Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google to Begin Storing Patients' Health Records

Soulskill posted more than 6 years ago | from the meet-doctor-google dept.

Medicine 214

mytrip writes with news that Google's health record archive is about to be tested with the assistance of the Cleveland Clinic. Thousands of patients (who must approve the transfer of information) will have access to everything from their medical histories to lab results through what Google considers a "logical extension" of their search engine. We discussed the planning of this system last year. "Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that's also required to use other Google services such as e-mail and personalized search tools. The health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions. Prodded by the criticism, Google last year introduced a new system that purges people's search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department's demand to examine millions of its users' search requests in a court battle two years ago."

cancel ×

214 comments

2008 (-1)

Anonymous Coward | more than 6 years ago | (#22511460)

google for president!

Re:2008 (1, Informative)

Anonymous Coward | more than 6 years ago | (#22511694)

google for president!

Been there, got the t-shirt [cafepress.com]

Great... (5, Funny)

ihaveamo (989662) | more than 6 years ago | (#22511472)

Now I'm going to get TARGETED Viagra spam....

Re:Great... (2, Insightful)

bennomatic (691188) | more than 6 years ago | (#22511480)

Sorry to hear about your problem; even more sorry to hear that it's on the record.

Re:Great... (5, Informative)

AltecZZ (1243970) | more than 6 years ago | (#22511662)

Google is wayyyy behind Microsoft.

Microsoft's HealthVault came out several months ago, and has more partnerships than Google.

http://www.healthvault.com/ [healthvault.com]

Re:Great... (4, Funny)

WK2 (1072560) | more than 6 years ago | (#22511764)

Yes, but we can't use the beevil tag for Microsoft, because that would be redundant.

Re:Great... (4, Interesting)

jerdenn (86993) | more than 6 years ago | (#22512106)

Google isn't actually behind Microsoft, as Microsoft's implementation of healthvault is actually somewhat questionable. It's as if the company paid no attention to existing standards, and decided to implement a PHR system however they damn well pleased. CDA or CCD support? What's that? IHE standards?

If anything, Microsoft is ahead in the game of press releases, but certainly not in a functioning and useful Electronic Health Records system.

Google VS Microsoft (1)

EmotionToilet (1083453) | more than 6 years ago | (#22511862)

The fact that Google is even able to attempt to make something like this happen means that it understands and values what it means to offer services in a reliable way that is respectful to its users and works to preserve their rights and privacy. I don't think Microsoft could ever even attempt such a thing. No one would ever trust them enough. In fact, I can think of very few companies I would trust with all of my medical information other than Google.

Re:Google VS Microsoft (3, Insightful)

jo42 (227475) | more than 6 years ago | (#22512110)

In fact, I can think of very few companies I would trust with all of my medical information other than Google.
You must be 20-something to make a statement that naive.

Re:Google VS Microsoft (2, Interesting)

EmotionToilet (1083453) | more than 6 years ago | (#22512266)

why? Can you list other companies I could trust as much? I don't mind anyone going through my medical records. I haven't been to the doctor in years so there probably isn't anything there. And I don't think microsoft or google are interested in going through my medical records. But I would feel more secure having them on a google server than a MS server. Some companies I trust and some I don't. I trust google. I like how they do business. I don't care for microsoft. I don't feel I can trust them.

Re:Google VS Microsoft (3, Informative)

AltecZZ (1243970) | more than 6 years ago | (#22512356)

You fail to offer any standing reason why you should trust Google more than Microsoft.

At the very least, Microsoft's Live Hotmail doesn't scan your email like Gmail does. Google's policy on privacy is questionable at best. The minute Microsoft starts scanning my email to target me with ads, I'll quit defending them.

Microsoft's security division dwarfs that of Google's. In the past year, was Live Hotmail any less secure than Gmail? Microsoft has its faults too, but so does every company, including Google. It's cool to bag on Microsoft, but at the end of the day, it's no different than other large companies, such as Citibank or GE.

Re:Google VS Microsoft (2, Informative)

quanticle (843097) | more than 6 years ago | (#22512112)

Not only has Microsoft attempted such a thing, but they've succeeded and already have a working version. [healthvault.com] Its Google that's playing catch-up here, not Microsoft.

To be fair, though, I wouldn't like either company to be snooping around in my health records.

Re:Great... (0, Redundant)

Jarik_Tentsu (1065748) | more than 6 years ago | (#22512050)

And I might get targeted penis enlargement ones...

Re:Great... (0)

Anonymous Coward | more than 6 years ago | (#22512076)

And I might get targeted penis enlargement ones...
I guess I might get targeted penis reduction ones...

Re:Great... (0)

Anonymous Coward | more than 6 years ago | (#22512064)

They'd better come up with a new "shorten your uncomfortably-long-for-your-ex-girlfriend organ" spam if my health records are to be harvested for ads.

Re:Great... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22512072)

HIPAA covers third party databases [xrl.us] [computerworld.com]. So, yes, you will be targeted for things like viagra, breast implants. .....

Cleveland Clinic (5, Insightful)

fractalVisionz (989785) | more than 6 years ago | (#22511484)

assistance of clinic in Cleveland

It's Cleveland Clinic, and it's pretty much in every major city. So there are more people affected then just in Cleveland.

