Google Tentacles Grad Hold of Healthcare

Ars Technica formally announced it's acquisition by Conde Nast, which seems to tilt it more in favor of Ars Technica staying as is, only with deeper pockets. A hint of hiring, too, perhaps...

But the big news today is the public (beta) launch of Google Health, which, you can imagine, has added more fuel to the privacy fire. There are posts from the usual suspects, the Official Google Blog, Tech Crunch, Ars Technica, NYT, Tribune via AP...list goes on. Google Health was being tested by the Cleveland Clinic, and not surprisingly, there was a waiting list for the limited number of open slots for the test. The thinking seems to be that Google has built a strong brand, a trusted brand, so people will flock to the service without giving it a second thought. Those who do stop and think for a second ask: what about HIPPA?

Most people have heard of HIPPA, or the Health Insurance Portability and Accountability Act; it's impossible to see a doctor without signing something about it, but few understand exactly what it does. In a nutshell, it protects your health care information by setting standards for electronic transmission or exchange of data, it protects your health insurance coverage if you find yourself out of work or change jobs and has various other rules, such as privacy, transaction and code sets, etc. You can read a simplified version from Wikipedia, or the whole statute. There is also a section on the HHS Office of Civil Rights website.

HIPPA, you'll notice, is mysteriously, or perhaps purposefully, missing from Google Health. Actually, you can't even access Google Health without a Google Account, which makes sense after you've read the first point of their Privacy Policy:

You control who can access your personal health information. By default, you are the only user who can view and edit your information. If you choose to, you can share your information with others.

So unless you have my login information, you can't access my health information, or any other Google service normally accessed through a Google Account. Makes me feel slightly more secure, but then there is point two:

Google will not sell, rent, or share your information (identified or de-identified) without your explicit consent, except in the limited situations described in the Google Privacy Policy, such as when Google believes it is required to do so by law.

That makes me nervous. Having studied Google's Privacy Policy as part of my grad school education, I'm leary about Google products that store rather personal information. Yes, I use Blogger, I use Gmail, I use Google Docs, but not for anything I consider to be sensitive information. I don't, for example, keep track of my expenses through Google Docs. I don't do more than share and collaborate on documents that have little or no value if my account were to be compromised.

So its privacy policy is a little too open-ended for me. I like how it explicitly states that it will notify users of acquisitions, mergers and the like that may involve the transfer of personal information, but it says nothing about notifying users if the government, or some legal entity requests user information. I also find the wording of the "consent" phrase interesting:

We have your consent. We require opt-in consent for the sharing of any sensitive personal information.

It says "we have your consent" and then says opt-in is required. Not that opt-in is required and therefore, once you have opted-in, you have granted consent. Just the first phrase implies that once you create a Google Account, you have given them consent. How's that for being blunt.

Anyway, back to Google Health. The Privacy Policy for Google Health lists out the ways in which you, the user, control your information. You can delete information, and grant access, which basically means you open the flood gates. Surprise surprise. It expands on this, stating that if a website makes a copy of your information and stores it, then your information is now subject to that website's privacy policy, including HIPPA if the site owners must abide by HIPAA. Sounds as if you might be safer going with those that must abide by HIPPA. And, naturally, Google has its disclaimer about third-parties and not being liable..blah blah blah. I'd be curious to see how well that holds up if a site is infiltrated, and that infiltration leads to the hacking of Google Health. Imagine the treasure trove of information available. Yikes! Only need to think about the banking system to see how one might position oneself into such a situation.

It does seem as if Google Health is positioning itself as nothing more than a platform, but I'd wager this is only the start. It's too early to see what will really happen with Google Health. The privacy issues are expected, but people seem rather willing to trust Google, to a point. And there is something attractive about being able to access your health information from a central location.

And it may stay that way, for awhile, until a breach occurs or something happens that requires legal action but, alas, there is no legal recourse. Some creative lawyering may be needed.

The more I think about it, the more Google seems like the online equivalent of the Walt Disney Corporation: a country unto itself.

And Addemdum to Paging Dr. Google...

Yesterday I posted about Google playing health care specialist by serving up different options for terms it deems to be medically related, like "sore knee" or "depression" and so on. Today I came across this article in the Chicago Tribune about a study done, called "Googling for a Diagnosis" that was published in the British Medical Journal. BMJ also devotes an editorial to the idea of using a search engine like Google for diagnosing illnesses. The editorial introduces a word that has been tossed around Web 2.0 forums and over coffee tables at cafes where you find linguists in heated arguments. The word: semantics.

If you've done much search engine optimization, you know that search engines have slowly incorporated LSI agreements into algorithms. Most see it as a way to weed out much of the junk found on the Web by making grammar count. Part of that all-encompassing goal of generating the most relevant results for any given search query. The BMJ editorial builds on that idea, challenging search engines to "identify which words in a document represent symptoms, diagnoses, drug names, or parts of the body, let alone reason about these concepts."

Certainly would beat looking things up in the PDR now wouldn't it?

Paging Dr. Google...

This post on the Google Blog reminded me of this Op-Ed piece in the Chicago Tribune a couple months ago. Seems Google is trying to keep the health care industry off its mounting list of industries who have a bone to pick with the Internet giant.

Google is a natural choice these for initially finding information, and as the Google Blog post mentions, Google has modified its search results to include a list of other options like "treatment," "symptoms," "causes/risks" etc. That's all fine and dandy, and as with anything related to the Internet, there is a wealth of information from websites that are created solely for a particular issue or ailment, like depression.

But Google hasn't refined its medical term search quite as well as medical search engine websites like WebMD. Even Google displays results from WebMD. Google "sore knee" for example, and the first result is from WebMD. Has to do with home treatment, and that makes me wonder why not just start with a medical search engine like WebMD which gives your results that relate to sore knees and not knee injuries of college athletes?

WebMD is a start in the right direction, and my guess is Google will try to trump it and add the organization of health care information to its list of "do no evil" deeds. Does that include medical records?

It's one thing to organize medical information for research or educational purposes, but organizing individual medical information, medical records, is creepy. I don't want Google to have my medical history, list of ailments, medications or any sort of test results.

So it will be interesting to see if Google manages to cut through the health care red tape and make everyone's medical information free to all, as long as you have a Google account.