Last week, Google and the Cleveland Clinic announced a pilot of the Google personal health record (under 10,000 patients), touted by Cleveland Clinic as a means to help its snowbird patients keep track of their medical records scattered across multiple locations (among other things). See the party line from the Googleplex, and other interesting posts on the subject at the NY Times Bits blog, and the blogs of Michael Zimmer, Fred Stutzman and John Paczkowski. Thanks to John at the Digital Daily for linking to the World Privacy Forum’s consumer advisory on PHRs (which links, in turn, to a more detailed analysis of PHRs and their privacy).
So, is this a good thing, or do the potential privacy breaches — including targeted ads — overshadow what Google is trying to accomplish in the world of the PHR?
In a word: Dunno. Google is short on details, so it’s hard to say.
The commentariat has raised all the predictable questions: If you sign into all Google services with a single username and password, won’t all your web surfing, gmail and now PHR data be cross-linked and monetized? (Yes, it probably will.) If you enter your data into the Google PHR won’t it be beyond the protection of HIPAA? (Well, it depends, but it probably will — it’s being entered by an individual, not a health care provider, payor or clearinghouse.) How private will all this PHR data be? (Private, but, uh, well, it depends.)
So let’s assume the worst: Google will sell ads to the highest bidders for keywords in your PHR (kinda OK so long as there’s adequate disclosure up front), will sell aggregated de-identified data for population-based health studies (ditto, but this seems more like a good thing, and is really at the heart of the value of EHRs and PHRs generally — though the utility depends on how much data really finds its way into the PHR, and how it’s organized) and worst of all, will mistakenly convert your PHR into an RSS feed that ends up on every computer in America (eek! . . . but is that worse than dropping a paper record behind a file cabinet and never finding it again?).
Every innovation comes with a set of benefits and burdens. Nobody’s twisting arms at the Cleveland Clinic to get patients to agree to enter their data into Google PHRs. Some snowbirds — and others — will use the tool; most shut-ins — and privacy nuts — won’t. There is some value to this new tool, and there are drawbacks to its use as well. (See HealthBlawg discussion of Microsoft’s HealthVault — same sorts of issues — here and here.)
Update 2/25/08: Google hasn’t signed a business associate agreement (BAA) with the Cleveland Clinic, nor has Microsoft signed a BAA with the Mayo Clinic, which is eyeing a HealthVault roll-out. One analyst says Google would run "screaming from the room" if signing a BAA were suggested, since it’s in this biz for the marketing opportunities. Tip of the hat to Joseph Conn, at Modern Healthcare’s Health IT Strategist (free registration required).
We need comprehensive protections in place in order to ensure that the PHR data doesn’t fall outside of HIPAA and other privacy protection schemes, but it seems to me that the likelihood of that happening in a timely fashion through legislation or in a permanent manner through contractual provisions that won’t get changed continues to be slim to none. Meanwhile, each of us needs to engage in a little cost-benefit analysis before buying into one of these PHR systems.
Update 2/28/08: Google Health introduced at HIMSS. See Information Week article.
Benjamin Wright says
Maybe patients can use contract law to enhance the privacy of their health records. http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html
David Harlow says
Interesting approach, but unlikely to be adopted by the non-digerati out there, and less likely to be promoted by the Googleplex.
Not sure about the 1-800-FLOWERS case you mention on your post, but this reminds me of law school “battle of the forms” cases — which reminds me of that Marx Brothers movie with Chico and Groucho ripping out clauses of a contract, until they’ve got basically nothing left at the end. Two one-sided forms do not an agreement make . . . .
Isn’t it time to eliminate the “nobody’s twisting arms” argument? You are assuming everyone is a rational actor, which they aren’t. You also assume that this won’t become a standard that you are forced into in the end (as opposed to a more regulated database with clear privacy policies and criminal, as opposed to civil, remedies).
When dicussing academia, it is fine to make assumptions regarding people’s relative negotiating power, knowledge, and ability to engage in rational analysis, but it is dangerous to base policy off of those ideas.
At the same time, I do agree that transportable health records are an important, and missing, part of comprehensive care. Perhaps the private market is better equipped to provide those records, but the privacy concerns are legion and the invasiveness into your general life you might also find astonishing (just wait until your own toilet is beaming urinalysis to your records on a daily basis).
Benjamin Wright says
David said: “Interesting approach, but unlikely to be adopted by the non-digerati”. That’s a fair comment. But to give those digerati something concrete to think about, I posted sample privacy terms of service: http://hack-igations.blogspot.com/2008/02/some-fear-law-will-not-accord-adequate.html