Wednesday, February 27, 2008

Google YOUR private health information?


What if I told you that companies like Google and Microsoft will soon have the opportunity to handle your private medical information? Maybe this is information that you do not want anyone else to know - other than - say your doctor? Earlier this week the state of Tennessee announced a partnership with AT&T for the first statewide network to share health information.

An article in today's Washington Post states that the Cleveland Clinic, in association with Google, will be starting a pilot project that is aimed at putting personal electronic health records in the hands of consumers. (I've talked about personal health records on this blog in the past)

What Cleveland Clinic wants to do is have the ability to merge outside electronic medical records with their own system. For example, if I refer a patient up there, currently, the only thing I can do is send paper records and even x-rays up to Cleveland Clinic with the patient. How much more convenient would it be for me and the patient to have a way to send electronic records and have the opportunity to feed it into their system. That would save time and paper.

What Google wants to do is be the reservoir of all this information - and in some way, make this information available to the health consumer - meaning the patient - meaning you. That's a good idea, right? Here's the problem: What about all the privacy issues? How comfortable are you that companies like Google and Microsoft would have your private medical information?
Medical files in the care of health-care providers like doctors, pharmacies and hospitals enjoy legal protections specified by the Health Insurance Portability and Accountability Act (HIPAA). Covered files are strictly controlled, can't easily be subpoenaed, can't be exploited for profit and have to be stored securely. But Microsoft and Google aren't health-care providers.

"When you move records from a doctor to a personal health record, your protection evaporates," said Robert Gellman, author of a World Privacy Forum study on the subject released last week. He concluded that such systems "can have significant negative consequences for the privacy of consumers."
People joke about "googling" someone - like friends - or even enemies - just to see what comes up. I know my patients "google" my real name to try to learn more about me. What if MY personal medical information was in the hands of Google? What if YOUR personal medical information was in the hands of Google or Microsoft?

In this country, our privacy is pretty much gone anyway. I mean if you're out in public and do something stupid, someone with a camera cell phone records it and is on you tube within the hour. Or Flickr? Or someone blogs about it? And we've all heard of employers who have obtained this information and people are fired. But, this is invasion of privacy on an entirely new level.

Now, people from a potential boss to a private investigator would possibly have the ability to look up your most private medical and health information? This is just wrong and it's dangerous. The article says that an act of Congress is needed to require non-medical providers like Google to follow the same privacy laws that I follow and that hospitals follow. Do you think this will happen? What do you think about these tech companies holding your personal medical information?

Update: This post is less than 2 hours old, and I already have someone fired up! Check out Cathy's take on this (she's been a patient at The Cleveland Clinic).

17 comments:

Cathy said...

Cleveland Clinic is already doing it on a pilot program. I received a letter from them, in the mail and then a follow up email telling me they enrolled me in this, and asked me to be a part of the testing phase.

I will go try to find the email they sent me, and copy and paste it here.

Cathy said...

Here is the email I received from them. I have not signed on to do this.

"Dear MyChart User:

Recently Cleveland Clinic began working with Google - the world’s leading internet search company - to support a new product Google will be launching that will help patients manage their medical records and personal health information online. Because Cleveland Clinic maintains an uncompromising policy regarding the confidentiality and privacy of every patient's personal health information, no information will be shared with Google as part of this pilot project unless the patient explicitly chooses to do so.

You already know the benefits of managing your medical records online because you have experienced the power of a secure, online service that connects you to your healthcare provider whenever and wherever you choose because you are a member of the eCleveland Clinic MyChart community.

What you may not know is that these types of online tools are not available to Americans at large. This is why your unique MyChart experience makes your opinions regarding online healthcare management tools very important and why we need your help.

We are inviting a select number of MyChart users to try the new Google product and offer confidential feedback. The new Google product is being privately piloted at Cleveland Clinic and is available nowhere else at this time. At Cleveland Clinic, we believe that the level of service and convenience you experience as a MyChart user should serve as the model for all patients everywhere and that is why we are working with Google.

You are under no obligation to participate in this pilot test, and no one will call or contact you should you decide to decline. If you decide to participate in this pilot test, there will be no cost to you, but we will ask that you sign a confidentiality statement online before you start, meaning that you will agree to keep the details of Google’s product confidential. There is no hourly time obligation to do testing, just test the product when you have time and offer us feedback. Also, your opinions, as well as any personal health information you choose to include in the test, will be kept in strictest confidence, just as it is in your MyChart account. Both Google and Cleveland Clinic will always respect and protect your privacy.



To enroll in this pilot test, please visit the eCleveland Clinic MyChart home page by clicking here.
After you log-in to your personal MyChart account, open and read the message entitled, “Your Personal Invitation” that you will find in your “Inbox”.
Then click the link in the message that states “Getting Started”.
You will be presented with a supplemental authorization screen that asks you to agree to additional terms and conditions. Once you click the “I Agree” button, the enrollment process will begin.
We certainly hope you will consider helping us give Google feedback on this important new service that could potentially benefit all Americans. If you do participate, your opinions and feedback can help shape the future of this new service offering.

We thank you, in advance, for considering this request. And, as always, thank you for being a MyChart user.

Sincerely,

Your eCleveland Clinic MyChart Service Team"

rlbates said...

