Google Health Opens To the Public 199
Several readers noted that the limited pilot test of Google Health has ended, and Google is now offering the service to the public at large. Google Health allows patients to enter health information, such as conditions and prescriptions, find related medical information, and share information with their health care providers (at the patient's request). Information may be entered manually or imported from partnered health care providers. The service is offered free of charge, and Google won't be including advertising. The WSJ and the NYTimes provide details about Google's numerous health partners.
Yes, it has advertising, through "affiliates". (Score:5, Informative)
Yes, Google Health supports advertising. Spamming, even. Read the developer guidelines. [google.com] Google just doesn't run the ads themselves. That's outsourced to "affiliates".
There are some rules for affiliates, like "one spam per week per user" and "no popups or popunders". Other than that, consumers are fair game. In particular, affiliates are not prohibited from using Google health data to target ads, as long as they "disclose" that somewhere in their "privacy policy". The policy says "Only use Google Health user data for the purposes disclosed in your privacy policy, and obtain users' opt-in consent if personally identifiable health data will be used for ad targeting." So a bit of fine print, and the affiliate 0wns your health history.
It's a typical slimeball tactic - pretend to be the good guy, encourage "affiliates" to do the bad stuff.
Exactly (Score:5, Informative)
I agree 100% with GP. I even wrote Google to that effect. Not that I expect them to do anything with my feedback other than send it to the bitbucket.
This is a horrible, horrible precedent to set, allowing a 3rd party to have access to people's medical records without any protection under the law.
HIPPA *does* need to be updated, immediately, to cover online databases.
And the big deal is.. what? (Score:2, Informative)
I hereby authorize Google to share the health information contained in my Google Health profile(s) in its entirety, to only those entities and individuals I designate, for the purpose of providing me with medical care and for the purpose of sharing my information with others that I choose.
Re:Yes, it has advertising, through "affiliates". (Score:5, Informative)
And, Google isn't protecting your information via HIPAA because it can't - it's not a "covered entity" under the definition [hhs.gov] outlined in the law. (That is, they aren't a health provider, billing clearinghouse, or health plan.) Instead, they provide the Google Health Privacy Policy [google.com], which seems pretty reasonable. Like HIPAA, it allows them to disclose information when it seems like the government (US, in this case, as that's where the service is limited to) compels it. Before you get hot and bothered, HIPAA allows this too - it's how we tell get to CPS about abused children, for example.
I'm not new here, but I'm used to Slashdot readers being somewhat more informed before having a fit. As a covered entity myself (I'm a physician), I look forward to the day when the patients who come in saying they doubled the pink pills but lost the yellow ones they took for that surgery to remove that thigamajig have a hope of a secure information repository to clarify their history, and potentially save their bacon.
You misunderstand HIPPA (Score:5, Informative)
The way Google Health works is you give them your data and they store it.
Re:Privacy (Score:5, Informative)
Re:Privacy (Score:4, Informative)
Re:Privacy (Score:2, Informative)
http://www.google.com/health_hipaa.html [google.com]
Looks to me like Google is more private than HIPAA.
Re:Wow (Score:4, Informative)
Re:Exactly (Score:3, Informative)
Re:Privacy (Score:3, Informative)
Re:Exactly (Score:1, Informative)
YOU can release your records to Google, this would involve NO HIPAA issues.
If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).
Cheers,
Re:Why not? (Score:4, Informative)
Google is NOT a healthcare clearinghouse (you might reasonably think it meets the definition - I used to think it would as well, but covered clearinghouses are directly linked to care providers, the definition does not cover third party service providers (of medical devices, Customized off the shelf software etc.).
Regarding HIPAA applicability to google: any HIPAA CE (Covered Entity, which includes most of your health care providers who also use or maintain electronic patient data) MUST include terms in a contractual relationship with a BA (Business Associate - anyone the CE does business with involving patient data) which mirror HIPAA requirements (this is the "Business Associate Rule").
YOU can release your records to Google, this would involve NO HIPAA issues.
If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).
Re:Why not? (Score:3, Informative)
Re:Google Sex Life (Score:2, Informative)