Google has announced a pilot project called Google Health in which it will begin storing the medical records of 1,500 to 10,000 patients at the Cleveland Clinic who agreed to an electronic transfer of their personal health records so they can be retrieved through Google’s service, which will not be open to the general public. Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password.
Last year Microsoft introduced a similar service, HealthVault, and AOL co-founder Steve Case founded Revolution Health, which also offers online tools for managing personal health histories.
The project concerns privacy watchdogs who think Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions. For example, Google, through Google Analytics, Google Checkout, Gmail, Google Maps, Google Calendar, and Google Books, knows what we look for, what we look at even if we use a different search engine, what we buy, what we read, provides access to e-mails and chat logs, and tells where we’re going and when we’ll get there.
Google views its expansion into health-records management as a logical extension of its search engine business, which already processes millions of requests from people trying to find about more information about injuries, illnesses or treatments. The company has not said when it will begin the health service, but has previously said the service would debut in 2008.
Google CEO Eric Schmidt said that Google will not sell ads to support its new Internet service. Schmidt described Google Health as a platform for users to manage their own records, such as medical test results and prescriptions. It would be accessed with a user name and password, just like a Google e-mail account, and could be called up on any computer with an Internet connection.
A primary benefit, Schmidt said, is the portability of records from one health care provider to the next. He repeatedly said no data would be shared without the consumer’s consent. Schmidt said it will be an open system where third parties can build direct-to-consumer services like medication tables or immunization reminders.
The Cleveland Clinic already keeps the personal health records of more than 120,000 patients on its online service, MyChart. Patients who transfer their information to Google would be able to retrieve it quickly even if they were no longer being treated by the clinic.
In the US, medical records are protected by the Health Insurance Portability and Accountability Act HIPPA. This Act was passed in 1996 and classifies medical information as a private and privileged communication between the doctor and the patient. One of the protections this gives is that the doctor must notify a patient if copies of the records are requested by a third party, such as during insurance applications and criminal investigations. In New York, recovery of punitive damages has been allowed for unauthorized disclosure of priviledged medical information.
However, third party information brokers including Google are not subject to HIPPA, so anyone signing up to the service could feasibly be putting their information at risk of undisclosed copying, distribution, and use for marketing purposes. A patient who agrees to transfer medical records to an external health service run by Google or Microsoft could make it easier for the government or some other legal adversary to obtain the information.
Google Health partners include retailers with pharmacies like Wal-Mart Stores Inc., Walgreen Co. and Duane Reade Inc. and health care providers such as Aetna Inc. and Cedars-Sinai Medical Center.