Re:Cleveland Clinic (4, Informative)

tomhudson (43916) | more than 6 years ago | (#22511542)

Over my dead body? Ha! Not even then!

Fortunately, this sort of activity is illegal in Canada (PIPEDA [privcom.gc.ca] ), so I for one won't ever have to welcome your google overlords.

Re:Cleveland Clinic (0)

Anonymous Coward | more than 6 years ago | (#22511724)

It's "fortunate" that your country prevents two entities from engaging in a consensual exchange of information? That sounds quite repressive to me. I prefer to live somewhere that allows me to make my own decisions, but I understand we all can't handle that level of responsibility.

Re:Cleveland Clinic (1)

penix1 (722987) | more than 6 years ago | (#22511818)

Given this country's penchant for "opt-out" instead of "opt-in", it is prudent that these things be protected in some fashion. Sure, the info from medical providers to Google is opt-in but from there it is a different story. How soon before insurance companies or the highest bidder gets the data from there is anybody's guess.

In short, I trust Google about as much as Microsoft when it comes to making profits on this. And will the cost associated with it trickle down to patients? Probably.

Re:Cleveland Clinic (0)

Anonymous Coward | more than 6 years ago | (#22511896)

If you don't trust Google with you data don't give it to them. You have that choice. Unlike the person I responded to, who seemed proud of his lack of freedoms. Strong privacy protections are a good thing, but when they step on the rights of the people whose privacy they're protecting they've gone too far.

Re:Cleveland Clinic (3, Insightful)

penix1 (722987) | more than 6 years ago | (#22511984)

You are still missing the point. The privacy MUST be throughout the entire chain of custody. You can't say that in this case because Google can sell to the highest bidder. Sure, you have to say "yes" now but how long will that last? How long before health care providers start including "check this box to opt out" language on the forms you sign at their facility? Again, given this country's penchant for calling "opt-out" a real choice, I think sensitive data like health records should remain the perview of the health providers and patients ONLY.

Re:Cleveland Clinic (4, Interesting)

burner (8666) | more than 6 years ago | (#22512244)

But I _do_ want online access to my health records. Does this mean my health provider must build and maintain a health record server onsite in order to provide me this? If I see multiple providers, do I have to carry around a list of URLs so they can share this data?

It only makes sense for a trusted third party (with technical expertise) to hold onto this data. Personally, I trust a government (state or federal) or non-profit program with community oversight to a for-profit corporation for this. Others may simply not want any digital health records, just like some folks don't want to have online access to their bank account.

It's a VOLUNTEER basis (1, Informative)

Anonymous Coward | more than 6 years ago | (#22512176)

This isn't going to be mandated. The only way your medical records get up there is if YOU put them there and agree to use the service.

Might as well try to say Google forces you to use Gmail or use them as a search engine. There are alternatives to those too, including abstience.

Is it scary yet? (5, Insightful)

Anonymous Coward | more than 6 years ago | (#22511486)

When your email is parsed for relavent ads, many just let that go.

But when you associate my email, calendar, documents, health info and who knows what's next, I start to wonder if that might not be too many eggs in one basket?

And if you are like me, your handle/username/login is the same across many sites.

Re:Is it scary yet? (0)

Anonymous Coward | more than 6 years ago | (#22511596)

And if you are like me, your handle/username/login is the same across many sites.

That's funny, I've been Anonymous Coward on lots of sites too! What are the fuckin chances!

Re:Is it scary yet? (2, Insightful)

BunnyClaws (753889) | more than 6 years ago | (#22511830)

Using the same handle on many sites is always a bad idea. Its way to easy to track information that way.

Re:Is it scary yet? (1)

Nemilar (173603) | more than 6 years ago | (#22511936)

This is exactly the point of "Identity 2.0" You can prove who you are, to any site on the web. It gives you a constant identity.

Granted, you can have more than one identity, but generally I think people like having single handles. It lets you build a reputation across multiple sites.

HIPAA compliance? (4, Interesting)

palegray.net (1195047) | more than 6 years ago | (#22512218)

I have to wonder how Google is approaching the legal requirements for HIPAA [hhs.gov] compliance with respect to the storage and retrieval of healthcare information. Anyone got any pointers on this?

Not Mine (1)

$0.02 (618911) | more than 6 years ago | (#22511488)

I know they will have to comply with HIPPA and other laws but thank you very much. Google has not business with my private health data.

Re:Not Mine (5, Informative)

DebateG (1001165) | more than 6 years ago | (#22511548)

Actually, HIPAA does not cover third party databases [computerworld.com] .

Re:Not Mine (3, Informative)

Anonymous Coward | more than 6 years ago | (#22511804)

IAALS - HIPAA does cover health information on third party systems under the "Business Associate" rule (which means, anyone doing business with a HIPAA CE (Covered Entity) must comply with HIPAA guidelines (there must be a contractual provision providing that the business associate will comply with the same HIPAA regulations that the Covered Entity must).

The REAL issue is that HIPAA has no teeth. No one has yet really had a judgment entered against them on a HIPAA privacy violation that I am aware of, and there is serious doubt that such a judgment would amount to much (a sizable recovery is highly dubious).

