Google began offering online personal health records (PHRs) to the public this last Monday. So earlier this week I clicked over to Google Health and signed up for an account.
I was offered the choice of conveniently entering in my medical profile (e.g., age, sex, blood type, allergies, test results, immunizations, etc.). Or, though it was a moot point, I could also upload any medical information of mine that might already be held by Beth Israel Deaconess Medical Center, Cleveland Clinic, Longs Drug Stores, Medco, CVS Caremark, Quest Diagnostics, RxAmerica, or Walgreens Pharmacy.
And then I did not fill out any of my medical profile information.
I did not because while it looks like a beautiful information garden that Google is offering, it’s nonetheless a garden that has been charted within a continuing privacy paradigm that unnecessarily allocates more power into the hands of the garden's gatekeeper (i.e., Google) than to the actual gardeners themselves (like you and me).
The privacy paradigm in this instance is not perpetuated by the Congressional Health Insurance Portability and Accountability Act, but by Google’s Health Terms of Service …
“If you create, transmit, or display health or other information while using Google Health, you may provide only information that you own or have the right to use. When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.”
Now, don’t get me wrong. Google Health is a worthy service by the standards of the prevailing privacy paradigm. There are going to be a number of people who will choose to enter in their medical information.
Notwithstanding, Google Health indeed represents the predominant privacy paradigm of data possession by online companies at a time when the momentum is beginning to shift toward a 'data ownership' paradigm - see Dataportability, Traceability and Data Ownership - for truly empowering information owners and producers with technological possession of their own information.
Furthermore, it is difficult for me to imagine Google convincingly claiming the moral high ground for PHRs when I read about U.S. Senators, in a Congressional hearing held the day after Google Health was made public, pressing executives from Yahoo, Google, and Cisco Systems “to justify their business practices in China and other Internet-censoring countries”. See Senators weigh new laws over China online censorship.An article in The New England Journal of Medicine was recently published entitled Personally Controlled Online Health Data — The Next Big Thing in Medical Care?
“Most physicians in the United States have paper medical records — the sort that doctors have kept for generations. A minority have electronic records that provide, at a minimum, tools for writing progress notes and prescriptions, ordering laboratory and imaging tests, and viewing test results .... Yet electronic health data are poised for an online transformation that is being catalyzed by Dossia (a nonprofit consortium of major employers), Google Health, Microsoft HealthVault, and other Web services that are seeking expanded roles in the $2.1 trillion U.S. health care system.” [emphasis added]
If you choose not to gain access to the full text of this article by subscribing to The New England Journal of Medicine, see Internet Health Records: Convenience at a Cost? by Joanne Silberner on the National Public Radio website (which is available in both text and a 4m 36sec audio).
Silberner does a professional job but it seems like once you have read (or listened) to one of these articles about PHRs, you have pretty much read them all. What she familiarly relates is that despite the involvement of Dossia, Google Health, and Microsoft HealthVault, creating and maintaining a full health record may be a job for the compulsive and, on top of that, medical records experts are worried about privacy.
Holding that thought ...
... let’s pause for a moment to jump from the world of PHRs over to current events vis-à-vis data portability within social networking. Michael Arrington blogs a very neat summary in Data Portability – It’s The New Walled Garden at TechCrunch.
"A huge battle is underway between Google, MySpace and Facebook around control of user profiles and, therefore, users themselves …. Internet giants know that the days of getting you to spend all of your time inside their walled gardens are over. So the next best thing is to at least maintain as much data about the user as possible, and make sure they identify with your brand while they are out there not being on your site …. The companies with the profiles (mostly MySpace and Facebook) know this. And they know that to keep users happy, and to stop them from entering in all that friend data into other sites, they need to make their data at least somewhat portable. Not too portable, mind you. That means they’d lose control. But just portable enough …. [emphasis added]
Arrington further states ...
Google is a little different. They don’t have a social networking presence in the U.S., so they are trying to get in the middle between the guys with the profiles (like Facebook) and the sites that want the data. Their Friend Connect product does just that, and makes them an important data middle man. That position can later be leveraged intensely. In fact, in many ways Google can become the most important social network without actually having a social network." [emphasis added]
In other words, Google's Friend Connect provides it with an opportunity to place MySpace and Facebook within a Google ‘picture frame’ from the perspective of internet users. And that picture frame is the opening to a walled garden of data – yours and mine. Whomever controls the entrance to the garden controls ... well, you get the picture, right?
And, coming back to the world of PHRs, it takes no imagination to conclude that Google might do the same with Google Health. That is, Google Health as 'a picture frame' for Microsoft HealthVault, Dossia, etc.
But for all these machinations inside of Silicon Valley the question still goes begging ...
Speaking only for myself, the answer is ‘no’.
Posted to the DataPortability.Action.Policy ....
From: Steve Holcombe
Date: Thu, 29 May 2008 19:48:42 -0700 (PDT)
Local: Thurs, May 29 2008 9:48 pm
Subject: Data Protection Law & Policy - invitation to write
Hi, I'm an attorney. Legal ownership over information is about privacy regulations covering non-artistic content, and copyright regulations covering artistic content. There is a large world of non-artistic information over which the only protection that an information producer has is to retain control by not sharing that information. An example would be the origin or pedigree of a typical product along a supply chain which, typically, is not shared. In my opinion the focus of Dataportability.org should be upon empowering information producers (whether within social networks or along product supply chains) with technological control over their information. In other words, shift the paradigm from privacy and copyright (i.e., the prevailing legal data ownership paradigm) to direct technological control (i.e., a technological data ownership paradigm). By way of example, [see] 'Personal Health Records, Data Portability and the Continuing Privacy Paradigm' ....
[emphasis added]
See also, Google Hacking Against Privacy, Emin Islam Tath, University of Mannheim, Department of Computer Science (6 Aug 2007):
Another U.S. Senator, Byron Dorgan (D-ND), is holding hearings on Internet privacy. See the blogged entry Bits: Senators Weigh Possible Rules for Advertising and Online Privacy.
FYI, this blog entry referenced at http://www.scichi.org/tag/ethics/.