Is Google Health on its deathbed? Privacy and the personal health record | Opensource.com

Is Google Health on its deathbed? Privacy and the personal health record

Image by : 

opensource.com

Google Health is approaching its second birthday, and according to some, also near death. I can't help but speculate that if it is indeed shuffling off the digital coil, that its demise has something to do with a general unwillingness to hand over such sensitive information to a company that already knows so much about us as individuals. (Although I should note that their privacy policy does explicitly state that your Google Health profile would not be linked to information from other Google services you use.)

If you haven't tried it, or perhaps even heard of it, Google Health is a service for maintaining your own health records, similar to Microsoft's HealthVault offering. You can track things like weight and blood pressure, your sleep patterns, or how you're doing at your resolutions to cut down on caffeine or go to the gym more. It's one place to keep track of immunizations or procedures you've had and test results you've received. You can also share your information with people you designate, whether that's family caregivers or doctors.

Nowhere are the closely tied principles of transparency and trust more important than in how we share personal health information (PHI). In the US, we've become accustomed to signing papers at the doctor's office about the Health Insurance Portability and Accountability Act (HIPAA) and have come to assume that it always protects our PHI. I think it's also fair to say that most people don't read terms of service. But if you did read the ToS when signing up for Google Health, you would have seen this:

Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

Thus the question becomes, how much do you trust in "do no evil"--and that it will extend to anyone Google decides to share data, even aggregate, de-personalized data, with.

Then if you do decide that you trust Google with your data, there's a security question. Nobody is truly safe from security breaches. Just last week, the world's largest third-party email distributor had its databases hacked. Google itself has had security problems and isn't exactly open and transparent with vulnerabilities and fixes.

On the other hand, if Google is indeed backing off the health record space, leaving Microsoft HealthVault to take over, I doubt that's any better from an openness perspective.

Even if it isn't dying--and there are those who believe it's still running along--the public doesn't seem to be running to the PHR bandwagon just yet, and I have to assume it has a lot to do with uncertainty about handing over such sensitive information. Those watching for the official end of Google Health comment on it as a business decision, likely begun by Larry Page taking over as CEO, reorganizing and cutting projects.

There are steps towards more open source PHRs, but Google Health and HealthVault have the market for now. So what's your solution? Continue to keep track of your information the old-fashioned way? Trust in one service or another? How do you feel about digital PHRs?

About the author

Ruth Suehle - Ruth Suehle is the community leadership manager for Red Hat's Open Source and Standards team. She's co-author of Raspberry Pi Hacks (O'Reilly, December 2013) and a senior editor at GeekMom, a site for those who find their joy in both geekery and