Google to store electronic patient medical records?
February 25, 2008 at 8:28 pm (advertising, archive email, business, cms, corporate, data retention, electronic communication, electronic document retention, Email Archiving, email audit, email security, google, governance, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, medical records, message archiving, news, politics, thoughts)
I noticed today on Med Tech Sentinel that Google is about to begin experimentation with electronic patient medical records. Douglas Cress writes: “the Cleveland Clinic will facilitate Google’s potential domination of the electronic personal health record (PHR) space. Google chose the Clinic because they offer 100,000 patients the tools to manage their medical records online and coordinate with doctors using a PHR suite called eCleveland Clinic MyChart. An invitation will be extended to 1,500 – 10,000 of these users.” Google will use this trial to determine the level of its security in exchanging “patient medical record data including prescriptions, conditions, and allergies.” C. Martin Harris, Chief Information Officer of the Cleveland Clinic, said: “this collaboration is intended to help Google test features and services that will ultimately allow all Americans (as patients) to direct the exchange of their medical information between their various providers without compromising their privacy.
I believe the term of the day is: “HIPAA compliance.” This two word phrase is beginning to make the news in a big way. On one hand you have the CMS (Centers for Medicare and Medicaid Services) ready to conduct stringent HIPAA security audits of hospitals, and now on the other hand you have Google looking to become the top player in the electronic medical records arena. At the root of Google’s potential conquest is the technology and desire for patients to manage their personal health care records. This need is owed in large part to HIPAA, which ensures that the privileged relationship between doctor and patient is upheld. According to HIPAA, electronic patient health care data must be retained and kept secure in order for a health care provider to be deemed HIPAA compliant. However, providers such as the Cleveland Clinic have begun offering personalized tools for patients to manage their health records online. This new trend is certainly a fine idea and on part with a continuously evolving society, but are there some risks to be noted here? Are there reasons to be cautious of what Google is doing?
Firstly, what is in this for Google? I mean, nothing this noble could come for free, right? Of course not, and the concept to be aware of here is called “targeted marketing.” I am posting an additional excerpt from Douglas Cress below because I think it is important to read:
“Anyone who has spent any time on the Internet (or sorting through spam in their email in-box) should have a sense of how profitable medicine is on the Internet. Based on some cursory keyword research, and my rough calculations, Google is earning $20 million in annual revenues from the keyword ‘Viagra’ alone. ‘Ambien’ costs $2.43 -$3.65 per click; local queries like ‘Brooklyn dentist’ cost $3.71 – $4.98 per click. If Google delivers on their promise of a web portal with 24/7 access to health care information – and they’re certainly well positioned to, with their global web-based architecture and a focus on security – the upside could be tremendous. Google will have the ability to offer a free service supported by advertisers. Think GMAIL for medicine – with ads for doctors, pharmacies, drugs, and devices peppered beside your personal health records and delivered using the same contextual advertising Google is known for.”
This means that much to the delight of health care advertisers your medical records information will be used to assist in the campaign of targeted ads. There is also the issue of Google security here, is a simple password alone really enough to make you feel confident that your electronic health care data cannot be breached? What if your information is hacked? It’s true that it is possible for any system to be tampered with but would you feel more confident in a security provider that specializes solely in that field, or a gigantic corporation that merely uses it as an additional service? Will Google work on encryption? Will Google’s program only be compatible with health care providers that currently offer patients with the tools to manage medical records? If not, how would it work? If Google succeeds and takes this mainstream, how will this affect the email archiving industry? Will health care professionals flock to Google for their HIPAA email compliance needs? Stay tuned.
Simplicato's Weblog 