Is Google Health on its deathbed? Privacy and the personal health record

No readers like this yet.
open source button on keyboard

Opensource.com

Google Health is approaching its second birthday, and according to some, also near death. I can't help but speculate that if it is indeed shuffling off the digital coil, that its demise has something to do with a general unwillingness to hand over such sensitive information to a company that already knows so much about us as individuals. (Although I should note that their privacy policy does explicitly state that your Google Health profile would not be linked to information from other Google services you use.)

If you haven't tried it, or perhaps even heard of it, Google Health is a service for maintaining your own health records, similar to Microsoft's HealthVault offering. You can track things like weight and blood pressure, your sleep patterns, or how you're doing at your resolutions to cut down on caffeine or go to the gym more. It's one place to keep track of immunizations or procedures you've had and test results you've received. You can also share your information with people you designate, whether that's family caregivers or doctors.

Nowhere are the closely tied principles of transparency and trust more important than in how we share personal health information (PHI). In the US, we've become accustomed to signing papers at the doctor's office about the Health Insurance Portability and Accountability Act (HIPAA) and have come to assume that it always protects our PHI. I think it's also fair to say that most people don't read terms of service. But if you did read the ToS when signing up for Google Health, you would have seen this:

Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

Thus the question becomes, how much do you trust in "do no evil"--and that it will extend to anyone Google decides to share data, even aggregate, de-personalized data, with.

Then if you do decide that you trust Google with your data, there's a security question. Nobody is truly safe from security breaches. Just last week, the world's largest third-party email distributor had its databases hacked. Google itself has had security problems and isn't exactly open and transparent with vulnerabilities and fixes.

On the other hand, if Google is indeed backing off the health record space, leaving Microsoft HealthVault to take over, I doubt that's any better from an openness perspective.

Even if it isn't dying--and there are those who believe it's still running along--the public doesn't seem to be running to the PHR bandwagon just yet, and I have to assume it has a lot to do with uncertainty about handing over such sensitive information. Those watching for the official end of Google Health comment on it as a business decision, likely begun by Larry Page taking over as CEO, reorganizing and cutting projects.

There are steps towards more open source PHRs, but Google Health and HealthVault have the market for now. So what's your solution? Continue to keep track of your information the old-fashioned way? Trust in one service or another? How do you feel about digital PHRs?

User profile image.
Ruth Suehle is the community leadership manager for Red Hat's Open Source and Standards team. She's co-author of Raspberry Pi Hacks (O'Reilly, December 2013) and a senior editor at GeekMom, a site for those who find their joy in both geekery and parenting.

3 Comments

With ONC meaningful use rules requiring patients "Timely Access" to health records in electronic format, I don't see the "big box" providers playing a role in storing this data for very long. The providers, individual and institutional, will need to evolve to support a standard format (CCR/CCD, likely) and a standard connection (DIRECT?) that can be sent to or retrieved by the patient using their OWN technology, desktop app, phone app etc. Who they choose to share that data with will then be completely in the patient's control.

PHRs still have a number of shortcomings, for instance, the general lack of interactive features, i.e., the ability to schedule appointments or communicate with my doctor. Right now they are just digital file cabinets. Maybe when, as Tony says, there's a standard format and a standard connection, and the PHRs offer my dream features, I'll use one. But another important question, then, will be, who pays for it?

There is a big difference between a PHR and a PHI. I agree that current PHRs are limited, this is primarily due to the non-open nature of most EHR systems. Standards that have evolved around calendars and now patient care records will help ease that IF the vendors adopt them (as in:who pays for it). On the other hand, if they don't the open source EHRs will eat them alive :-).

A PHI, in my opinion, does not need that kind of rich feature set to be useful to the patient. It needs only to be able to consume and merge CCR/CCD data from multiple sources so that the patient has a complete picture of their medical record and the ability to share it and/or get it corrected.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.