Friday, February 29, 2008

Googling around

Please read John Halamka's latest posting about the personal health record service to be offered by Google. As he notes, BIDMC will be part of the roll-out of this service. An excerpt from John's blog explains how this will work:

To self populate the Google Health record, a patient who has a relationship to one of the Google interfaced providers, just clicks on the icon of their hospital. That icon offers up to 3 links. In the case of BIDMC, we'll offer

Upload your records
Make an Appointment
Securely Email your Clinicians

If a patient clicks on Upload your records, they will be asked to login to BIDMC's Personal Health Record, Patientsite, using the secure credentials that have been issued by their doctor, validating the patient's identity. Once they sign a consent, they will be given the option to initiate an upload of problems, medications, allergies and laboratories into Google Health. The patient initiates this transfer, with their consent, after understanding the risks and benefits of doing so. Once the data is in Google Health, the value to the consumer is expert decision support, disease information, and medication information based on the patient's data.

John further notes:

As part of the Google Advisory Council, I can tell you that many thoughtful people worked on the legal, technical, and policy issues around data use. Google will not advertise based on this data, resell it, data mine it , or repurpose it in an way. These consumer centric policies are similiar to the best practices adopted by Microsoft Health Vault.

It's important to me that in my role as chair of the national standards effort, HITSP, that I support all the major personal health record initiatives with interoperability. I've committed to Microsoft that BIDMC will work with Health Vault. I've committed to Dossia that we'll link with their Indivo Health platform. It's my hope that all of these efforts will converge to use one plug and play standard for clinical content and transport. Once they do, patients will be able to select the personal health record of their choice based on features, not just data.

I'd welcome comments on whether you, as a consumer, think you would find this kind of application useful.


Anonymous said...

Once we have interoperability, I would absolutely find electronic personal health records useful. Indeed, I already wear a Medic Alert necklace and carry their card. More importantly, to the extent that doctors and hospitals who treat me can also access my records, that would be even more useful, especially if it reduces or eliminates the need for duplicate testing and avoids adverse drug interactions. I'm not sure how Google and Microsoft intend to get paid for their efforts. While I would be willing to pay a reasonable charge to access and populate my medical records, pricing (presumably, transparent) will have an important bearing on the ultimate demand for the service.

JT said...

As a consumer and one working in healthcare, the benefits of a personal healthcare record are enormous. At the same time, it could be a huge liability at the corporate and personal level.

Appropriate care at the point of service would be best available when current medical records are available

However, with HIPAA and the implications of genetic testing that could cancel insurance coverage, individuals could be reluctant to adopt PHR technology except out of ignorance.

I currently work as a Med Tech in a community hospital where knowing the history of a patient could be critical (e.g when transfusion services are necessary).

Having also worked for a leading HIT vendor, I'm also aware of the redundancy of patient information that could be uploaded at (current demographics, insurance data/co-pays/Advanced Directives/Health Care Proxies on file, significant health data,etc).

I am anxious to see how this Google venture we all are!

Riyaad Ali said...

Personally I couldn't see myself using this type of service for several reasons.

The first being that never in my life have I found the transfer of health records to be a bothersome task. Maybe I'm lucky that I rarely need to visit a hospital, but I can't imagine this being a great help to the majority of the population with average health.

That being said, for those who would benefit from the service you're still adding a layer of complication, regardless of how user friendly the interface is.

And finally, it's no secret that many health care systems are still struggling to migrate to digital records to begin with. I think the introduction of this kind of product would be successful only AFTER that migration was done and systems tested on a wide scale.

Anonymous said...


I have been a google fan forever. I think that most of what they do, they do right.

But I have trouble believing they are offering such a service out of the goodness of their little google hearts. There will be a way for them to make money from the service, or they won't be able to maintain it. No matter how they have described the privacy implementation, much depends on one's definition of privacy.

Google's income models everywhere else hone in on keywords, whether its for search, blogs or adsense, their advertising program.

This line from Mr. Halamka's quote is telling, "The patient initiates this transfer, with their consent, after understanding the risks and benefits of doing so." As if more than a fraction of 1 percent of users will ever read those risks and benefits?

