Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Health Opens To the Public

Posted by kdawson on from the take-two-aspirin-and-don't-call-me-ever dept.

Several readers noted that the limited pilot test of Google Health has ended, and Google is now offering the service to the public at large. Google Health allows patients to enter health information, such as conditions and prescriptions, find related medical information, and share information with their health care providers (at the patient's request). Information may be entered manually or imported from partnered health care providers. The service is offered free of charge, and Google won't be including advertising. The WSJ and the NYTimes provide details about Google's numerous health partners.

15 of 199 comments (clear)

  1. Yes, it has advertising, through "affiliates". by Animats · · Score: 5, Informative

    Yes, Google Health supports advertising. Spamming, even. Read the developer guidelines. Google just doesn't run the ads themselves. That's outsourced to "affiliates".

    There are some rules for affiliates, like "one spam per week per user" and "no popups or popunders". Other than that, consumers are fair game. In particular, affiliates are not prohibited from using Google health data to target ads, as long as they "disclose" that somewhere in their "privacy policy". The policy says "Only use Google Health user data for the purposes disclosed in your privacy policy, and obtain users' opt-in consent if personally identifiable health data will be used for ad targeting." So a bit of fine print, and the affiliate 0wns your health history.

    It's a typical slimeball tactic - pretend to be the good guy, encourage "affiliates" to do the bad stuff.

    1. Re:Yes, it has advertising, through "affiliates". by dmr001 · · Score: 5, Informative
      Oy vey, you folks need to take a step back. The above guidelines refer to other service providers that users can opt in to and share their history with. Google is simply limiting their ability to annoy you, should you choose to opt in.

      And, Google isn't protecting your information via HIPAA because it can't - it's not a "covered entity" under the definition outlined in the law. (That is, they aren't a health provider, billing clearinghouse, or health plan.) Instead, they provide the Google Health Privacy Policy, which seems pretty reasonable. Like HIPAA, it allows them to disclose information when it seems like the government (US, in this case, as that's where the service is limited to) compels it. Before you get hot and bothered, HIPAA allows this too - it's how we tell get to CPS about abused children, for example.

      I'm not new here, but I'm used to Slashdot readers being somewhat more informed before having a fit. As a covered entity myself (I'm a physician), I look forward to the day when the patients who come in saying they doubled the pink pills but lost the yellow ones they took for that surgery to remove that thigamajig have a hope of a secure information repository to clarify their history, and potentially save their bacon.

  2. Exactly by dreamchaser · · Score: 4, Informative

    You don't opt out. You have to sign up and opt in for them to get your records.

    I agree 100% with GP. I even wrote Google to that effect. Not that I expect them to do anything with my feedback other than send it to the bitbucket.

    This is a horrible, horrible precedent to set, allowing a 3rd party to have access to people's medical records without any protection under the law.

    HIPPA *does* need to be updated, immediately, to cover online databases.

    1. Re:Exactly by Evanisincontrol · · Score: 2, Informative

      Only online access provided by medical providers that are explicitly covered under the Act. This new generation of info-providers such as Google, MS, etc. are NOT covered by HIPPA. Even the Government has said so (link is posted elsewhere in this discussion by someone). That is the third time in a row you've referred to the HIPAA (Health Insurance Portability and Accountability Act) as "HIPPA", even after being corrected by someone else. Is there some reason you keep doing this?
    2. Re:Exactly by Anonymous Coward · · Score: 1, Informative

      True BUT - any HIPAA CE (Covered Entity, which includes most of your health care providers who also use or maintain electronic patient data) MUST include terms in a contractual relationship with a BA (Business Associate - anyone the CE does business with involving patient data) which mirror HIPAA requirements (this is the "Business Associate Rule").

      YOU can release your records to Google, this would involve NO HIPAA issues.

      If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).

      Cheers,

  3. And the big deal is.. what? by josquint · · Score: 1, Informative

    so the first paragraph of the EULA:

    I hereby authorize Google to share the health information contained in my Google Health profile(s) in its entirety, to only those entities and individuals I designate, for the purpose of providing me with medical care and for the purpose of sharing my information with others that I choose.

  4. You misunderstand HIPPA by dreamchaser · · Score: 5, Informative

    Your medical provider is covered by HIPPA and CANNOT release your records to a third party without your consent. When you go to a new doctor they generally make you sign something saying they can share it with your insurance company, who also cannot share it with Google without your consent.

    The way Google Health works is you give them your data and they store it.

  5. Re:Privacy by morgan_greywolf · · Score: 5, Informative

    Okay, here is the government telling you that HIPAA doesn't apply to Google. Google isn't a health care provider, nor is it a health care insurance plan, nor is it a health care clearinghouse, by the legal definitions of those terms (check the law if you like), so, no, HIPAA most certainly does not apply to Google or any other company or entity providing a similar service.

    --
    My blog
  6. Re:Privacy by jdray · · Score: 3, Informative
    For those who don't want to go digging for the crunchy bits:

    If you create, transmit, or display health or other information while using Google Health, you may provide only information that you own or have the right to use. When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.
    --
    The Spoon
    Updated 6/28/2011
  7. Re:Privacy by fluffman86 · · Score: 2, Informative

    Correct, HIPAA doesn't apply to Google, but you should definitely read the differences between Google's Privacy Policy and HIPAA.

    http://www.google.com/health_hipaa.html

    Looks to me like Google is more private than HIPAA.

  8. Re:Wow by Uncle+Focker · · Score: 4, Informative

    I had a cold, had some herbal medicine, a few days later my cold was gone. I had a cold, didn't take a placebo, a few days later my cold was also gone.

    Explain that! Your immune system did it's job. That's what it's there for.
  9. Re:Privacy by Seoulstriker · · Score: 2, Informative

    Google does not provide medical services, which is why they are not bound to the provisions of HIPAA. HIPPA is a regulation of privacy and portability for providers of medical services, not for companies that act as a storage medium for your personal health information. If people use Excel to store their medical records, will Microsoft somehow be responsible for complying with HIPAA? Of course not.

    --
    I am defenseless. Use your button. Mod me down with all of your hatred.
  10. Re:Why not? by Anonymous Coward · · Score: 4, Informative



    Google is NOT a healthcare clearinghouse (you might reasonably think it meets the definition - I used to think it would as well, but covered clearinghouses are directly linked to care providers, the definition does not cover third party service providers (of medical devices, Customized off the shelf software etc.).

    Regarding HIPAA applicability to google: any HIPAA CE (Covered Entity, which includes most of your health care providers who also use or maintain electronic patient data) MUST include terms in a contractual relationship with a BA (Business Associate - anyone the CE does business with involving patient data) which mirror HIPAA requirements (this is the "Business Associate Rule").

    YOU can release your records to Google, this would involve NO HIPAA issues.

    If your Primary Care Provider is a CE (likely) and they contract with Google (as a health partner etc.) then the terms of that contract MUST include HIPAA protections (i.e. the CE must require, contractually, that the BA meet the same HIPAA requirements which the CE is subject to).

  11. Re:Why not? by Koiu+Lpoi · · Score: 2, Informative

    Neither am I an expert, but my knowledge of clearinghouses says that they need to do things like move checks, money transfers, and whatnot. I don't think just "storing information" qualifies, unfortunately.

  12. Re:Google Sex Life by ibjhb · · Score: 2, Informative

    http://www.google.com/romance/