Google launched the beta version of its Google Health personal health records aggregator Monday. The service, according to Google, will put users in control of their own medical records, giving them 24-hour-a-day access to their health records from a variety of sources.
With the introduction of Google Health, the search giant joins other Internet companies including Microsoft’s HealthVault, Revolution Health and WebMD in the business of storing personal health records (PHR). Revolution Health is a startup from Steve Case, AOL’s cofounder.
Proponents such as Case contend that making these types of services available to consumers is the key to revolutionizing the healthcare system in the U.S.
“It’s crazy to think that consumers have exceptional tools to manage their financial portfolios and fantasy football team but lack valuable tools to effectively manage their healthcare. We need to get consumers much more engaged to be successful,” he said during a keynote address at Medco Health Solutions Symposium last Friday.
At the same time, however, Google Health has raised concerns about privacy.
Google’s Health Rx
First announced in February, Google Health is a platform designed to help users store and track their health records. With the free service, consumers can create a health profile, import their medical records, track and link data for prescriptions and allergies as well as search for information about a medical condition as well a doctor.
“As people age, they have more conditions and medications prescribed for those conditions. They also have more physicians. They might have their primary care physician at the local hospital and some acute condition treated at tertiary hospital. And so trying to manage all of that, certainly having access to personal health records to help them navigate their health records, that is one of the benefits,” said Lynne Dumbrack, program manager at Health Industry Insights, an IDC company.
For consumers, having their medical records available on demand has potential benefits, said Carlton Doty, a Forrester Research analyst.
“But electronic health records are only as good as the data that goes into them. The usefulness of this service will depend on Google’s ability to deliver on the promise of interoperability,” he told TechNewsWorld.
Google has teamed with a host of partners, including Medco, Walgreens, Cleveland Clinic, Quest Diagnostics and CVS to make it possible for Google Health users to receive automatic updates of their prescriptions, lab results and changes in medical records.
“The key to success will be to aggregate the medical information in a meaningful and useful way from the providers, payers and consumers. So far, the pilots that we see from Google and Microsoft are with very recognizable provider institutions — e.g. The Cleveland Clinic, The Mayo Clinic, Beth Israel Deaconess. We will see similar partnerships inked with national payers very soon — e.g. United, Aetna, Cigna, etc.,” explained Doty.
Privacy Health
As is the case with other PHR services, Google Health is not subject to the Health Insurance Portability and Accountability Act (HIPAA).
Passed in 1996, the legislation’s privacy rule, which took effect in April 2003, places restrictions on who can share a patient’s medical records, with whom and under what circumstances. The regulations govern the dissemination of information from healthcare professionals and their staff as well as insurance companies, billing services, clearinghouses and community health information systems.
The company has no current plans to include targeted advertising on Google Health, according to Marissa Mayer, vice president of search products and user experience at Google.
Google Health also does not sell user health information, said Mike Yang, senior product counsel for Google, in a post on the company’s Public Policy blog.
“[The] Google Health privacy policy tells people in a simple, straightforward way what information we collect, how we use it, and the steps we take to keep it safe. We also have strict data security policies and measures in place to limit access to sensitive information and to protect against data breaches,” he wrote.
Google gives users control over their health information and gives the ability to choose who they want to share that data with. The search provider will not sell, rent or share that data either identified or de-identified without the explicit consent of the user, save in the case of certain situations for instance when it is required by law.
If a consumer decides to delete that information, the deletion is immediate, but backup copies of the data may still be available for a “short time,” according to Google’s privacy policy.
Ads Would Change the Game
Privacy concerns in this realm are essentially the same as those that arose when banks and retailers first joined the online community, said both Doty and Dumbrack.
“I don’t think Google’s challenge is any more significant than that of a financial institution or online retailer who stores credit card account numbers online. With identity theft on the rise, this is an issue that is not unique to any one company or service,” Doty pointed out.
However, if Google does start to include targeted advertising on Google Health, that changes the game from the customer’s perspective, he continued.
“There’s just something particularly spooky about the prospect of [receiving targeted advertising] playing out within the context of one’s health records,” Doty added.
“People really need to understand the potential privacy implications,” Dumbrack told TechNewsWorld.
Both analysts say it will be at least five years before consumers widely adopt services like these. That gives Google, Microsoft and others some time to finesse their privacy policy and the federal government a chance to revise its laws.
“We will soon begin to hear discussion at the legislative level about privacy concerns with these types of service — however, policy makers will tread lightly, since they ultimately want to encourage the user of [electronic health records],” said Doty.
Loading ...
Anyone worried about potential, downstream privacy violations from Google ought first to worry about the enormous volume of personal medical data that is outsourced daily to 3rd-parties in countries that have privacy protections that are not robust (or do not exist at all). Privacy worriers should think next about all of the in-office HIIPA violations that occur when: files are left open/out/in view of other patients; medical staff call to each other about patients or about records; or, best yet, when a nurse bellows "What seems to be the problem!?" in front of a lobby full of other patients. Anyone who thinks their medical records are secure, now, is dreaming. Individuals should have the ability to compile and to consult their medical records, and moreover, to have a look at what the medical-data establishment releases on them when asked.