Recent Blog Posts
-
Smoking Lingerie Leads to Lawsuit
Nov 23 20093:11 pm EDT -
Oops
Nov 23 200912:01 am EDT -
The Era of the Renminbi Is at Hand
Nov 20 20092:55 pm EDT -
Computer Glitch Snarls Air Traffic
Nov 19 200910:29 am EDT -
Dollar Doldrums? What Dollar Doldrums?
Nov 19 20098:48 am EDT -
American Express Makes a Revolutionary Deal
Nov 18 200912:05 pm EDT -
Calpers Puts Pressure on Private Equity Funding and Fees
Nov 18 200910:27 am EDT -
Madoff Makes Millions (for Others)
Nov 18 20096:04 am EDT -
Lazard Looks Within Its Ranks for New Chief
Nov 17 20091:44 pm EDT -
A Brutal Morning for Geithner
Nov 17 20098:02 am EDT
Google Health: Are You Feeling Lucky?
Do you trust Google enough to give it your medical records?
That's precisely what the search juggernaut is asking users to do with today's introduction of Google Health.
The service is designed to allow consumers to keep all of their health records stored, indexed, and easily searchable on Google's servers. Company executives stressed the privacy features of the service.
"The information in your health record is yours and it doesn't get shared with anyone else without your permission," Google chief executive Eric Schmidt said.
Well, not quite Eric.
According to the Google Health FAQ:
We will not share your health data with individuals or third parties unless you explicitly tell us to do so or except in certain limited circumstances described in our privacy policy.
What circumstances would those be? To wit:
We provide such information to our subsidiaries, affiliated companies, or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
In other words, it's not enough to just trust Google. You have to trust that Google's "subsidiaries, affiliated companies, or other trusted businesses or persons."
But wait, there's more. Google can share your information without your consent if:
We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.
In other words, Google can fork over your data if the cops or anyone else come calling with a subpoena (or whatever else the Patriot Act allows for these days).
We're not done yet. Buried in the Google Health Terms of Service, the company makes the following disclosure:
Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.
That means Hipaa sections that relate to privacy and data security do not bind Google. Specifically, Google isn't covered by the law's privacy rule, which requires an "individual's written authorization" before disclosing health information to a third party.
Given that fact, and the other "circumstances" Google describes which would allow it to share health data without consent, if you do decide to turn your health data over to Google, you should ask yourself the following question:
by Sam Gustin
