?

Health care clearinghouses include billing services, repricing companies, community health management information systems, and value-added networks and switches if these entities perform clearinghouse functions.

I'm certainly no expert but I do speak english. Is Google not a "community health management information system"?

Re:Why not?

[by Anonymous Coward]

Google is NOT a healthcare clearinghouse (you might reasonably think it meets the definition - I used to think it would as well, but covered clearinghouses are directly linked to care providers, the definition does not cover third party service providers (of medical devices, Customized off the shelf software etc.).

Regarding HIPAA applicability to google: any HIPAA CE (Covered Entity, which includes most of your health care providers who also use or maintain electronic patient data) MUST include terms in a contractual relationship with a BA (Business Associate - anyone the CE does business with involving patient data) which mirror HIPAA requirements (this is the "Business Associate Rule").

YOU can release your records to Google, this would involve NO HIPAA issues.

If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).

Re:

[Koiu Lpoi (632570)]

Neither am I an expert, but my knowledge [answers.com] of clearinghouses says that they need to do things like move checks, money transfers, and whatnot. I don't think just "storing information" qualifies, unfortunately.

Re:Privacy

[ChristopherEddie (935213)]

In times like these, I would trust Google over the government ANY DAY! I'd rather have a creative, for-profit company actually try to make a difference than have the government dick around with tax dollars that companies like Google will end up generating anyway.

Re:Privacy

[jdray (645332)]

For those who don't want to go digging for the crunchy bits:

If you create, transmit, or display health or other information while using Google Health, you may provide only information that you own or have the right to use. When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

Re:

[scamper_22 (1073470)]

I'm Canadian, and I signed in to Google Health just to check it out.
I find the privacy concerns a bit off beat.

I do online banking.
I file my taxes online...

When is there such sensitivity about my health data. As far I see, it is password protected, and as long as the data is not shared with people outside my 'approved list', I have no issue with it. Google might eventually adopt HIPAA, but I seriously doubt Google will be freely sharing your private information with health insurance providers without your

Wow

[Oxy the moron (770724)]

I'm quite torn here. On the one hand, having so much information readily available in one spot is rather exciting. This is especially true if Google doesn't just cave in to "Big Pharma" and allows you to see "alternative" or "herbal" remedies for prescriptions or OTC drugs you have entered.

OTHO, Google having all that information about my medical condition in one place is somewhat disturbing... Aside from rational or irrational fears about Google having this information, aren't there HIPPA issues to be

Re:

[thermian (1267986)]

What bothers me is that all this is built on top of tcp/ip, and that is inherently insecure.
Given that there exists hardware to inspect packets for p2p traffic, how hard would it be to for a person of unpleasant intent to get hold of some of that and start mining 'encrypted' health information.

I can see it now, 'want to get health insurance again? Pay us x dollars or we expose condition y to your health insurance provider.'

Come to think of it, all they'd need to do is pretend they had the info, someone woul

Re:

[MarkWatson (189759)]

I just joined, but have not entered any data - it runs using HTTPS, not HTTP

Re:Wow

[TubeSteak (669689)]

I can see it now, 'want to get health insurance again? Pay us x dollars or we expose condition y to your health insurance provider.'

Many States have laws that prevent an insurer from charging sick people a higher premium.
In other words, if you are in their State, you have to follow their rules, and their rules say your price isn't affected by "condition y".

On a related note, I read an article [slate.com] stating that part of a McCain proposal would allow insurance companies to change their legal residency for the purpose of using another State's insurance rules. In other words, a New York insurance company can pay taxes in Arizona and use their insurance rules.

Re:

[FishWithAHammer (957772)]

If you're a higher risk, you have to provide a higher reward to the company in order to be accepted. Your higher risk is only offset to a degree by their lower risk, and if they know up-front that you're a higher risk there's no reason not to take that into account ahead of time.

Re:Wow

[Bill, Shooter of Bul (629286)]

And I don't want them caving into "big infomercial" sleazeballs that tell use phrases like "Big Pharma" to try and persuade potential customers to buy their scientifically unproven snake oil instead.

Re:Wow

[Uncle Focker (1277658)]

This is especially true if Google doesn't just cave in to "Big Pharma" and allows you to see "alternative" or "herbal" remedies for prescriptions or OTC drugs you have entered.

Ugh, I hope Google Health doesn't become such a nexus of snake oil salesmen. Hopefully they will have minimum requirements for the scientific accuracy of medical claims to weed out this nonsense. If you want to be peddled placebos, just stick to Kevin Trudeau and his ilk's infomercials. We don't need Google Health to be infected with such a taint.

Re:Wow

[kestasjk (933987)]

I had a cold, had some herbal medicine, a few days later my cold was gone. Explain that!

Re:Wow

[Uncle Focker (1277658)]

I had a cold, had some herbal medicine, a few days later my cold was gone.

I had a cold, didn't take a placebo, a few days later my cold was also gone.

