The Launch of Google Health

There's a lot of talk this week about the launch of Google Health. As much as I love everything online, I have grave concerns about this. I wrote about it here in January, speaking on general principle. But now that the thing is finally launched, the full terms of service are out (the fine print), and my concerns are even greater.

#1 on my list is that due to some legalese (Google itself isn't a healthcare provider), Google Health is not subject to HIPAA privacy regulations. Google isn't required to observe HIPAA protections to keep your data private, and there are no legal consequences if they don't.

Of greater concern is that the whole point of Google Health is that they send your information to others you select, at which point the data is completely out of Google's control.

And that doesn't begin to get into the sociological / political concerns I raised in January - questions of what to do when Google says "Really, just trust us" in the absence of any policing.

If you want to know more, explore these posts (and comments):

• The e-Patients blog: Google releases Google Health
  
  
• Slashdot (a well known tech blog): Google Health opens to the public. Those people are no fools, they have lots of experience with Google (for better and worse), and they have fun attitude. Some of them are pointing out that HIPAA obviously needs a major overhaul.
  

I'm so concerned about this that I've written my concerns on the blogs of my hospital's CEO and his CIO (top computer guy). The CIO is on the advisory council for the whole Google Health initiative, and I really want to know why they think the privacy issue (which is enforced on everyone else who touches your data) isn't a concern with Google.

Let's hope it turns out there's actually no privacy concern. Then all we'd have to worry about is whether to trust Google in the first place, given their track record as I've described below.

What's next - Google Health??

Well, what won't Google dip its (extremely large) toe into next? My, it's Google Health. Download your medical records from hospitals and pharmacies, and just give it all to Google and they'll take real good care of it.

Some of us get the creepies just THINKING of how much Google knows about our private stuff. Now "privates" could be more literally true than before.

Mind you, there's a large and legitimate move afoot to create some sort of universal (but private) form of medical records storage, some universally accessible database so when there's an emergency, physicians can treat you accurately and rapidly. (Heck, accurate and up to date information would be useful in non-emergency situations, too. It's amazing how difficult that is to achieve. Many healthcare bloggers have talked about it.)

When I attended a dinner meeting at BI-Deaconess last fall, we saw a new gadget that a patient can wear, a little USB disk drive containing all their medical records. If you were to be away from your usual care when an emergency befell you, this could be immensely valuable. It's a good thing. And if you read my cancer journal last year, you know I love online access to my medical information.

At work I spend a lot of time dealing with Google tools, particularly their "search engine marketing" tools. They write some amazingly good software.

But it'll be a cold day in hell before I hand them my medical data. Sure, they say I'll "own" it. But who could possibly police what they do with it?

Of course, the site says:

Google Health privacy policy: Google respects the privacy of your health information.

But I'm not comfortable that there's integrity behind that. See, there's this motto "don't be evil" that's espoused by CEO Eric Schmidt when discussing issues of privacy when Google reaches into your online underpants and reports its findings to the world. And I'll never forget 2005, when Google (particularly Schmidt) showed its real stripes on that issue.

CNet.com wrote a fairly balanced article about Google and privacy under the uncritical title "Google Balances Privacy, Reach." To illustrate the topic, the writer Googled Eric Schmidt himself, for just a half hour, and published what she found - about him, his salary, his neighbors, his political donations, etc.

And what was the response of The Goog? Why, CNet.com got its goolies chopped off by ... let me see... my, it was CEO Eric Schmidt! This CNN article relates how Schmidt banned CNet from getting any access to Google employees for a year. And when you're a tech news site, that's a major punishment.

GOOG's stock is doing great and I love their free tools, but there's no way in hell I'm giving them sensitive personal data, regardless of what their policy says. New motto for 2008: Don't Be Stupid.