Google Will Now Hide Personal Medical Records From Search Results (betanews.com)

← Back to Stories (view on slashdot.org)

Google Will Now Hide Personal Medical Records From Search Results (betanews.com)

Posted by msmash on Friday June 23, 2017 @03:20AM from the about-time dept.

Mark Wilson, writing for BetaNews: Google has updated its search policies without any sort of fanfare. The search engine now "may remove" -- in addition to existing categories of information -- "confidential, personal medical records of private people" from search results. That such information was not already obscured from search results may well come as something of a surprise to many people. The change has been confirmed by Google, although the company has not issued any form of announcement about it.

4 of 34 comments (clear)

Min score:

Reason:

Sort:

Hiding results is all fine, but... by Lead+Butthead · 2017-06-23 03:26 · Score: 3, Interesting

But do they still index and keep copies of it in house? (I bet real money they do.)

--
ELOI, ELOI, LAMA SABACHTHANI!?
Better Question by Voyager529 · 2017-06-23 03:30 · Score: 4, Insightful

Better question: Why are such records stored on servers sufficiently accessible that Google can index them in the first place?
1. Re:Better Question by Kazoo+the+Clown · 2017-06-23 03:51 · Score: 2
  
  People end up uploading their own information to public servers without realizing it. Or others, legitimately handling the information may end up not intending to make it public but store it in a location that ends up being insecure. This move by Google just sweeps it under the rug-- if it's publicly accessible, hiding it from search results doesn't make it suddenly inaccessible, it just means you can't use Google to find it. Only Google would think that makes it hard to find. If it's personal health information, it must have a "person" identified, and that person could, theoretically, be notified so they can "fix" the problem, or at least decide if they care...
2. Re:Better Question by clodney · 2017-06-23 04:46 · Score: 3, Interesting
  
  Better question: Why are such records stored on servers sufficiently accessible that Google can index them in the first place?
  Because there are no penalties for shitty security.
  Maybe, maybe not. In the USA, the HIPAA acts governs how medical providers and affiliates are required to deal with PHI (protected health information). There are indeed significant penalties associated with disclosure of PHI, and there is no exemption for malware or other bad actors. Even more alarming for the healthcare industry, HIPAA includes *personal* liability, not just corporate liability (http://managedhealthcareexecutive.modernmedicine.com/managed-healthcare-executive/content/tags/hipaa/hipaa-rule-makes-you-personally-liable), so PHI security is taken very seriously.
  But HIPAA doesn't govern what I can do with my own medical records - if I want to post them on a publicly accessible website that is just fine. And since records are required as input to all sorts of medical research and software development projects, anonymized and pseudonymized data is everywhere. I have personally seen CT studies claiming to be for Frodo Baggins, Meriadoc Brandybuck, and Daffy Duck. Those are not PHI and are not an issue under HIPAA, but I don't know whether or not Google would be smart enough to recognize these as not actual medical records.