Explain that!

Your immune system did it's job. That's what it's there for.

Re:Wow

[Koiu Lpoi (632570)]

Your sense of humor called, it's enjoying palm beach with the kids.

Uh oh...

[getto man d (619850)]

I can see "Need Liver or Kidneys?" coming about in the recommended searches.

Re:Uh oh...

[Pyrrus (97830)]

I'm concerned about what happens when they combine information about who has healthy kidneys with streetview. And put google ads offering discounts on bathtubs and ice.

Re:

[moderatorrater (1095745)]

I don't think it's legal for Google to advertise for human body parts. I can see a lot of travel firms advertising for trips to Mexico on this site, however.

Umm

[MooseMuffin (799896)]

Should I be afraid yet?

I don't feel good, time for Google!

[hyperz69 (1226464)]

Let's enter, Chest Pain, Left Arm Numb, Smells of Toast! Ohhh I can earn 950 a day working at home... Let's click that... hey I won a free Ipod... today is my luc. *beeeeeeeeeeeeep*

This is actually Google's spam fighting measure

[140Mandak262Jamuna (970587)]

All people needing viagra will be notified of cheap imported viagra by Google, and the spammers will lose all their market!

Just wait till you hear about the plan they have to go after the Nigerian 409 scammers.

April Fools, right

[hey (83763)]

This reads like a joke.

Google Organ Search

[JeremyGNJ (1102465)]

I'm getting ready to start googling for an organ doner when my liver finally gives up on me.

Disclaimer Needed

[xpuppykickerx (1290760)]

Hopefully people will be smart enough to go visit a real doctor, rather than listen to the internet about all their life's little concerns. Sometimes symptoms may be generic to multiple conditions and self diagnosis can do more harm than help. Maybe this will set Darwinism to work at it's full potential.

Re:Disclaimer Needed

[Kimos (859729)]

In my Canadian province we have a government funded public health nurse phone line line. It exists for people to phone in and speak to a nurse about whatever health problem they're having, and the nurse can give advice on over the counter medication or home treatments, but will always differ to "go see a doctor" as needed. They keep a record of your calls so you can follow up on advice given and changes in your condition. It's really a very good service.

It exists to alleviate line ups in walk-in clinics and emergency rooms by keeping some of the people with less serious problems from having to go down and see a doctor. This service looks like it will serve a similar purpose.

google information horde

[pha7boy (1242512)]

so, google will have your surfing profile, your financial information, tons of images of you, your house, your friends, your networks, and how will add to it your health information. You know, Big Brother can be a government, but it can also be a corporation. Even one that claims not to do any evil.

Re:

[alen (225700)]

the government uses ChoicePoint for it's information needs to bypass laws that prohibit it from gathering data on citizens. Google health can end up selling health data to anyone who asks for any reason

Yes, it has advertising, through "affiliates".

[Animats (122034)]

Yes, Google Health supports advertising. Spamming, even. Read the developer guidelines. [google.com] Google just doesn't run the ads themselves. That's outsourced to "affiliates".

There are some rules for affiliates, like "one spam per week per user" and "no popups or popunders". Other than that, consumers are fair game. In particular, affiliates are not prohibited from using Google health data to target ads, as long as they "disclose" that somewhere in their "privacy policy". The policy says "Only use Google Health user data for the purposes disclosed in your privacy policy, and obtain users' opt-in consent if personally identifiable health data will be used for ad targeting." So a bit of fine print, and the affiliate 0wns your health history.

It's a typical slimeball tactic - pretend to be the good guy, encourage "affiliates" to do the bad stuff.

Re:Yes, it has advertising, through "affiliates".

[dmr001 (103373)]

Oy vey, you folks need to take a step back. The above guidelines refer to other service providers that users can opt in to and share their history with. Google is simply limiting their ability to annoy you, should you choose to opt in.

And, Google isn't protecting your information via HIPAA because it can't - it's not a "covered entity" under the definition [hhs.gov] outlined in the law. (That is, they aren't a health provider, billing clearinghouse, or health plan.) Instead, they provide the Google Health Privacy Policy [google.com], which seems pretty reasonable. Like HIPAA, it allows them to disclose information when it seems like the government (US, in this case, as that's where the service is limited to) compels it. Before you get hot and bothered, HIPAA allows this too - it's how we tell get to CPS about abused children, for example.

I'm not new here, but I'm used to Slashdot readers being somewhat more informed before having a fit. As a covered entity myself (I'm a physician), I look forward to the day when the patients who come in saying they doubled the pink pills but lost the yellow ones they took for that surgery to remove that thigamajig have a hope of a secure information repository to clarify their history, and potentially save their bacon.

Re:

[Uncle Focker (1277658)]

but I'm used to Slashdot readers being somewhat more informed before having a fit.

Since when did this ever happen? I think you're making stuff up.