For a comparison of HIPAA to another country's laws, see Canada's FOIPPA (might be one less P). Which provides among other things, that no Canadian citizens health information (ePHI) can be stored on a server on US soil (because of fears that the USFG can utilize the PATRIOT act at any time to gain access to such 'confidential' patient information (ePHI)).

Re:Not Mine (4, Informative)

QuantumRiff (120817) | more than 6 years ago | (#22511568)

Actually, no, they probably won't have to comply with HIPPA. Google for it (yeah, I know).. You are authorizing the transfer of your records to a 3rd party. You have to give permission. If you give your records to a neighbour, they are not bound by HIPPA. Yes it would be stupid of them to allow anyone to see your health history, and will probably break some state laws, but HIPPA, no..

Re:Not Mine (0, Troll)

Anonymous Coward | more than 6 years ago | (#22511614)

Google has not business with my private health data.
Remember when people had jobs making things and providing actual, useful services? This was partly because capital flowed to people with good and tangible business plans. The opposite has become fairly common, for people with crappy business plans too get tons of money to implement their half baked ideas. If you want to open a new oil refinery or start a new power plant, you're just out of luck. I don't know what has caused this, but people need to scrutinize how their investments are being spent. There is capital liquidity out there (i.e. there is investment money to be had) but it's being wasted on crap like this.

Re:Not Mine (2, Funny)

QuantumG (50515) | more than 6 years ago | (#22511646)

I'm guessing you're about 19 years old right? The 1980s called, they said you should really pay attention [slashdot.org] to the world around you.

Re:Not Mine (1)

compro01 (777531) | more than 6 years ago | (#22511722)

umm, just so you know, that link doesn't work.

Re:Not Mine (0)

Anonymous Coward | more than 6 years ago | (#22512022)

That's the second time in the past couple days I've seen a URL on /. with a /. subdomain even though it was clearly supposed to link to another site. Just like the last one, there appears nothing else wrong with the URL.

Double-edged sword (5, Interesting)

calebt3 (1098475) | more than 6 years ago | (#22511492)

On one hand, it would be convenient to have this archive available so that we can access our records without the hassle of dealing with the healthcare system. On the other side, all that data has only the strength of your password standing between it and the Black Market.

Re:Double-edged sword (5, Insightful)

zappepcs (820751) | more than 6 years ago | (#22511570)

There is more to it than that. Recently (thanks to the immigration process) I was in the unexpected position of trying to find my immunization records which are now scattered among several states, doctors, and the military. If you think gathering that information was either fun or easy, you are wrong. Having this information to hand would have been a REAL time and money saver.

The trouble is that I don't want anyone else to have it. We have technology that can go anywhere with us. You can carry a key fob that will hold it all etc. More to the point, you can carry a key fob with better security than a password with you to access, and allow access for updates by those of your choosing.

Yes, Google will make it convenient, but we need to do more about the security of it both in access to it, and what happens to it while stored somewhere other than in our homes. The mobile devices that we carry around, ordinary telephones, and other simple items make 2 part authentication easy (well easier) than you think. We should be using them.

Additionally, we already have rules about sharing health-care information. Lets use those laws, not make more, to ensure the integrity of that privacy.

Anyone here who thinks that their privacy is safe because their health care information is not yet stored by Google is completely mistaken. It's very easy to get your health care information from the current system through human error, and social engineering.

Re:Double-edged sword (1, Flamebait)

QuantumG (50515) | more than 6 years ago | (#22511658)

immunization records
Umm, why the hell do you care if someone can see what you've been immunized for?

Seriously, what's the secrecy here?

Re:Double-edged sword (1, Informative)

Fjandr (66656) | more than 6 years ago | (#22511718)

Someone seeing immunization records is hardly the point. Someone seeing everything can be a lot more of an issue. Employers, insurers, advertisers, etc.

It's called looking at the big picture, not using a trivial example to attempt to trivialize the whole issue.

Re:Double-edged sword (3, Insightful)

zappepcs (820751) | more than 6 years ago | (#22511730)

That was just an example of why it would be useful. There are many things that fall under health care that people don't want anyone to know about:

Abortion
Substance abuse
Domestic violence counseling
Prescriptions for drugs associated with a disease that has a bad stigma

And those are just a few examples of what people would want protected. I'm pretty sure that you would not want people to know that you are seeing a doctor about impotence? right? Perhaps you don't really want people to know that you are color blind or deaf in one ear. Maybe you are embarrassed if people know you have herpes.

Perhaps you don't want people finding out that your kids have been treated for sexual abuse (the record probably won't say it wasn't you that committed the abuse).

There are way more things that you don't want people to know than things you do. Hardly anyone goes to the doctor for something good.

But, if you want to tell the world that you have warts on your 1 inch penis, go ahead... we won't stop you.

Re:Double-edged sword (-1)

QuantumG (50515) | more than 6 years ago | (#22511772)

He didn't say that, he said he didn't want other people have access to his immunization records.. I asked him why. That was not an invitation for you to get on your soap box.

Re:Double-edged sword (2, Funny)

pthor1231 (885423) | more than 6 years ago | (#22511800)

I hope you know that your parent and the parent of your other comment about immunization records are the same person.

