Unlike a physician or health plan, Google Health — which launched last May and is free to users — is not regulated by the Health Insurance Portability and Accountability Act (HIPAA), a federal law that established data confidentiality standards for patient health information.
Since Google does not store data on behalf of healthcare providers, its primary relationship is with the user and so it is not restricted by HIPAA, which applies only to healthcare providers and entities with which they contract.
To use Google Health, patients have to create an account and grant permission for their data to be imported into their online health profile.
Google, addressing consumers’ privacy concerns that could discourage use of devices employing remote monitoring technology, says its service would not allow patients’ personal electronic health records to fall into the wrong hands. On its website, the company says there is no advertising in Google Health and it will not sell or share patient health information unless a user authorizes it to do so.
Also, no personal or medical information stored in a user’s Google Health profile is used to customize Google.com search results, the company says.
Meanwhile, consumer advocacy groups, such as Patient Privacy Rights (PPR) and Consumer Watchdog, warn that such online records could pose a threat to patients’ health privacy rights. PPR says the most recent health IT portion of the Senate version of the economic stimulus bill intoduces loopholes that allow the sale and misuse of personal health information.
PPR wants Congress to incorporate data security protections that require private health information to be protected when it’s transmitted and stored and to ensure that the process is not dominated by special interests.