THCB UPDATE Get email updates of new posts and industry news.
February 24, 2008
Google, the Cleveland Clinic and the Privacy Zealots
So Modern Healthcare's Joseph Conn has a whole page to write about the Cleveland Clinic and he writes just about HIPAA and the fact that this pilot is not going to be covered by it. Writing in the San Francisco Chronicle Victoria Colliver talks about not a lot more, but at least she has someone stating the bleedingly bloody obvious—
"If it's made convenient
enough and easy enough, people will be no more concerned about privacy
with these systems than they are with their financial information," he
said. "Far more people die because health information is not released
or difficult to get ... than anybody's ever been harmed because the
information has been inadvertently released."
OK so it was me she quoted, but someone needs to give Deborah Peel
and whoever the hell the World Privacy Forum is a big shake. I say this
as a card-carrying member of the ACLU and Amnesty International who is
deeply concerned about anyone’s private information and what use is
made of it.
And the shake is, if a government overhears your private information
illegally (or quasi-legally) it can use that information to take away
your freedom and worse. So the standard for their ability to access
that information should be an awful lot higher than it is in virtually
every country—including this one.
If a private corporation unwittingly lets slip your private health
data, or even uses some aspect of it knowingly to target you for
marketing, the chances of you suffering much from it are very, very low.
These are vastly different things, and conflating the two does not help in the least.
Furthermore, the potential for improvements in health outcomes and
efficiency from the type of things Google Health, Microsoft and
everyone else working in this business are trying to do vastly exceed
any possible risks associated with this disclosure. The kind of
language used by the privacy zealots besmirches the honor of the people
at Google, Cleveland Clinic and many other places working very hard to
fix these problems.
Furthermore the potential for harm from inadvertent disclosure would
be even less if we had sensible insurance reform that prevented
discrimination against people with certain health conditions. Of course
that discrimination exists right now every day in America. It causes
far, far more pain than any potential privacy violation. And I have not
seen Deborah Peel in the paper complaining about it.
For that matter while Peel’s complaining about Google, and lots of
other HIT vendors—without any good reason or evidence—she’s been
publicly praising Microsoft without acknowledging any of the accusations Fred Trotter and others have been making about her basic technical understanding of Healthvault. Perhaps its about time she came clean on the economics of that relationship.
CODA: For the record—other than one or two employees of Google and
Microsoft attending the Health 2.0 Conference in which I am a partner,
and my doing a small amount of consulting with a contractor who was
working for Microsoft in 2006, I have no financial relationship with
any of these companies. Not that it would change what I thought.
February 24, 2008 in Electronic Medical Records, Google, Privacy | Permalink
Comments
I agree that th potential benefit of these personel medical record systems out weigh the privacy risk, and I am sure more laws will be passed. But for my money I would never trust Microsoft with this given tis track record with windows and Google has stumbled around now trying to team up with a big burecratic health system. For my money I sticking to the smaller companies like http://www.medicalrecords247.com to have the most relevant and easy to use system.
Posted by: Kevin | Feb 24, 2008 6:36:47 PM
Well, well, well.
Looks like you are the only pundit who covered the launch and sees absolutely no problem with these PHR services. I am hard-pressed to find positive coverage anywhere else. Like it or not, a mere perception of a privacy problem here makes this problem very, very real. Consumer Internet 101, for those who need to be "edicated".
You should update your disclosure to say that success of anything labeled Health 2.0 depends on the general level of hype in the industry (e.g. whether people are willing to drink Kool-Aid). Inconvenient facts kill the hype and make people ask inconvenient questions. Few things would stir more scrutiny than reaction to Google Health launch.
That must be a bummer.
Posted by: Dmitriy Kruglyak | Feb 25, 2008 2:28:48 AM
Doesn't Google derive something like 98% of its rapidly growing revenues from advertising? Wouldn't Microsoft like to have Google-like earnings growth by tapping into the same source? Can someone explain to me why I would want to stash my medical records with either company if there were no legal limits on who they could sell my personal data to or what could be done with it? This isn't a defense of the Patriot Act, or the virtues of government spying on us in the name of protecting us from terrorism. That's not OK either.