Quant, call it a night (1)

WindBourne (631190) | more than 6 years ago | (#22512262)

You have really turned into an asshole. I am guessing that something is on your mind, but normally, you are not like this.

Re:Quant, call it a night (1)

QuantumG (50515) | more than 6 years ago | (#22512272)

How am I being an asshole here? He made a statement that I didn't understand, I asked him to clarify. Furthermore, what business is it of yours?

Re:Double-edged sword (4, Insightful)

thanatos_x (1086171) | more than 6 years ago | (#22511692)

You know, it's a real pity that there is no competent organization that can offer this that's in theory not motivated by profits and has the resources, like say... the US government. Everything aside, this kind of information is something that should be likely held by the government, if only people trusted this to not expand into a serious invasion of their privacy. It's a pity that the one organization that's supposed to regulate everything and hold such information (if anyone beyond yourself is) is considered too untrustworthy to do so.

I suppose it all comes back to things being run by human nature, and sooner or later you'll have to make a deal with the devil and give him his due; increased convince (eventually to the point that it will be impossible to function without it) for a decreased amount of privacy. In theory your SSN is only related to taxes; in practice you can't get through life easily without giving it to every Tom, Dick, and Harry.

Security by obscurity might be the only measure of protection we have, but that's not terribly comforting when someone *thinks* you did something wrong, or when someone *gets* your data (though google seems much better at protecting data than most banks and governments).

On the plus side it might be nice to see spam for drugs that you can actually use, compared to everyone getting offers to increase penis size with drugs to keep it up for hours.

Re:Double-edged sword (1)

rtb61 (674572) | more than 6 years ago | (#22512044)

Nice, consider funeral homes targeting terminally ill patients, or lawyers offering will services, just your friendly googlite reminder when you are trying to escape on the internet about to die and they have to suck every last cent of marketing dollar they can out of you and even get in early on your grieving family.

As long as the details of all hospital and doctors that use these services are effectively sell you details for free data storage are publicly and clearly displayed across the internet so that clear thinking people can avoid them like the plague.

Of course if google and co want to keep secret those doctors and hospitals who use the service, we understand, it's just because they're all a bunch of privacy invasive asshats who really don't want to give you a choice.

Re:Double-edged sword (1)

QuantumG (50515) | more than 6 years ago | (#22512174)

Ya know, most everywhere else in the world lawyers are not allowed to advertise at all. It's called "soliciting".

Re:Double-edged sword (1)

Hokie06 (986634) | more than 6 years ago | (#22512096)

Its certainly not going to happen overnight, but they are working on something [hhs.gov]

Re:Double-edged sword (1)

mdmarkus (522132) | more than 6 years ago | (#22511782)

What makes you think INS will take google's say so that you've been immunized, and if you're the one responsible for putting the data into their system, it's just your say so. It might be useful for your own records (or it might creep you out), but i wouldn't expect it to be able to count as evidence...

Re:Double-edged sword (2, Insightful)

gnick (1211984) | more than 6 years ago | (#22511876)

The trouble is that I don't want anyone else to have it.
So, don't volunteer. Personally, I figure that the convenience of having my records available anywhere I happen to be traveling outweighs any paranoia over somebody hacking Google's security. If you don't want Google making your information available, don't volunteer it...

Re:Double-edged sword (5, Insightful)

Knuckles (8964) | more than 6 years ago | (#22511948)

I was in the unexpected position of trying to find my immunization records which are now scattered among several states, doctors, and the military. If you think gathering that information was either fun or easy, you are wrong. Having this information to hand would have been a REAL time and money saver.

Meanwhile, we in stone-age Europe usually receive little booklets at our birth and whenever a doctor immunizes us, he enters a stamp plus some info there. Same as with voting machines, really: not everything is in need for a fragile high-tech solution.

Re:Double-edged sword (1)

MightyYar (622222) | more than 6 years ago | (#22512108)

We get the same little pink/blue booklet here in the US. I don't know where mine is, since I didn't ask my parents for it when I went to college. Presumably in a drawer somewhere. I don't know what a doctor would do if presented with it at my age, but it would probably involve laughter.

I'm not sure they are legal as proof anyway - I know that my daughter's day care won't accept it, and I have to have the doctor fill out a separate form.

Re:Double-edged sword (0)

Anonymous Coward | more than 6 years ago | (#22512466)

Perhaps you wouldn't have these problems if it looked more like the important legal document it is.

Re:Double-edged sword (1)

fatalfury (934087) | more than 6 years ago | (#22511588)

Agreed. If Google allows the user to choose their own password, you might as well just post your medical history openly on your own website.

I didn't read the article (duh) but if Google plans to monetize this venture further by serving ads, I can only image the future emotional trauma: I just got diagnosed with liver cancer and am reviewing my medical records, and on the sidebar I read funerals-r-us.com is having a special on blue caskets!

