Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
AI Google Medicine Privacy

Google Can View Millions of Patient Health Records in Most States (axios.com) 26

Through its partnerships with health care providers, Google can view tens of millions of patient records in at least three-quarters of states, the Wall Street Journal reports. From a report: Some of these partnerships allow Google to access identifiable information about patients without their or their doctors' knowledge, raising fears about how this data may be used. Google is developing a new search tool -- designed to be used by doctors, nurses and potentially patients -- that stores and analyzes patient information on its servers. The company and some health systems say argue that data-sharing can improve patient outcomes. Google says its health endeavors aren't connected with its advertising business.
This discussion has been archived. No new comments can be posted.

Google Can View Millions of Patient Health Records in Most States

Comments Filter:
  • by QuietLagoon ( 813062 ) on Monday January 13, 2020 @02:34PM (#59616740)
    Of course, google and the health system providers will say that this wholesale harvesting of confidential medical information will help the patients. But that is only one aspect of all this. The other aspect is the usage and sale of this data, in many cases without the knowledge and proper consent of the patients.
    • by cayenne8 ( 626475 ) on Monday January 13, 2020 @02:44PM (#59616772) Homepage Journal
      How in the world does this pass the HIPAA "sniff test"???
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        You can sign away your rights in many different ways. Check all 213,831 pages you have to sign for your insurance. Its probably in there somewhere.

      • by Sarten-X ( 1102295 ) on Monday January 13, 2020 @02:54PM (#59616824) Homepage

        As someone who used to be on the reading side of these arrangements, I can assure you it's all in the waivers you sign prior to receiving care.

        HIPAA is really easy to work inside. Essentially, you just have to promise you'll protect the data, and you can get third-party access.

        • Hmm.

          Well, in my Dr's offices...I often cross out things that allow them to share too broadly, etc.

          If they accept these, which they always do, I've never had them question me on it...

          If I found they shared, could I sue?

          • While I'm no legal expert, I think you might have an issue as you altered the original contract without getting both parties to re-agree, unless they re-signed the altered contract?

            Same idea as you make a contract for someone, get them to sign it, and then you just cross out whatever and write in "You own me 3 million bajillion dollars" and then sign and try getting it to hold up in court.

            • by cayenne8 ( 626475 ) on Monday January 13, 2020 @05:23PM (#59617472) Homepage Journal

              While I'm no legal expert, I think you might have an issue as you altered the original contract without getting both parties to re-agree, unless they re-signed the altered contract?

              Same idea as you make a contract for someone, get them to sign it, and then you just cross out whatever and write in "You own me 3 million bajillion dollars" and then sign and try getting it to hold up in court.

              I'm not a legal expert either, but I think what you are signing here is a release form, not a contract, so it is perfectly legal for YOU to alter what permissions YOU give them for what they can do with your PI and health information.

        • ...I can assure you it's all in the waivers you sign prior to receiving care.... You mean that multi-page, legalese-laden, fine print document I had to sign before I could get treatment in the emergency room. That document? That's why I said "proper permission." What I signed under duress was not proper permission, imo, it was extortion.
          • by Sarten-X ( 1102295 ) on Tuesday January 14, 2020 @12:42AM (#59618408) Homepage

            Yep, that one, that you could still have opted to not sign, and your record would be an "anonymous" John Doe with a "don't use this" flag.

            Funny thing... Once it's "anonymous", you pretty much lose your HIPAA rights, and it's even easier for a third party to get your information (because it's not your information anymore - it's just some anonymous patient), and if your case is even slightly unusual, you can probably be identified again with a high degree of confidence.

            If you're concerned about your privacy, sign the form, and let people like me take care of properly protecting it. I won't say we're perfect at it, but at least we had to go through compliance training to use the "dangerous" full data set...

            • ...that you could still have opted to not sign, and your record would be an "anonymous" John Doe with a "don't use this" flag.... --- I did not have my lawyer with me (I did have blood dripping out of me, though), so that information was not available to me. Additionally, it has never been told to me that I had the option not to sign it, it was always presented that I had to sign it before I was treated. Regardless of having a lawyer, you seem to present two options: (1) sign it and have my data harvested
        • by Tablizer ( 95088 )

          it's all in the waivers you sign prior to receiving care.

          So if you are critically sick, it's like a N. Korean ballot:

          A. [X] Give away personal data to dodgy vendors
          B. [_] Die

        • Maybe you and I are working under different HIPAA regulations. Promising isn't enough. The Covered Entity can't transfer risk and liability to a third party in any way as far as HIPAA is concerned. When you allow a third party, a Business Associate, to access your data, you are still responsible for whatever they do with it. Yes, a Business Associate can be held liable, but that liability still moves upstream to the CE. That is why CEs are required to do their own due diligence on all BAs. We have a questi
      • by tomhath ( 637240 )

        Google partners with providers by claiming to offer a useful service. PHI can be shared with business affiliates without your permission or knowledge.

        HIPAA is mostly something to give ambulance chasing lawyers an excuse to sue large enterprises like hospitals and insurance companies when there's a data breach.

      • How in the world does this pass the HIPAA "sniff test"???

        All the data is in segregated servers, all access is suitably restricted, etc. It's not hard for a company like Google to carve out a secure space for HIPAA data. It just requires ensuring that none of the rest of the business has any access to it.

        • Amazon has the exact same thing for government information. Meeting privacy and encryption requirements https://aws.amazon.com/govclou... [amazon.com]
          • Amazon has the exact same thing for government information. Meeting privacy and encryption requirements https://aws.amazon.com/govclou... [amazon.com]

            Yep. This is a standard thing. For that matter, I expect that Google also has an obligation to segregate the data of enterprises that use GSuite. Undoubtedly there are at least a few GSuite customers who are actually competitors to Google in some ways, and will need strong assurance that Google won't use their data to compete with them. Making isolated data siloes is a common requirement.

  • Privacy Rapists (Score:3, Insightful)

    by Sebby ( 238625 ) on Monday January 13, 2020 @02:47PM (#59616790)

    Hmm, letting a privacy rapist [slashdot.org] see people's personal medical information..... what could possibly go wrong??

  • This may work for at least Anthem CA: https://www.manifestmedex.org/... [manifestmedex.org]
  • by mutley69 ( 941584 ) on Monday January 13, 2020 @03:21PM (#59616966)
    This kind of information should never get into the hands of a corporation that makes money out of data. It's absolutely something you should never tollerate. They should ask your permission to access these data. The hospital or the ones that manage that information are bound to the private nature of this data. They should never have allowed this access. In fact - i do believe we should do the same as we did in the end of the 60's in europe. Protest - strikes - action! Once your privacy is lost - you'll never get is back. It's so valuable that it makes me sad that people don't realise that using social media opens the flood-gates to loose all privacy!
  • Google says its health endeavors aren't connected with its advertising business.

    What about other advertising businesses? What about insurance companies? What about pharmaceuticals? What about state actors both domestic and foreign?

  • I have stopped telling my physician information that is not directly related to my health issue.

    That's bad and it requires some judgement but I don't want my "recreational drug use" to be spread about Google and more importantly, to my health insurance company. Though I just use MJ, it's none of their damned business.

Single tasking: Just Say No.

Working...