I wondered how they would do this. Thanks for sharing Cathy.

Deb said...

I am NOT surprised to learn that "private" health info will become so accessible. For me the phrase "private health information" is a non-existent thing. Mangled Care Companies, uh, I mean "Managed", have usurped the idea of privacy and integrity for many years.

Okay, rant done. You can now go back to your regular blogging.

pixelrn said...

It's been reported that Google will not store the data, nor distribute it. So what's the big deal here? I can't stand not having readily available access to my medical record. Besides, it seems in Cathy's case she has the option to opt out of the pilot program. I wish I had the option to participate in a program like that because if I want to look at my record I have to jump through countless hoops and wait weeks and weeks.

OHN said...

This infuriates me on many levels. Not only is it bad enough that my insurance company is telling me I need to change medications to one of their other formulary medications because they are cozied up with Pfizer now rather than Merck, but now there is a risk that anyone can come across my medical records. Lets face it, the internet is a wonderful wonderful place but it IS NOT SECURE as many people have found out by losing jobs, et cetera. To me this “storage” of records is a HUGE risk of HIPAA violations and quite frankly I am not willing to take that risk. I have a couple of health problems that I would rather keep private from my computer whiz kids. Trust me, if anyone wanted a program hacked into or info found, I have a kid that can do it! Even information stored on your personal computer is at risk if you are running high speed and are always connected. Your information isn’t just sitting in that nice customized computer that you have set up just for you….it isn’t safe and sound on your lap or at your desk, it is accessible by anyone savvy enough to wiggle into your system. Medical records usually, somewhere, contain at the very least, your social security number…identity theft is a very real and very prevalent problem. Even if that hacker doesn’t care if you have hemorrhoids, he may really care that he can get your SSN and buy that nice plasma screen he has been wanting. I understand places like The Clinic wanting to streamline and be the best, the first, the leader, but how about doing it through medical research and not potentially outing all of their patients most personal information. (Also..not knowing the details, I am just wondering if patients will also be able to alter their records...another scary thought.)

TBTAM said...

Can Cathy post the "Terms and condition" for us? that would give an idea as to what one is giving up to Google.

Also I wonder what sort of $ changed hands on this deal.

Google is going to run the world someday.

Great post.

Prudence said...

That news is just scary, Dr. A. Ease of access for patients for their medical records is one thing, but to have a whole lot of unfamiliar people having ease of access to what should be private information is a different thing. And yeah, scary. It just won't happen in my country, though, simply because most medical systems do not really have the patient databases as you're using there now.

Cathy said...

tbtam,

Exact Terms and Conditions are not available to me, until/unless I sign on to do this. Then they would be covered under their confidentiality contract. Once you begin participation in this pilot, you are not allowed to talk about it at all.

From the information they have sent me, they state that our medical records will stay private with Google, unless we choose for them to be made public.

I have no problem with my medical records being made easily available for any, or all, of my doctors to review. The problem I have with this, is that I do not trust my personal or medical information in the hands of Google, regardless of what they promise. Google is in NO way connected to my medical teams, but what they are in the business of, is sharing and making information easily available, to anyone and everyone.

More than my medical records being out there, (I share plenty of it on my own blog), it is my personal information that is my biggest concern. Or that my medical information could be tampered with.

ipanema said...

Terms and Conditions not presented Cathy? Why didn't they attach T&C together with that. When are they going to let you read it...after you sign? I guess there is something fishy there.

people are already wary at the volume of personal info Google has. this? :(

i am all for convenience of records easily available to medical practitioners for referral. but there is always the danger of these falling into the wrong hands. will anybody see it? i don't know how this will be done.

Ben Wright said...

Dr. A: The fact that Google presents a patient like Cathy legal terms and conditions does not mean the patient is without options as she uses Google's service. For the sake of public discussion, here is an idea. To address the privacy fears associated with Google health records, patients might post their own legal terms and conditions in their records. http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html

This idea is not legal advice for Cathy or anyone else, but it is something to talk about.

--Ben

Flashtrigger said...

Wow...I don't even like giving Medic Alert info that isn't relative to the reason I wear their bracelets. There is far too much stigma on far too many physical and mental disorders to feel safe in allowing something like this. Scary. Thanks for the heads-up.

Ros said...

Be realistic, you already don't really own or control that information and it is already made improperly available countless times every year. This is a minor shift in policy, not a major one.

Privacy is increasingly an old world concept.

Ben Wright said...

Ros: Privacy may be an "old world" concept, but our present world legal system holds much respect for it. The concept of privacy carries real-world (including monetary) implications in our courts today, and that will continue for the foreseeable future. http://hack-igations.blogspot.com/2008/02/some-fear-law-will-not-accord-adequate.html --Ben

SeaSpray said...

I hate the erosion of privacy. I don't like this idea. And it does not feel secure. I wish people could be trusted to always do the right thing and we didn't have to be concerned about these things.

Dr. Bonis said...

I am a family physician really concerned about PHR and privacy challenges.

I am leading a PHR project: www.keyose.com

Keyose is the first (and by the moment only one) totally anonymous personal health record online.

Please take a look at: http://www.keyose.com/

feedback is welcomed.

Personal Health Records said...

Thanks for sharing Cathy. I dont know how they have done