Re:Double-edged sword (1)

kmarshallbanana (1192023) | more than 6 years ago | (#22512102)

What exactly are you expecting the Black Market to do with it? Look for people with healthy kidneys they can steal? Its more if friends/family/employers are accidentally given access that it would be a problem.

stop worrying and start scamming (1)

ILuvRamen (1026668) | more than 6 years ago | (#22512232)

You and everyone else keeps posting about how worried they are that either Google will get a copy of your data without your permission (which they can't) or someone will see your records, which is obviously possible as you mentioned. So scam the system back. If I'm not mistaken, you have to agree to release your medicals records every time. If someone sees my medical history right now, who cares. Nothing incriminating, nothing blackmail worthy or don't hire me worthy. So let's say I go to the Dr tomorrow for some stupid made up thing or just for a physical and agree to release my medical records to google and I assume it's retroactive. Even if it isn't, google would get a copy of my awesomely perfect medical history. And from then on I say no to release my records. I assume you can sort of itemize your permissions like that because you might want to release to your employer that you were injured for something but not release that you have an STD later. It's not like they keep sending your medical history to everyone you ever gave permission to forever. So in effect, no matter what happens to you in the future, if you just keep saying no, google's records will show you are and always have been in perfect health :D You could have some attempted suicides and illegal drug related treatments and a couple physical confrontations on there and it'd still look perfect to anyone who gains access to it through google.

Too late, the black market always has it. (1)

elucido (870205) | more than 6 years ago | (#22512510)


1. If the government has the information, the black market has it.

2. The black market can simply buy the information from the people who work in the hospital.

The lesson? No information which is stored in plaintext anywhere on earth is secure. As long as a pair of eyes can see it, whoever owns that pair of eyes, can capture and sell whatever information. It's already too late.

Password Protected? (4, Insightful)

Bieeanda (961632) | more than 6 years ago | (#22511496)

...with the same password that you use to log in to gMail, Google Pages, your Google home page and virtually every other service they offer? Come on. It isn't like Google mandates passwords of any particular strength, or that accounts haven't been hijacked through one means or another.

Doctor visits in the future (0)

Anonymous Coward | more than 6 years ago | (#22511504)

Google has informed me that your psychiatrist thinks you're quite the narcissist. And there is nothing that I can do about your herpes.

"a clinic" in Cleveland? (5, Insightful)

VP (32928) | more than 6 years ago | (#22511512)

Cleveland Clinic is one of the top healthcare institutions in the US and the world. Calling it "a clinic in Cleveland" is like calling the New York Times web site "some guy's blog"...

Re:"a clinic" in Cleveland? (0, Troll)

Archangel Michael (180766) | more than 6 years ago | (#22511616)

Actually I'd trust some guy's blog over the NYT.

Re:"a clinic" in Cleveland? (1)

calebt3 (1098475) | more than 6 years ago | (#22511642)

Ironic when coupled with your sig.
K: Best investigative reporting on the planet. But go ahead, read the New York Times if you want. They get lucky sometimes.

Re:"a clinic" in Cleveland? (3, Insightful)

schnikies79 (788746) | more than 6 years ago | (#22511696)

"Best investigative reporting on the planet."

If that is the case, then they really blew it with todays headlines. That McCain piece is about the most unsubstantiated news un-worthy gossip I've seen in a while. If the Obama campaign touches that one, he loses my vote.

I would be surprised if he does (1)

WindBourne (631190) | more than 6 years ago | (#22512058)

He has not been the type to do personal attacks, just attacks on policies and actions. In fact, overall, I would say that McCain has been the same way, and Clinton was until Wisc (sent her ppl in to do a hatchet job on obama).

Re:"a clinic" in Cleveland? (0)

Anonymous Coward | more than 6 years ago | (#22511678)

I don't see how your levels of trust regarding various publishing sources have any baring on the analogy that was made.

Re:"a clinic" in Cleveland? (1)

kylehase (982334) | more than 6 years ago | (#22511852)

Actually, calling the Cleveland Clinic "a clinic in Cleveland" is like calling the New York Times "a times in New York"

Re:"a clinic" in Cleveland? (1)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#22512144)

Not really. There have been many slashdot stories that have linked to the New York Times. No one has ever misidentified it. As far as I can recall, this is the first one referencing Clevland Clinic and it was misidentified. Its not as famous to the general public as NYT. I would say something like the Mayo Clinic is more akin to the Times. Maybe Cleveland is more like the Chicago Sun Times of Health care.

Re:"a clinic" in Cleveland? (0)

Anonymous Coward | more than 6 years ago | (#22512484)

Slashdot is a news site, so it references newspapers all the time. If it were a healthcare site, it would reference the Cleveland Clinic more often. Anyway, most Americans can probably only name the Mayo Clinic and Johns Hopkins (maybe UCLA) along with their own local hospital. According to US News & World Report last year, Cleveland Clinic ranks 4th [usnews.com] of all hospitals in the nation.

To make a better analogy, it isn't Harvard or Yale, but it's certainly Ivy League. It beat Mass General, Columbia and Cornell, Duke, UCSF, Barnes-Jewish, U of M, Stanford, Yale, Cedars-Sinai, and everybody else.

dom

there are others doing this already (5, Insightful)

acvh (120205) | more than 6 years ago | (#22511514)

my former employer offered us the option to buy into an online health records system. the selling points were that we could easily be sure that any doctor we saw could have instant access to all of our history, and we could review treatments and billing records.

I chose not to participate, because the provider was new and unknown to me. I don't think I would want to use Google, because they ARE known to me.

