Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Google Health Opens To the Public

Posted by kdawson on Tuesday May 20, @03:11PM
from the take-two-aspirin-and-don't-call-me-ever dept.
Google Medicine
Several readers noted that the limited pilot test of Google Health has ended, and Google is now offering the service to the public at large. Google Health allows patients to enter health information, such as conditions and prescriptions, find related medical information, and share information with their health care providers (at the patient's request). Information may be entered manually or imported from partnered health care providers. The service is offered free of charge, and Google won't be including advertising. The WSJ and the NYTimes provide details about Google's numerous health partners.

Related Stories

[+] IT: Google to Offer Online Personal Health Records 242 comments
hhavensteincw writes "Less than two weeks after Microsoft announced plans to offer personal health records, Google announced today that it plans to offer online personal health records to help patients tote and store their own x-rays and other health data. Google made the announcement Wednesday at the Web 2.0 Summit in San Francisco."
[+] Science: Google to Begin Storing Patients' Health Records 214 comments
mytrip writes with news that Google's health record archive is about to be tested with the assistance of the Cleveland Clinic. Thousands of patients (who must approve the transfer of information) will have access to everything from their medical histories to lab results through what Google considers a "logical extension" of their search engine. We discussed the planning of this system last year. "Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that's also required to use other Google services such as e-mail and personalized search tools. The health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions. Prodded by the criticism, Google last year introduced a new system that purges people's search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department's demand to examine millions of its users' search requests in a court battle two years ago."
Firehose:Google Health by wwhsgrad2002 (698991)
[+] Science: Delving Into Google Health's Privacy Concerns 121 comments
SecureThroughObscure writes "Security researcher Robert 'RSnake' Hansen discusses numerous concerns with Google's new Google Health application, which aims to integrate user's medical records online. We discussed Google Health's opening to the public earlier this week. RSnake mentions that Google has found a loophole allowing them to provide this service without having to follow HIPAA regulations, which, combined with Google's track record of having numerous flaws leading to private information disclosure, draws serious concern. Security researcher Nate McFeters of ZDNet's Zero-Day Security Blog also commented on the article, mentioning several past vulnerabilities: ownership of content issues, Google Docs theft, a cross-domain hole, Google XSS, and a Google Picasa protocol handler issue leading to the theft of user images. He and fellow researcher Billy Rios disclosed these issues to Google, including the ability to steal GMail contact list information. McFeters says it's likely that similar unpatched bugs would allow an attacker to view medical records if a user was also using Google Health. Both McFeters and Hansen tend to agree that Google's vulnerability disclosure/notification is non-existent and really needs to be improved. Currently, Google does not report vulnerabilities it has fixed to its user base, for the obvious reason of trying to hide the fact that user data could have been stolen."
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Google Health Opens To the Public 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • Privacy (Score:5, Insightful)

    by whoever57 (658626) on Tuesday May 20, @03:15PM (#23480468) Journal
    I for one won't be using it while their terms of service explicitly states that HIPAA doesn't apply to Google.

    • Re:Privacy (Score:5, Insightful)

      by kabocox (199019) on Tuesday May 20, @03:46PM (#23480980)
      I for one won't be using it while their terms of service explicitly states that HIPAA doesn't apply to Google.

      I don't trust Google. I'm of the opinion that companies have to obey the rules/laws of government. I'd rather "trust" the government if they said that HIPAA doesn't apply to Google rather than Google saying that HIPAA doesn't apply to them. There is a part of me that actually hopes that Google gets slapped by the government for violating HIPAA.

      • Re:Privacy (Score:5, Informative)

        by morgan_greywolf (835522) * on Tuesday May 20, @03:55PM (#23481128) Homepage Journal
        Okay, here is the government telling you that HIPAA doesn't apply to Google [hhs.gov]. Google isn't a health care provider, nor is it a health care insurance plan, nor is it a health care clearinghouse, by the legal definitions of those terms (check the law if you like), so, no, HIPAA most certainly does not apply to Google or any other company or entity providing a similar service.

        • Why not? (Score:5, Insightful)

          by RealityThreek (534082) on Tuesday May 20, @05:35PM (#23482936)
          Why isn't Google a health care clearinghouse?

          Health care clearinghouses include billing services, repricing companies, community health management information systems, and value-added networks and switches if these entities perform clearinghouse functions.
          I'm certainly no expert but I do speak english. Is Google not a "community health management information system"?