Matthew, are you suggesting that HIPAA's privacy protections were a bad idea to begin with or merely that it is bad to apply them to Google and Microsoft? Or were the protections simply inadequate to begin wih? Or are we presuming that the social benefits of these benevolent companies' business plans vastly outweigh any conceivable benefits from having HIPAA's privacy protections applied to their work?
Posted by: tcoyote@msn.com | Feb 25, 2008 3:11:29 AM
I see your point, Matthew, but I think people are concerned that this stuff will go live with safeguards that are only retrospectively realized to be inadequate, but by then it will be too late. Too often we let things go in our enthusiasm, only to be hit in the face with the possible pitfalls AFTER the cat is out of the bag. One non health-care example is the failure to legally bar the cell-phone-while-driving phenomenon early enough to effectively prevent it - now it's like pulling teeth to get people to realize how dangerous it is; and it, too, is killing people every day.
As they say, an ounce of prevention is worth a pound of cure.
Posted by: bev M.D. | Feb 25, 2008 5:19:21 AM
I don't mind adding Dmitriy & tcoyote to the list of people who should give themselves a shake too!
For a start, as I've said in this article and many times, and at least one of these commenters has written at length, the benefits of sharing health data in clinical situations massively outweigh the risk. So that should be the focus of the discussion.
I am NOT saying that there shouldn't be privacy protections and there is no reason in my mind why, for all HIPPA's flaws, it cannot be extended to PHR providers as covered entities.
However, as far as I can tell nothing that is happening here violates HIPP. Showing you keyword based advertising may not to everyone's taste, but it does not mean your private health data is being transferred to anyone. And presumably your data will only end up in these services if you give them permission to accept it, which will include consent to provide whatever services and advertising you'll see.
And that's assuming that either company does advertising based on records rather than search terms (which is Google make that 98% of their money).
But exactly where are Microsoft and Google suggesting that they're going to be selling private identified data?
Nowhere.
Microsoft has bent over backwards to demonstrate that they have no intention of allowing themselves or anyone else to access your health records without permission. And Google will likely do the same when it announces its plans officially.
And of course if you're paranoid about your health records being with them, I'm sure someone else has a solution that you'll like instead, or you can be free to not use any solution.
And as for consumer reaction? Dmitriy really needs to begin to understand what shapes consumer opinion and action. It's what gets written in the press. And if reporters consistently concentrate on irrelevancies and miss the bigger picture, that consumer opinion will take a while to get to right opinion on the important issues. (Did you notice the Iraq war, Dmitriy?)
And if Dmitriy thinks I'm promoting this simply for my personal gain, and that there's no benefit to better, more controlled sharing of health information using Google, Microsoft or any other vendor as a vehicle....well I'm not sure a shake is enough.
Posted by: Matthew Holt | Feb 25, 2008 5:59:15 AM
Until someone explains to me exactly how Microsoft and Google (disciplined and focused companies I really respect, incidentally) are going to make money doing this, I have to assume that it is by extending their existing business model to medical "applications", e.g. by mining my records and selling access to my related search activity to those whose products are relevant. How else are they going to generate payback from these products? (And did I miss the press releases about how they are going to behave as if they are "covered entities" under HIPAA even though they are not?)
There is the classic Health 2.0 question, of course. No-one I know is in a better position to answer the "business model' question than Matthew. (Let's leave the "Where are the customers?" question for a separate post). And PLEASE don't tell me that PHR technologies are so revolutionary or the social benefits so large that investors and developers don't need an ROI. It has to be there somewhere, or this ain't business. Don't tell me I don't get it, dude. Make me get it.
Posted by: tcoyote | Feb 25, 2008 6:18:52 AM
I would like to try the Cleveland clinic.
Posted by: Matias | Feb 27, 2008 6:48:19 PM
Post a comment
MOST COMMENTED