It's those risks that make ME nervous. He then goes on to explain the "value to the customer" which includes "expert decision support, disease information, and medication information based on the patient's data." Yup -- that's where those keywords will come in. Google's "experts" will be those people or companies who have paid to be experts -- pharma companies, and others. Their expertise will be based on who has won the high bid for placing ads in that space.

Seems like my definition of privacy, and Google's, are two different things.

For that reason, I tell patients to steer clear of any of these "free" EMR services. Both privacy and security are, to me, suspect. That means they aren't really "free" at all.

Trisha Torrey Guide to Patient Advocacy

e-Patient Dave said...

Man, do not get me started on this. No, wait - do.

The general idea of widely available SECURE health records is terrific. The question (the ENTIRE question, imo) comes down to "Whom do you trust?"

When I got wind of this five weeks ago I immediately blogged it. Excerpt:

"... there's this motto "don't be evil" that's espoused by CEO Eric Schmidt when discussing issues of privacy when Google reaches into your online underpants and reports its findings to the world. And I'll never forget 2005, when Google (particularly Schmidt) showed its real stripes on that issue. wrote a fairly balanced article about Google and privacy under the uncritical title "Google Balances Privacy, Reach." To illustrate the topic, the writer Googled Eric Schmidt himself, for just a half hour, and published what she found - about him, his salary, his neighbors, his political donations, etc.

And what was the response of The Goog? Why, got its goolies chopped off by ... let me see... my, it was CEO Eric Schmidt! This CNN article relates how Schmidt banned CNet from getting any access to Google employees for a year. And when you're a tech news site, that's a major punishment.

GOOG's stock is doing great and I love their free tools, but there's no way in hell I'm giving them sensitive personal data, regardless of what their policy says. New motto for 2008: Don't Be Stupid."

The issue here - the ENTIRE issue, imo - is that once your data is out (by any means), you can't get that toothpaste back in the tube.

"But that was 2005!" you say. Granted. "And that was personal politics. This is really confidential stuff." Granted. But that's not the point - the point is "Whom do you trust?"

What if someone decides that "USA Patriot 2009" lets the govt tell Google to fork over everything or get whacked? Good question: Let's see how the company responds to government pressure that affects their bottom line: see what the company did in China when the govt said "We don't care about your principles - do as we say or you don't get to play here."

What they said was "While [this] is inconsistent with Google's mission, providing no information ... is more inconsistent with our mission." And they caved.

So much (3 years later) for "Don't be evil."

To really get how important this is, imagine your worst-nightmare candidate getting into the White House, with his/her own Ken Starr or Donny Rumsfeld or whoever, with that power in their hand. (Wonder what Valerie Plame thinks about that.)

Give GOOG my personal medical records? Not a chance in hell. Pardon my French. As I say, new motto: Don't Be Stupid.

Anonymous said...

Actually, please correct me if I'm wrong, but I believe that the ads portion was not clearly stated. I actually went to a lecture on these new methods of EMR at BIDMC (I'm a physician here), and my understanding was that google will NOT have any advertisements when a patient is logged into their EMR. That portion of the service is completely ad free. What happens is that when a patient goes to the search feature, once outside the secure area of the EMR, based on their searches, they will get ads. Of course, one would assume that if I had diabetes, and I put "diabetes" into the search bar, you can put two and two together. The point is though that Google will not have ads built into the EMR, so there won't be any searching of words on those pages to target specific ads to a patient's specific health record.
If this is incorrect, please correct me.

Anonymous said...

I welcome the notion of electronic medical records and would like to congratulate you for your progressive embrace of the future. The transfer of medical records from office to office and between providers along the continuum of care, home to hospital is an enormous challenge. I try to hang on to copies of everything pertinent because somewhere in the lineup, important lab work and progress reports get lost. Patients and family members are terrified about these episodes of lost documents.

Jaz said...

I trust Google less than the next guy, but no-one, and I mean *no-one* else is getting this ball rolling in any meaningful way. I'll take a few years of Google-bashing if this is what it takes. As for wondering *how* Google will make money off it, if you could think of a way, you'd do it. They obviously have.

I applaud Google for doing this in an open conversation with thought-leaders in the industry, I applaud Google for taking their time to get it right and not rushing to market, and I applaud anyone who has the sense to be very careful what a private corporation will or could do with their personal health info.