          • Re:Why not? (Score:4, Informative)

            by Anonymous Coward on Tuesday May 20, @06:39PM (#23483938)


            Google is NOT a healthcare clearinghouse (you might reasonably think it meets the definition - I used to think it would as well, but covered clearinghouses are directly linked to care providers, the definition does not cover third party service providers (of medical devices, Customized off the shelf software etc.).

            Regarding HIPAA applicability to google: any HIPAA CE (Covered Entity, which includes most of your health care providers who also use or maintain electronic patient data) MUST include terms in a contractual relationship with a BA (Business Associate - anyone the CE does business with involving patient data) which mirror HIPAA requirements (this is the "Business Associate Rule").

            YOU can release your records to Google, this would involve NO HIPAA issues.

            If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).

      • Re:Privacy (Score:5, Interesting)

        by ChristopherEddie (935213) on Tuesday May 20, @06:31PM (#23483826)
        In times like these, I would trust Google over the government ANY DAY! I'd rather have a creative, for-profit company actually try to make a difference than have the government dick around with tax dollars that companies like Google will end up generating anyway.

    • Re:Privacy (Score:4, Informative)

      by jdray (645332) on Tuesday May 20, @03:55PM (#23481134) Homepage Journal
      For those who don't want to go digging for the crunchy bits:

      If you create, transmit, or display health or other information while using Google Health, you may provide only information that you own or have the right to use. When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

      • Exactly (Score:5, Informative)

        by dreamchaser (49529) on Tuesday May 20, @03:40PM (#23480854) Homepage Journal
        You don't opt out. You have to sign up and opt in for them to get your records.

        I agree 100% with GP. I even wrote Google to that effect. Not that I expect them to do anything with my feedback other than send it to the bitbucket.

        This is a horrible, horrible precedent to set, allowing a 3rd party to have access to people's medical records without any protection under the law.

        HIPPA *does* need to be updated, immediately, to cover online databases.

          • You misunderstand HIPPA (Score:5, Informative)

            by dreamchaser (49529) on Tuesday May 20, @03:55PM (#23481126) Homepage Journal
            Your medical provider is covered by HIPPA and CANNOT release your records to a third party without your consent. When you go to a new doctor they generally make you sign something saying they can share it with your insurance company, who also cannot share it with Google without your consent.

            The way Google Health works is you give them your data and they store it.

  • Uh oh... (Score:4, Funny)

    by getto man d (619850) on Tuesday May 20, @03:16PM (#23480478)
    I can see "Need Liver or Kidneys?" coming about in the recommended searches.
  • All people needing viagra will be notified of cheap imported viagra by Google, and the spammers will lose all their market!

    Just wait till you hear about the plan they have to go after the Nigerian 409 scammers.

  • google information horde (Score:5, Insightful)

    by pha7boy (1242512) on Tuesday May 20, @03:27PM (#23480676)
    so, google will have your surfing profile, your financial information, tons of images of you, your house, your friends, your networks, and how will add to it your health information. You know, Big Brother can be a government, but it can also be a corporation. Even one that claims not to do any evil.

  • Yes, Google Health supports advertising. Spamming, even. Read the developer guidelines. [google.com] Google just doesn't run the ads themselves. That's outsourced to "affiliates".

    There are some rules for affiliates, like "one spam per week per user" and "no popups or popunders". Other than that, consumers are fair game. In particular, affiliates are not prohibited from using Google health data to target ads, as long as they "disclose" that somewhere in their "privacy policy". The policy says "Only use Google Health user data for the purposes disclosed in your privacy policy, and obtain users' opt-in consent if personally identifiable health data will be used for ad targeting." So a bit of fine print, and the affiliate 0wns your health history.

    It's a typical slimeball tactic - pretend to be the good guy, encourage "affiliates" to do the bad stuff.

    • Oy vey, you folks need to take a step back. The above guidelines refer to other service providers that users can opt in to and share their history with. Google is simply limiting their ability to annoy you, should you choose to opt in.

      And, Google isn't protecting your information via HIPAA because it can't - it's not a "covered entity" under the definition [hhs.gov] outlined in the law. (That is, they aren't a health provider, billing clearinghouse, or health plan.) Instead, they provide the Google Health Privacy Policy [google.com], which seems pretty reasonable. Like HIPAA, it allows them to disclose information when it seems like the government (US, in this case, as that's where the service is limited to) compels it. Before you get hot and bothered, HIPAA allows this too - it's how we tell get to CPS about abused children, for example.

