Google to Test Medical-Record Service

Washington Post - February 22, 2008
Michael Liedtke

From washingtonpost.com

Google will begin storing the medical records of a few thousand people in a test of a health service that is likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.

The pilot project announced yesterday will involve 1,500 to 10,000 patients at the Cleveland Clinic who agreed to an electronic transfer of their personal health records so they can be retrieved through Google's service, which will not be open to the general public.

Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password.

Google views its expansion into health-records management as a logical extension of its search engine business, which already processes millions of requests from people trying to find about more information about injuries, illnesses or treatments.

The venture will be fodder for privacy watchdogs who think Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions.

The company has not said when it will begin the health service. Marissa Mayer, the Google executive overseeing the project, previously said the service would debut in 2008.

The Cleveland Clinic already keeps the personal health records of more than 120,000 patients on its online service, MyChart. Patients who transfer their information to Google would be able to retrieve it quickly even if they were no longer being treated by the clinic.

The Cleveland Clinic decided to work with Google "to create a more efficient and effective national health care system," said C. Martin Harris, the nonprofit medical center's chief information officer.

Microsoft last year introduced a similar service, HealthVault, and AOL co-founder Steve Case founded Revolution Health, which also offers online tools for managing personal health histories.

The third-party services are troublesome because they aren't covered by the Health Insurance Portability and Accountability Act (HIPAA), said Pam Dixon, executive director of the World Privacy Forum.

Passed in 1996, HIPAA established standards that classify medical information as a privileged communication between doctors and patients. Among other things, the law requires that patients be notified when their records are being subpoenaed.

That means a patient who agrees to transfer medical records to an external health service run by Google or Microsoft could make it easier for the government or some other legal adversary to obtain the information, Dixon said.

It's not clear how Google intends to make money from its health service. The company sometimes introduces new products without ads just to give people more reason to visit its Web site, betting that the increased traffic will boost its profit in the long run.