Google Can View Millions of Patient Health Records in Most States (axios.com) 26
Through its partnerships with health care providers, Google can view tens of millions of patient records in at least three-quarters of states, the Wall Street Journal reports. From a report: Some of these partnerships allow Google to access identifiable information about patients without their or their doctors' knowledge, raising fears about how this data may be used. Google is developing a new search tool -- designed to be used by doctors, nurses and potentially patients -- that stores and analyzes patient information on its servers. The company and some health systems say argue that data-sharing can improve patient outcomes.
Google says its health endeavors aren't connected with its advertising business.
"...improve patient outcomes..." (Score:5, Insightful)
Re:"...improve patient outcomes..." (Score:4, Insightful)
Re: (Score:2, Insightful)
You can sign away your rights in many different ways. Check all 213,831 pages you have to sign for your insurance. Its probably in there somewhere.
Re:"...improve patient outcomes..." (Score:5, Informative)
As someone who used to be on the reading side of these arrangements, I can assure you it's all in the waivers you sign prior to receiving care.
HIPAA is really easy to work inside. Essentially, you just have to promise you'll protect the data, and you can get third-party access.
Re: (Score:2)
Well, in my Dr's offices...I often cross out things that allow them to share too broadly, etc.
If they accept these, which they always do, I've never had them question me on it...
If I found they shared, could I sue?
Re: (Score:2)
While I'm no legal expert, I think you might have an issue as you altered the original contract without getting both parties to re-agree, unless they re-signed the altered contract?
Same idea as you make a contract for someone, get them to sign it, and then you just cross out whatever and write in "You own me 3 million bajillion dollars" and then sign and try getting it to hold up in court.
Re:"...improve patient outcomes..." (Score:4, Informative)
I'm not a legal expert either, but I think what you are signing here is a release form, not a contract, so it is perfectly legal for YOU to alter what permissions YOU give them for what they can do with your PI and health information.
Re: (Score:2)
Re:"...improve patient outcomes..." (Score:4, Insightful)
Yep, that one, that you could still have opted to not sign, and your record would be an "anonymous" John Doe with a "don't use this" flag.
Funny thing... Once it's "anonymous", you pretty much lose your HIPAA rights, and it's even easier for a third party to get your information (because it's not your information anymore - it's just some anonymous patient), and if your case is even slightly unusual, you can probably be identified again with a high degree of confidence.
If you're concerned about your privacy, sign the form, and let people like me take care of properly protecting it. I won't say we're perfect at it, but at least we had to go through compliance training to use the "dangerous" full data set...
Re: (Score:2)
Re: (Score:2)
So if you are critically sick, it's like a N. Korean ballot:
Re: (Score:1)
Re: (Score:2)
Google partners with providers by claiming to offer a useful service. PHI can be shared with business affiliates without your permission or knowledge.
HIPAA is mostly something to give ambulance chasing lawyers an excuse to sue large enterprises like hospitals and insurance companies when there's a data breach.
Re: (Score:3)
How in the world does this pass the HIPAA "sniff test"???
All the data is in segregated servers, all access is suitably restricted, etc. It's not hard for a company like Google to carve out a secure space for HIPAA data. It just requires ensuring that none of the rest of the business has any access to it.
Re: (Score:2)
Re: (Score:2)
Amazon has the exact same thing for government information. Meeting privacy and encryption requirements https://aws.amazon.com/govclou... [amazon.com]
Yep. This is a standard thing. For that matter, I expect that Google also has an obligation to segregate the data of enterprises that use GSuite. Undoubtedly there are at least a few GSuite customers who are actually competitors to Google in some ways, and will need strong assurance that Google won't use their data to compete with them. Making isolated data siloes is a common requirement.
Re: (Score:2)
Re: (Score:2)
I vote that our multi-millionaire congresional representatives have to pay for it out of their own pockets (of course, they'll continue to receive their top of the line healthcare instead of the Jack-in-the-Box version we'll get).
Privacy Rapists (Score:3, Insightful)
Hmm, letting a privacy rapist [slashdot.org] see people's personal medical information..... what could possibly go wrong??
Opt-out (Score:2)
medical records are 10x price for a credit card (Score:4, Insightful)
Google needs better management. (Score:2)
I agree. To me, it seems that Google is not well managed.
What Google says and what they don't say: (Score:2)
Google says its health endeavors aren't connected with its advertising business.
What about other advertising businesses? What about insurance companies? What about pharmaceuticals? What about state actors both domestic and foreign?
Tell them what then need to know (Score:2)
I have stopped telling my physician information that is not directly related to my health issue.
That's bad and it requires some judgement but I don't want my "recreational drug use" to be spread about Google and more importantly, to my health insurance company. Though I just use MJ, it's none of their damned business.