The Launch of Google Health

There's a lot of talk this week about the launch of Google Health. As much as I love everything online, I have grave concerns about this. I wrote about it here in January, speaking on general principle. But now that the thing is finally launched, the full terms of service are out (the fine print), and my concerns are even greater.

#1 on my list is that due to some legalese (Google itself isn't a healthcare provider), Google Health is not subject to HIPAA privacy regulations. Google isn't required to observe HIPAA protections to keep your data private, and there are no legal consequences if they don't.

Of greater concern is that the whole point of Google Health is that they send your information to others you select, at which point the data is completely out of Google's control.

And that doesn't begin to get into the sociological / political concerns I raised in January - questions of what to do when Google says "Really, just trust us" in the absence of any policing.

If you want to know more, explore these posts (and comments):

• The e-Patients blog: Google releases Google Health
  
  
• Slashdot (a well known tech blog): Google Health opens to the public. Those people are no fools, they have lots of experience with Google (for better and worse), and they have fun attitude. Some of them are pointing out that HIPAA obviously needs a major overhaul.
  

I'm so concerned about this that I've written my concerns on the blogs of my hospital's CEO and his CIO (top computer guy). The CIO is on the advisory council for the whole Google Health initiative, and I really want to know why they think the privacy issue (which is enforced on everyone else who touches your data) isn't a concern with Google.

Let's hope it turns out there's actually no privacy concern. Then all we'd have to worry about is whether to trust Google in the first place, given their track record as I've described below.