Monday, May 19, 2008
Google Health, privacy, and HIPAA
Ever since we announced in late February that we were launching a pilot program with the Cleveland Clinic and building Google Health -- a new service for users to store and organize their health information online -- we've received questions and followed discussions in the media and blogosphere about how the service might work, how it will benefit users, and how it will protect their privacy.
Our product counsel team works with our product and engineering teams to think about and work through the privacy implications of new products under development -- from inception to launch. I started working with the health team at Google several years ago. Early on, we launched the Google Health Advisory Council, made up of health industry veterans, in part to solicit feedback from privacy experts and advocates about Google Health's features and privacy practices.
Now that we've officially launched Google Health, we’d like to describe in more detail the privacy protections we’ve designed and address some of the most common questions surrounding health privacy.
At its foundation, Google Health is about putting people in control of their health information. This is both its greatest benefit to users and its strongest privacy protection. Google Health puts users in complete control over who views their health information and who can add information to their profile.
Some have asked how Google Health relates and compares to the privacy protections for patients under the Health Insurance Portability and Accountability Act (HIPAA), a federal law that establishes privacy standards for patient health information. Unlike a doctor or health plan, Google Health is not regulated by HIPAA because Google does not provide health care services.
Additionally, some third party services integrated with Google Health are covered by HIPAA, and those that aren't must comply with Google Health's Developer Policies, which establish strict privacy standards for how they collect, use, or share user information.
This chart describes how Google Health's privacy practices compare to those contained in HIPAA.
We believe that Google Health will bring tremendous value to our users. We also understand the responsibility that comes with storing sensitive health information and are confident that putting control squarely in the hands of users is the best way to build a service where people can store, organize, and manage their medical records online -- and keep them private and secure.