Re:

[TheGratefulNet (143330)]

sorry, but I can't trust a poster who starts out with 'oy vey' and ends with '...bacon'.

pick one and be consistent.

missing drug side effects

[jonpublic (676412)]

I am dealing with a rare side effect from a fluoroquinolone, (think cipro, levaquin) called peripheral neuropathy. I plugged the antibiotic into google health and the side effect was not listed on the package insert. While its good to have drug interactions listed, lots of people have side effects from drugs and they need to be explicitly spelled out, not hiding in a sub menu.

I know for a fact that there is explicit warnings on the packages about this particular reaction and I'm livid it isn't warning about it on the package insert in google. Especially since it can be permanent.

I've racked up a couple thousand dollars in medical bills already from this side effect, and it was a pain to get doctors to admit it happened until I went to a major university hospital. At that hospital they diagnosed me right away and basically said I'd have to wait it out.

If you are curious, basically I couldn't walk for over a week, terrible joint pain for months along with numbness in my hands, face, and body. Its a known side effect with this class. Rare, but known.

"How does Google make money off Google Health?"

[kiscica (89316)]

6. If it's free, how does Google make money off Google Health?
Much like other Google products we offer, Google Health is free to anyone who uses it. There are no ads in Google Health. Our primary focus is providing a good user experience and meeting our users' needs.

I've heard enough. I don't know what their long-term plan for monetizing Google Health is, and I don't really care now. I don't trust Google enough to consider even for a second entrusting my health care information to them (and I say this as someone who has thought very highly of the company since the beginning). And their weasly answer to the obvious question above, I think, justifies my mistrust.

Every for-profit company's primary focus is - making a profit. There's nothing whatsoever wrong with this, and the ideal situation arises when "providing a good user experience and meeting [...] users' needs" is aligned with the profit motive.

So why they can't be honest about their motivations in undertaking an expensive, large-scale project like this -- whatever those motivations are -- instead of trying to make us believe that they're doing it "out of the goodness of their hearts?" All their mealy-mouthedness accomplishes is to raise the suspicion that they've got something nasty up their sleeves. And that ensures that many users, including me, will never entrust their most private of private data to Google.

Re:"How does Google make money off Google Health?"

[SCHecklerX (229973)]

And you trust your health insurance companies? Their sole purpose is to make profit. We'd be much much better off without them, paying doctors and hospitals directly.

Google Sex Life

[LM741N (258038)]

Thats the service I want to see offered. With the posting of photos and movie clips allowed. They can build a virtual community of porno providers and consumers. Wait- thats YouTube.

Note to users: Change your GMail password

[chord.wav (599850)]

Remember that social site that fooled you to get your gmail account and password so you can "invite" all your friends? Remember that someone told you not to do so because is wasn't safe to make your password public but you didn't listen?

Well, now you just got a shinny new Penile Prosthesis Insertion - Non-inflatable AND a Penile Prosthesis Insertion- Inflatable.

Have a nice day.

This can help us find the "bad" doctors & loca

[ivi (126837)]

After [Queensland] Australia's & other "Doctor Death" tragedies (in which doctors' many errors have left patients much worse off, or dead...) and other situations, in which doctors sexually abuse or just undulu fondle patients, as part of their "treatment" - a partly public online data base might be just what we need to help find & eradicate "bad" medical professionals.

Let Google Health be modified to compile results of medical procedures - by the practitioner(s), who perform them - and compare longer-term performance with expected failure & complication rates across the hospital...

and then compare each hospital's rates to "best practice" - ...ie, to see if practitioners and/or hospitals need retraining or further investigation.

We could also get very useful (even valuable) data on risks of working / living in certain areas, eg, by post code... if correlations between location and diseases are available to all via Google Health.

Mapping sources of pollutions & overlaying incidence rate contour lines onto the same maps, might affect property prices... giving folks another [if economic] reason to cleanup the mess before people would move to a new development/location.

Gov't-held data is already held & analyzed, around the world, to support such analyses; eg:

While in South Australia, attending a Data Mining seminar (atop the EDS building in Adelaide), I heard some public sector IT managers report how Data Mining - even in -existing- Public Health Service databases - showed useful patterns of disease occuramces vs postcode...
but another public sector IT manager was quick to poit out that such results would not be made known to members of the public.

(Tell me: Does this kind of data hiding happen in such places as Sweden? I hope not... but give me the facts & some URLs where they are available; yes, some of us read Swedish here... ;-)

Re:

[Azghoul (25786)]

I didn't realize it was mandatory for US citizens to use this service.

Good to know.

Also good to know that companies will be using our health history against us. Because they all care about us, individually.

Weasel words...

[AtariDatacenter (31657)]

These documents and subdocuments are so full of weasel words, Google could practically do anything they want. Example:

However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law.

"YOU did not provide this information. Your doctor's office provided the information, so it is exempt from these policies."

See? It took me just a quick glance to find a huge conditional that is subject to interpretation. Don't think that