As the Google Health story has fleshed out in recent days my view has become clearer and stronger. Then, yesterday at work I saw a demonstration of Google ethics that annoyed the crap out of me.
The crux of it is trust and trustworthiness. The Federal HIPAA law puts strict penalties on a provider who leaks your data, but Google's not subject to HIPAA. And their password security is really weak, unlike bank web sites.
A) Bloggers' views
- The best commentary I've seen is David Hamilton's Seven Reasons Google Health Is Overblown.
- The discussion on the e-patient blog continues.
- Hamilton's second post, Google Health Privacy: All Talk, No Teeth?, includes the tip that Google Health's terms of service say you will defend or settle any lawsuit by a third party, e.g. your state's attorney general, about your use. And Google's penalties in any case are limited to $1,000.
My company gives Google thousands of dollars a month for Pay Per Click (PPC) advertising. (We bid to have our ads displayed when someone "googles" specific phrases, such as 'online appointment software'.) Every time someone clicks one of our ads, we pay Google, regardless of whether it turns out to be a legitimate buyer. If carefully managed, it's worth the risk, and we put a spending cap on it, which we rarely reach.
Well, yesterday my PPC consultant noticed that Google just added a feature without telling anyone that will spend our unused budget to display ads for phrases we didn't bid on.
Details in this post.
I'm all in favor of modernizing healthcare, particularly making it easier to do what I want with my data. But I think it should be done by a non-profit entity, using open source software.