      I'm not new here, but I'm used to Slashdot readers being somewhat more informed before having a fit. As a covered entity myself (I'm a physician), I look forward to the day when the patients who come in saying they doubled the pink pills but lost the yellow ones they took for that surgery to remove that thigamajig have a hope of a secure information repository to clarify their history, and potentially save their bacon.

  • missing drug side effects (Score:5, Interesting)

    by jonpublic (676412) on Tuesday May 20, @03:35PM (#23480772)
    I am dealing with a rare side effect from a fluoroquinolone, (think cipro, levaquin) called peripheral neuropathy. I plugged the antibiotic into google health and the side effect was not listed on the package insert. While its good to have drug interactions listed, lots of people have side effects from drugs and they need to be explicitly spelled out, not hiding in a sub menu.

    I know for a fact that there is explicit warnings on the packages about this particular reaction and I'm livid it isn't warning about it on the package insert in google. Especially since it can be permanent.

    I've racked up a couple thousand dollars in medical bills already from this side effect, and it was a pain to get doctors to admit it happened until I went to a major university hospital. At that hospital they diagnosed me right away and basically said I'd have to wait it out.

    If you are curious, basically I couldn't walk for over a week, terrible joint pain for months along with numbness in my hands, face, and body. Its a known side effect with this class. Rare, but known.

  • 6. If it's free, how does Google make money off Google Health?
    Much like other Google products we offer, Google Health is free to anyone who uses it. There are no ads in Google Health. Our primary focus is providing a good user experience and meeting our users' needs.

    I've heard enough. I don't know what their long-term plan for monetizing Google Health is, and I don't really care now. I don't trust Google enough to consider even for a second entrusting my health care information to them (and I say this as someone who has thought very highly of the company since the beginning). And their weasly answer to the obvious question above, I think, justifies my mistrust.

    Every for-profit company's primary focus is - making a profit. There's nothing whatsoever wrong with this, and the ideal situation arises when "providing a good user experience and meeting [...] users' needs" is aligned with the profit motive.

    So why they can't be honest about their motivations in undertaking an expensive, large-scale project like this -- whatever those motivations are -- instead of trying to make us believe that they're doing it "out of the goodness of their hearts?" All their mealy-mouthedness accomplishes is to raise the suspicion that they've got something nasty up their sleeves. And that ensures that many users, including me, will never entrust their most private of private data to Google.

    • Re:Wow (Score:4, Insightful)

      by Bill, Shooter of Bul (629286) on Tuesday May 20, @03:37PM (#23480814) Journal
      And I don't want them caving into "big infomercial" sleazeballs that tell use phrases like "Big Pharma" to try and persuade potential customers to buy their scientifically unproven snake oil instead.

    • Re:Wow (Score:5, Insightful)

      by Uncle Focker (1277658) on Tuesday May 20, @03:49PM (#23481040)

      This is especially true if Google doesn't just cave in to "Big Pharma" and allows you to see "alternative" or "herbal" remedies for prescriptions or OTC drugs you have entered.
      Ugh, I hope Google Health doesn't become such a nexus of snake oil salesmen. Hopefully they will have minimum requirements for the scientific accuracy of medical claims to weed out this nonsense. If you want to be peddled placebos, just stick to Kevin Trudeau and his ilk's infomercials. We don't need Google Health to be infected with such a taint.

      • Re:Wow (Score:4, Interesting)

        by TubeSteak (669689) on Tuesday May 20, @03:43PM (#23480916) Journal

        I can see it now, 'want to get health insurance again? Pay us x dollars or we expose condition y to your health insurance provider.'
        Many States have laws that prevent an insurer from charging sick people a higher premium.
        In other words, if you are in their State, you have to follow their rules, and their rules say your price isn't affected by "condition y".

        On a related note, I read an article [slate.com] stating that part of a McCain proposal would allow insurance companies to change their legal residency for the purpose of using another State's insurance rules. In other words, a New York insurance company can pay taxes in Arizona and use their insurance rules.

    • Re:Disclaimer Needed (Score:4, Interesting)

      by Kimos (859729) <kimos@slashdot.gmail@com> on Tuesday May 20, @04:21PM (#23481678) Homepage
      In my Canadian province we have a government funded public health nurse phone line line. It exists for people to phone in and speak to a nurse about whatever health problem they're having, and the nurse can give advice on over the counter medication or home treatments, but will always differ to "go see a doctor" as needed. They keep a record of your calls so you can follow up on advice given and changes in your condition. It's really a very good service.

      It exists to alleviate line ups in walk-in clinics and emergency rooms by keeping some of the people with less serious problems from having to go down and see a doctor. This service looks like it will serve a similar purpose.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.