New From Google: “Google Privacy Disaster Waiting to Happen”
by John Paczkowski
Posted on February 21, 2008 at 4:01 PM PT
There’s an estimated $1 billion to be had in health-search advertising, and though Google (GOOG) won’t admit it, it’s clear the company has designs on it.
Today the search sovereign announced a pilot program with the Cleveland Clinic that will enable the health-care organization’s patients to store their health records in their Google Accounts. The clinic plans to enroll up to 10,000 patients in the program, which will allow them to securely port their medical records to their Google profiles, where they can be more easily managed and shared with doctors, labs and the like.
Of course, by making such records easier to share with medical providers, Google may be making them easier to “share” with less well-intentioned entities. Health insurance carriers. Potential employers. Online marketers. The government.
Google, too.
As the World Privacy Forum pointed out yesterday, companies like Google are not governed by the Health Insurance Portability and Accountability Act or HIPAA. “Don’t assume your medical records are protected no matter where they are: HIPAA privacy protections generally do not follow the health-care files,” the WPF warned. “HIPAA’s protections generally do not ‘travel’ with or follow a medical record that is disclosed to a third party outside the health-care treatment and payment system. … After you have disclosed your health care information to a PHR (Personal Health Records) outside the privacy protections of the health care system (HIPAA), your information can be used or redisclosed by the PHR in ways that would not be permitted for the same information if held by your doctor or health plan. Depending on the applicable privacy policy, health records outside of HIPAA can potentially be bought and sold, shared with merchants, and even disclosed to employers.”
Comments
People is really sensible to the confidentiality of their medical data. It is critical information.
The danger with Google Health and HealthVault is that somebody in the future crack their security systems.
Also the fact about a private company getting data about your health must concern us.
There is an alternative, http://www.keyose.com/, designed by the doctor that described the first case of Wiiitis, its philosophy is based on total anonymous users. A smart mechanism allows the store of clinical record without asking you any personal data (not even your email).
Confidentiality is in such a way assured.
Posted by Julio Bonis at February 22nd, 2008 at 6:40 pmMaybe patients can use contract law to enhance the privacy of their health records. http://hack-igations.blogspot......ivacy.html http://hack-igations.blogspot......ivacy.html
Posted by Benjamin Wright at February 25th, 2008 at 7:33 am