I'll just keep asking for copies of records when I visit a doctor, and keep them in my filing cabinet.

18 months is too long! (1)

cowwoc2001 (976892) | more than 6 years ago | (#22511604)

What gives Google the right to retain my private information for 18 months? This is especially worrisome in light of the fact that they are venturing into the medical domain and the kinds of stunts that Facebook has been pulling.

If I want to delete all my records *now* I should be able to do so, no questions asked.

Re:18 months is too long! (1)

schnikies79 (788746) | more than 6 years ago | (#22511626)

You give them the right, but agreeing to use their services.

If you don't like it, don't use it. This isn't a mandated thing by any means.

Re:18 months is too long! (1)

cowwoc2001 (976892) | more than 6 years ago | (#22511654)

I don't disagree with you. My point is that more users should make their voices heard on this issue. You can be sure that if Google received thousands of emails to this effect they would change their tune.

Search results is one thing, medical records are a lot more personal.

Re:18 months is too long! (1)

schnikies79 (788746) | more than 6 years ago | (#22511670)

Thats true. As it stands, I won't use this service.

Do I get access to my own records? (5, Insightful)

Animats (122034) | more than 6 years ago | (#22511618)

Can I log in and see everything myself? And can I see the list of everyone who ever accessed my records? If not, it's no good.

Re:Do I get access to my own records? (1)

pembo13 (770295) | more than 6 years ago | (#22512288)

That's kinda the entire point.

The full solution (4, Insightful)

LarrySDonald (1172757) | more than 6 years ago | (#22511648)

Give people their medical records. Digitally signed by the docs that made them so they're authentic if the medical system must. If people would like to store them at Google or host them anywhere else, great. Make a standard for appending and signing that makes some kind of sense, but that is general and will work with any storage system. How is sheets of paper being faxed/mailed between docs the best possible standard? The whole system is jive, adding storing it with Google might make it slightly less jive, actually fixing it would, well, fix it. The whole system is so antiquated it make POTS look like a good standard for sending audio, but so ingrained and unquestioned that it's just there.

Future Killer App (4, Funny)

clang_jangle (975789) | more than 6 years ago | (#22511680)

DeGoogle. Removes all traces of you from Google.

World Privacy Forum (2, Informative)

John Norris (1243964) | more than 6 years ago | (#22511712)

World Privacy Forum's [worldprivacyforum.org] report "Personal Health Records: Why Many PHRs Threaten Privacy" released yesterday goes into considerable detail as to why PHR's are a privacy nightmare.

They discuss how PHR vendors may not be covered by HIPAA nor patient/provider confidentiality laws (esp subpoenas.)

They particularly note that PHR vendors that also provide email services have a lot of data that can be easily linked together (...and to you.)

I'd really like to see this sort of thing work, but am cautious.

I for one welcome our new informational overlords (1)

definate (876684) | more than 6 years ago | (#22511720)

I like this idea. I wish there was something like this that was more wide spread, not government regulated (so you can opt out) and available in Australia.

One problem I have had is through switching doctors and the new one not getting the files of the old, and not being privy to the others results.

Also, this should increase the quality of peer review of your doctors notes.

Re:I for one welcome our new informational overlor (1)

QuantumG (50515) | more than 6 years ago | (#22512084)

It'd be so much better in Australia too, because Google would have to declare why they are collecting the information and what they are going to use it for and if they used it for purposes other than that they would be in violation of privacy laws.

Unlike the USA, where they are free to collect any information and not say who they are going to sell it to.

For the privacy worriers... (4, Insightful)

NerveGas (168686) | more than 6 years ago | (#22511726)


      This is a very big step up from what you now have. I worked for some time in the client-server programming department of a health care organization with 20,000+ employees, on projects ranging from inventory management to patient records to corporate salaries. This company did much better than most, and I can tell you that your privacy is not terribly secure.

      When you're dealing with a situation which requires thousands of people (doctors and nurses) immediate access to your records, from anywhere in the organization (spannint numerous states), even if you ruled out network security, system security, etc., the possibilities for social engineering are absolutely ENORMOUS. And more than that, with that many employees, it's simply a given that some of them will misuse their power. Just within my friends who work for the company, I know of a very good number of times when information of others was accessed, used, or disseminated for personal use or amusement. Never anything nefarious, but still, not only unethical, but against the law as well.

      Google has a much better idea of how to warehouse data, manage access to it, and audit usage and access than any of the individual health care companies out there. They may not be perfect, but they'll probably do a whole lot better than what we/you have now.

Re:For the privacy worriers... (4, Informative)

BunnyClaws (753889) | more than 6 years ago | (#22511812)

You make a very good point. I have spent a majority of my I.T. career working in the health care industry. Just like you I have seen people misuse the information that they have access too. One guy I worked with at a very large health insurance company would scour records for people he knew. Once he even looked up a girl he used to date and called her up from the number that was stored under her insurance information. It was common to see employees read through malpractice suits just for entertainment. Years back I worked for a drug store chain and I remember one employee who would look up the prescriptions of people she went to school with to see what meds they were on.

The idea of HIPPA securing medical data can be considered a sense of false security. Companies must show they are making a reasonable amount of effort to secure PHI. Making a reasonable amount of effort does not mean the information is very secure.

