The Register® — Biting the hand that feeds IT

Feeds

Google eyes Cleveland medical records

World Privacy Forum howls

By Cade Metz, 21st February 2008
  • print
  • alert

Ensure Ease of Recovery with Asigra’s Agentless Software

Google's efforts to engulf the world's medical records will begin in Cleveland.

Today, the search engine cum world power announced a joint project with the Cleveland Clinic, an 87-year-old not-for-profit medical center, that will see between 1,500 and 10,000 of the center's patients entrust their personal records to Larry Page and Sergey Brin.

Yes, between 1,500 and 10,000. Presumably, Google and the Cleveland Clinic anticipate that a few thousand patients will ultimately decide this idea is way too creepy.

In any event, the project marks the debut of a long-awaited/long-dreaded online health service from the Mountain View, California web giant. Google has previously said that this store-your-medical-records offering would be available to the general public sometime in 2008.

Similar services are already available from arch-rival Microsoft and a startup known as Revolution Health, backed by AOL co-founder Steve Case.

Google bills its password-protected service as "a new kind of healthcare experience that puts the patient in charge of his or her own health information." The Cleveland Clinic already stores patient records on an in-house database, and it will soon give a chosen few the opportunity to move their records onto Google's servers, including information regarding medical conditions, allergies, and prescriptions.

Naturally, this will allow these patients to quickly access their Cleveland Clinic records whenever they spy an internet connection. But Google envisions a time when its service allows any brave soul to shuttle records to and from multiple doctors, pharmacies, and other healthcare providers.

Yes, many will be reluctant to share their records with a company that already stores their search histories and indexes their email. But patient privacy would be an issue even if Google was a piddly startup.

It just so happens that yesterday, as word of Google's Cleveland Clinic partnership spilled forth from The Associated Press, the World Privacy Forum released a report (PDF) explaining that health records hosters like Google aren't covered by the US Health Insurance Portability and Accountability Act (HIPAA).

In other words, the laws that govern what doctors can do with a patient's medical records wouldn't apply to Larry Page and Sergey Brin. "Because of the structure of HIPAA, its privacy protections do not generally follow a health record," the report says. "The basic idea is that if a health care provider (hospital, physician, pharmacist, etc.) or a health plan maintains a health record, the record is protected under HIPAA. However, if a person of business is not a covered entity under HIPAA holds the records, then HIPAA does not apply."

When we asked Google to discuss its health service, it said: "We'll get back to you." ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (16)
Latest Comments
Benjamin Wright

Privacy by contract

Maybe consumers can use contract law to enhance the privacy of their health records. http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html

0
0
Stephen Ware

Re :Been there. Done that.

'Unless you're willing to break into a GP Surgery and hack into their server directly, then yes it is secure. The electronic transfer of data only takes place across secure dedicated network connections and the ports are only open long enough to transmit the data'.

I was merely commenting on the often quoted 'completley secure'. History proves otherwise. If you had used other words maybe I would not have taken the bait. A system is only secure as its weakest links. Maybe your GP's surgery is tight however where is the data going..A busy hospital...Is it secure there ?

I Just get annoyed when people make such hyped claims. ID biometric database is so called secure say the goverment....Does that mean I believe them ?....

0
0
Anonymous Coward
Anonymous Coward

@Stephen Ware

Unless you're willing to break into a GP Surgery and hack into their server directly, then yes it is secure. The electronic transfer of data only takes place across secure dedicated network connections and the ports are only open long enough to transmit the data.

The transmissions are limited to one record at any time, so unless you're prepared to physically break into a secure line on the off chance that the record you intercept might be of some use to you, then it's hardly worthwhile, is it?

0
0

More from The Register

SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
115
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
breaking news
Ecuador: All right, Julian, you CAN stay on our sofa - it's your human right
Minister and Wikileaker share cosy chat in tiny London flat
65
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
BBC lied to Parliament about doomed £100m IT monster, thunder MPs
Axed DMI ballooned and burst while watchdogs sang Kumbaya
50
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68