We want our health records in the same way we want our credit records and our mortgage records and our carfax data. Get it done, please.

Anyone who thinks it won't be rough at the beginning has never worked in data or software. It won't be perfect and it won't be pretty.

We need this hump. Let's get on with getting over it.

Anonymous said...

I think they missed the mark on this one - aside form the privacy issues across international boundries I don't think most consumers need it. It is an interesting platform and I'm sure there is some applicability but I would have preferred to see google use their considerable data mining ability to improve process flow in hosptials. If you get a chance Paul could you take a look at my blog and link if you think it's appropriate. Thanks Ian.

Dave said...

Absolutely. (Caveat - as this becomes easier and more seamless to use.)

In my career I've had to receive care all across the U.S. and none of them had my medical information available easily. (previous injuries/sensitivities, allergies, contact info, etc.)

Second, as we move towards more diverse delivery options (retail clinics, speciality, etc.) and may not be bound by traditional HMO boundaries (i.e. PPO, or other forms). It is even more challenging to tie it together.

Wrap it all up with some handy decision support tools to remind me to do the right thing and it's a huge value add to reducing costs and improving my personal health and wellbeing.

-Dave W.

e-Patient Dave said...

You know, I re-read John's original post about this, and I trust him, and I've re-read all the comments here. I have to say, I love the idea of having the data widely and readily available, but I just cannot bring myself to trust Google to protect the data.

Remember, a single security slip-up and that's it. With a TJX-style security slip, you can at least cancel that credit card and get a new one, but with this kind of slip, you can't undo the escape of your data.

Mind you, I don't personally have any condition I'd fear having an employer (etc) discover - I blog openly about my cancer. I just think GOOG has done plenty to earn my lack of confidence.

What do you think, Paul? Is there in fact not nearly as much privacy today as we think there is, or what? What does John think about the security risk, compared to having my data in PatientSite?

How do we make sure my data isn't accessed by Evil Empire Healthcare? How do we ensure that Sneaky Insurance Inc. doesn't get at data without my permission? (And I say that as a very happy Harvard Pilgrim customer - it's a generic question, but an important one, since there are many tales of less stellar insurers doing nasty things.)

p.s. Re the ads, I presume they'll give us a way to opt out. It's amusing to think that someone might be at work and have a disease-specific ad pop up while a co-worker watches. :) And I say that as someone who spends a fair amount of his workday dealing with Google Adwords, whose logic has a few flaws in it.

Even better, since we tend to tune out to the ads, we might not even notice, and walk away, leaving the ads on the screen. So as I say, I hope they'll let us opt out.

Anonymous said...

I did the risk-benefit-cost analysis and will not be using it. My analysis:

Benefit: None that I can think of. All of my medical conditions are either obvious or non-critical. No known allergies.

Cost: Time and effort

Likelihood that my records will be made public - extremely high. If they were low, Google would be willing to place some real money next to the risk of public disclosure, e.g., a $100K penalty.
Likelihood that having my records public will cause me harm - low

e-Patient Dave said...


Thanks for posting some specifics! This is getting good.

Could you give us a sense of your age bracket? Until ~10 years ago I (then approaching 50) didn't give a hoot about medical records - hell, I practically didn't have any. Eventually some life event led me to think "Hm, what if I did end up in an emergency room and they didn't know something important?" My guess is that this is what it's all about.

Thanks again - you shed some light.

Anonymous said...

I won't find such a service useful until there are legal protections and remedies available to me as an individual consumer for the misuse or publication of my private health information. It's nice that there are agreements in place in which Google states that it won't misuse the information. But even when corporations have the best of intentions, the actions of a particular bad apple employee can have serious consequences. Since Google and other similar companies are not bound by HIPAA, what recourse do I have if my records are inappropriately accessed? As far as I can tell, nothing. And to me that is a very serious problem.

Anonymous said...

The fear of loss of security with health information implies that there is such a thing as computer security.
How much electronic health information moves from hospitals to payers, then beyond? Insurance companies can gather enormous amounts of data in their warehouse. It becomes another asset when they're sold
How can anyone track the secondary uses of information diffusing through the hospital walls?
The cat's been out of that bag for a while already.