In my opinion HIPPA does not ensure the privacy of an individual's health information very much but merely gives everyone a false sense of privacy.

In fact (2, Interesting)

WindBourne (631190) | more than 6 years ago | (#22512082)

I have thought that when AQ (or even China) decides to get real serious with attacking the west, it will be via a computer attack. Most likely, they will hit a number of windows systems which have loads of our information on it. With the data on us, simply run the banks. By doing that, they could transfer not just billions out of the country, but cause such chaos here, that it would be difficult to have a unified front. WHile I really want to see Linux come on strong, I like that Gates has been pushing Windows into countries that America may have future issues with (china comes to mind). This health data typically has enough info to allow the run on the bank.

Re:In fact (1)

QuantumG (50515) | more than 6 years ago | (#22512098)

Dear nut-job,

Please explain how "health data" has "enough info" to "allow the run on the bank". And for the readers who have no idea how to read crazy, please also explain what you mean by this fragmented poor english.

kthxbye.

Re:In fact (3, Insightful)

WindBourne (631190) | more than 6 years ago | (#22512254)

Ah, quant, you have lost you perspective all because I called you out on one of your statements a couple of weeks ago. I thought you were above insults as well as being an asshole. I guess I was wrong. BTW, I am working late because I have a project due and am beat, so the English is not quite as nice. But this is /., not an English class.

Many of the Health data systems are built on Windows and built poorly. The security that everybody thinks is there, really is not. 25-15 years ago, I worked at various medical facilities including Metpath/corning, BlueCross/Blueshield (just at time of going private), and IBM/Kaiser (worked on the system that was in there for over a decade). I am aware of a at least a few of the systems that currently exists. From talking to a few others that still work in the industry, I know that security STILL is not taken as serious as it should be. Hippa has made changes, but from what I understand more of trying to control who sees what, and not as much on the computer. The health system is NOT just your patient info. Most of the systems contain your insurance and ultimately has loads of information on your checking and/or CC (assuming that you are not visiting a money only doc). All somebody has to do is hack these systems to obtain information. They then build up a DB and use it to attack in one clean shot, or chose the option of quietly and methodically taking the money.

Here's some medical records privacy horror stories (5, Informative)

nbauman (624611) | more than 6 years ago | (#22512414)

Here's some of the problems you can have when the confidentiality of your medical records is compromised.

http://www.post-gazette.com/pg/06362/749444-114.stm [post-gazette.com]

WSJ, 26 Dec 2006, Medical dilemma: spread of records stirs patient fears of privacy erosion; Ms. Galvin's insurer studies psychotherapist's notes; a dispute over the rules; complaint tally hits 23,896, Theo Francis.

(My notes, for people who are too lazy to even click on the link:)

In 1996, after her fiance died suddenly, Patricia Galvin left New York for San Francisco and was hired by Heller Ehrman LLP.

In 2000, Galvin began psychotherapy sessions at Stanford Hospital & Clinics with clinical psychologist Rachel Manber, who discussed her problems at work, her fiance's death, and her relationships with family, friends and co-workers. Manber assured Galvin that her notes would be confidential.

"I would never have engaged in psychotherapy with her if she did not promise me these notes were under lock and key."

In 2001, Galvin was rear-ended at a red light and suffered 4 herniated disks, which worsened.

In 2003, she applied for long-term disability. Her employer's carrier, UnumProvident Corp., said it would deny her claim unless she signed a release.

Manber assured Galvin her therapy notes would not be turned over. 3 months later, Unum denied her claim, because of psychotherapy notes about "working on a case" and a job interview in New York, which, Unum said, showed she was able to work. Galvin says they misinterpreted the notes.

In 2004, Galvin sued Manber, Stanford and Unum for malpractice and invasion of privacy, under California law. Galvin said "my most private thoughts, my personal tragedies, secrets about other people" were exposed.

In 2005, Galvin learned that Stanford had scanned Manber's notes into its system, making them part of her basic medical record. Stanford sent this file to Unum and the other driver.

Stanford said that "psychotherapy notes that are kept together with the patient's other medical records are not defined as 'psychotherapy notes' under HIPAA." It would be "impracticable" to keep them separate.

The health-care industry is scanning documents into electronic record systems. HIPAA gives psychotherapy notes special protection, but not when mixed in with general medical records.

Peter Swire, law professor, Ohio State U., explains why they wrote the rule giving confidentiality only to separate psychotherapy notes.

Stanford refused to separate her psychotherapy notes from other medical records. "Any time anybody asks for my medical records, my psychotherapy notes are going to be turned over."

In 2006, DHHS rejected Galvan's HIPAA complaint. From Apr-Nov 2003, DHHS had 23,896 privacy complaints, but hasn't taken any action. HIPAA exceptions allow release in connection with "payment" or "health-care operations."

Galvan, 51, is representing herself, because she couldn't find a California attorney with privacy experience.

Deborah Peel, Austin TX, psychiatrist and head of Patient Privacy Rights, says, "How many women want somebody to know whether they are on birth control?"

http://online.wsj.com/article/SB116709136139859229.html [wsj.com]

NYT, 26 Dec 2006, Costs of a crisis: Diabetics confront a tangle of workplace laws, N.R. Kleinfield.

