Google To Offer Health Records On The Web
That was the headline in The Wall Street Journal (Feb 28, 2008) which would lead many to ask, is the World Wide Web really safe enough to store personal health records?
Yes, it's true, a company known for broadcasting information through its search engine has launched a new Web service called Google Health. Currently in its initial rollout phase, the service will store patients' personal health data and medical records and be viewed online by doctors and other medical personnel.
Google Health is intended to provide:
- A more secure method for storing health information over paper records
- A single location for each patient's personal data
- Options for users to enter details such as prescriptions, doctor visits and family medical history
- A better overall patient experience, especially in the event of a medical emergency
The initiative caters to President Bush's directive to have all medical records digitized by 2014, but is also a competitive response to Revolution Health, led by AOL, and Microsoft's HealthVault.
So Anyone Can Go Online And See My Personal Health Information?
Only if you authorize them to do so, according to a Google spokesperson (USA Today, Feb 22, 2008). And perhaps therein lies the flaw. Concerns abound about the possibility of data getting into the wrong hands, such as insurance companies, employers, drug companies and advertisers. Will everyone know what they are making public when they give their authorization for someone to view their data? At a minimum, Google Health records will include basic data such as name, address, phone numbers, insurance information, emergency contacts and employment information. Security concerns also include:
- An authorized person will be able to see all of your health records without exception
- Online personal medical records may not be protected under federal privacy rules
- Online personal medical records are not subject to the privacy provision of the Health Insurance Portability and Accountability Act (HIPAA)
As a result, if for some reason a company housing your online personal health records was ordered to hand over its intellectual property, your health records would not receive any special treatment, and would be turned over as well.
I Need More Than Promises That My Data Is Secure
You're not alone. Despite assurances from Google, MSN and others that their health records platforms are safe and secure, many critics are less confident - a sentiment not without foundation.
As detailed in PCWorld (Mar 6, 2008) Internet hackers have already been exploiting holes in electronic healthcare security. In fact, healthcare organizations themselves report:
- Increased Web attacks
- Increased security incidents involving insiders
- Increased occurrences of lost data
- Increased attacks against hospitals
- Increased breaches in healthcare networks
This hardly seems like the environment in which to be placing your personal information, especially when reading of disappearing laptops and of healthcare systems being easy targets for hackers. So much so that HIPAA is this year conducting surprise audits on hospitals across the nation.
All we can say is good luck if you are one of the 1,500 to 10,000 patients in Google's initial pilot program.