There's a lot of talk this week about the launch of Google Health. As much as I love everything online, I have grave concerns about this. I wrote about it here in January, speaking on general principle. But now that the thing is finally launched, the full terms of service are out (the fine print), and my concerns are even greater.
#1 on my list is that due to some legalese (Google itself isn't a healthcare provider), Google Health is not subject to HIPAA privacy regulations. Google isn't required to observe HIPAA protections to keep your data private, and there are no legal consequences if they don't.
Of greater concern is that the whole point of Google Health is that they send your information to others you select, at which point the data is completely out of Google's control.
And that doesn't begin to get into the sociological / political concerns I raised in January - questions of what to do when Google says "Really, just trust us" in the absence of any policing.
If you want to know more, explore these posts (and comments):
- The e-Patients blog: Google releases Google Health
- Slashdot (a well known tech blog): Google Health opens to the public. Those people are no fools, they have lots of experience with Google (for better and worse), and they have fun attitude. Some of them are pointing out that HIPAA obviously needs a major overhaul.
Let's hope it turns out there's actually no privacy concern. Then all we'd have to worry about is whether to trust Google in the first place, given their track record as I've described below.