Some companies fire diabetics for ostensible safety reasons, even though there's no evidence that they're unsafe. Courts nationwide have split on whether diabetes is a disability under the test that a "major life activity" is "substantially limited".

John Steigauf, 47, was a truck mechanic for United Parcel Service, but UPS put him on leave because of his diabetes. UPS claimed his blood sugar might plummet while he tested a truck, causing an accident, and he couldn't get an interstate commercial driver's license with insulin-dependent diabetes. Some insulin-dependent diabetics are prone to dizziness, fainting or muddled judgment. His disability payment is $431, half his pay. EEOC ruled that he was subject to discrimination.

In 2002, ConAgra Foods withdrew a job offer to Rudy Rodriguez at a Texas baked bean plant because of his type 2 diabetes, when a doctor decided he couldn't work safely; an appeals court found for Rodriguez.

A mortgage loan officer in Oregon was forbidden to eat at her desk, and eventually fired.

A Sears lingere saleswoman in Illinois with nerve damage quit when Sears wouldn't let her cut through a stockroom; Sears paid her $150,000.

A worker at a Wisconsin candy company was fired after asking where he could dispose of his insulin needles.

Many diabetics conceal their illness on the job, says Brian T. McMahon, Virginia Commonwealth U.

http://www.nytimes.com/2006/12/26/health/26workplace.html [nytimes.com]

How much access? (3, Interesting)

teslatug (543527) | more than 6 years ago | (#22511738)

Just how much will they be able to access? They can already access some type of information through the MyChart website. Why do they need Google anyway? Why not keep it permanently on CCF's site?

Re:How much access? (1)

pembo13 (770295) | more than 6 years ago | (#22512296)

You give them the access, so I guess you get to find out how much before you give it to them.

Hats (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#22511920)

Time for to take out the tin foil hats people this is getting scary. :P

National Security Letters? (2, Interesting)

saratchandra (847748) | more than 6 years ago | (#22511930)

Google also successfully rebuffed the U.S. Justice Department's demand
Can anyone be sure that they haven't complied with a National Security Letter(NSL) demanding them to hand over user data? And even if they did comply, we wouldn't know about it because of the terms of a NSL.

So all this talk about Google standing up to protect user data from the US Administration is as true and verifiable as their motto itself ("Don't be evil").

Microsoft HealthVault (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22511982)

Microsoft has already been testing there HealthVault system at http://health.live.com [live.com] . There's a clear battleground here: ultimately, with an ageing population and an increasingly technological population, the market for health record keeping is huge money making opportunity. Google's goal of organizing the world's information doesn't stop at public data; the most important data to each of us is our own personal data, and of that, our health data if the most valuable. People are willing to spend their life-savings just to stay a little. The drug industry already knows that.

"Searching" structured data is hard! (5, Informative)

copdk4 (712016) | more than 6 years ago | (#22512054)

Google has done a great job in searching raw free-text data. However, healthcare data is a different beast. The sheer number of datatypes is mind-boggling -- the number of different labs, drug classes, diseases etc that can get coded in patient records runs in to millions. So over the years healthcare databases have been constructed differently - they follow an EAV [yale.edu] (Entity Attribute Value) representation, which means that the patient databases are generally just ONE BIG TABLE! Here is the database schema used at New York Presby. Schema [columbia.edu] - all past 20 years patient data is stored in one table! oh yeah.. DB2 Baby!

Essentially all data/knowledge complexity is present in the Ontology/Terminology (such as SNOMED or LOINC) and the patient data itself instantiates from these.

Also doing NLP over medical notes is a difficult problem requiring years of tuning and domain knowledge to construct one -- which again is so specific to a given institution or region that it just does not work elsewhere.

It would be interesting to see what *real* innovations Google brings on the table.

This sounds great, actually (1, Flamebait)

pixelfood (973282) | more than 6 years ago | (#22512160)

Maybe because I am part of the Facebook generation, I am more accepting of this type of system. My experience has been that it is a real pain to deal with transferring medical records between different clinics, especially when I am waiting for someone to fax something before I can get my antibiotic. I'm not ashamed of anything in my medical records (no abortions or STDs), so I am willing to take the risk that they might be stolen/sold to a third party/examined by the government/used for targeted advertising in order to gain the convenience of being able to access my medical records quickly in an emergency situation.

There is hope! (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22512168)

Fortunately, this sort of activity could become illegal in the United States. [xrl.us] (PIPEDA [privcom.gov]), so I for one won't ever have to welcome your google overlords.

i'm in ur... (2, Funny)

MyOhMyOhMy (1119923) | more than 6 years ago | (#22512224)

...HOSPITAL, GOOGLing ur MEDICAL RECORDS

Sorry, I just couldn't resist.

Privacy Ammendment (3, Interesting)

Phoenix666 (184391) | more than 6 years ago | (#22512358)

I sincerely hope that Obama wins the Whitehouse, and I sincerely hope that he acts to finally put a Constitutional Ammendment guaranteeing the right to Privacy on the books.

As a professor of Constitutional law at the University of Chicago, he should be abundantly aware of how fragile our right to privacy is in this country, being that it's an inferred right that rests only on precedent.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...