On Thursday, Google formally unveiled its personal health records service, Google Health, with a speech by CEO Eric Schmidt and a blog post by product VP Marissa Mayer. The service will initially be tested with a group of volunteers who are patients at the Cleveland Clinic before being rolled out to the general public later this year. Future partners will include a slew of hospitals and care providers, medical testing companies, pharmacy chains, and health insurers. Microsoft rolled out a similar service, called HealthVault, last October.
There’s much to be said for such services. Today, a person’s health records are often scattered in many locations and in many forms, both paper and digital. They can be hard to find and even harder to combine into a unified whole. At best, that’s a nuisance. At worst, it puts people’s lives at risk. So far, the medical establishment has made little progress in rationalizing patient records. A company like Google, which knows how to apply enormous computer power to the organization of information, has the resources and the expertise to help solve this problem.
There are reasons for concern, however. The issue of security – in particular, questions about how sensitive medical information will be safeguarded once it enters a database that lies outside the realm of doctor-patient privilege – has already spurred much discussion. Less discussed so far, but perhaps even more troubling, is the issue of the possible commercial exploitation of personal medical information. Providing drug makers, law firms, and other companies with the ability to target ads to people based on their health histories and current illnesses would be a goldmine for the operator of a popular health records site. As one Wall Street analyst, Piper Jaffray’s Gene Munster, told USA Today, “Advertisers would pay absurd amounts of money to be seen when someone wants to, say, refill a subscription online. This is more lucrative than commerce-related search.”
Microsoft currently displays ads targeted to searches carried out through the HealthVault site, but it doesn’t tie ads to the health records themselves. Similarly, Google has stated that, at the moment, it has no plans to use personal health information to target ads. But neither company has ruled out the practice explicitly and entirely. Both have left themselves plenty of wiggle room for the future. As USA Today noted in its report, “Google said it wouldn’t start out selling ads but wouldn’t rule it out.” Munster, noting the huge amount of money that’s at stake, “firmly believes ads will happen.”
I hope Google, Microsoft, and the other for-profit companies aiming to get into the health records business will prove Munster wrong. Exploiting information about people’s illnesses to feed them ads is ethically distasteful, and it could distort the course of medical treatments as well. It’s true that we’ve already slid a good ways down this slippery slope, having allowed drug companies to advertise pharmaceuticals like soap, but tying ads to individual health records would vastly expand the potential for manipulation and abuse.
Now, while these services are in their infancy, is the right time for a public debate about the guidelines under which for-profit companies should operate health-care databases. I would hope that companies like Google and Microsoft would step forward and provide ironclad guarantees, without any wishy-washy “opt-in” and “opt-out” qualifications, that they will not allow any of the health information they store to be used to target ads or underpin other kinds of commercial promotions – ever. But if they’re not willing to do that, policymakers should consider imposing such guarantees on them. Information technology can do much good here, but it can do harm as well.
Great post Nick and you are so right about the slippery slope of exploitation and I would add possible greed.
When it is all boiled down the thread of decency that should prevail is often broken. John Sharp at Ehealth has been following this for ages:
http://ehealth.johnwsharp.com/2008/02/28/google-health-presented-at-himss.aspx
Regards, Alan
I don’t think it is reasonable to expect companies who rely so much on trust to do anything clearly wrong with those data. Lock-in, more or less covered with safety bullshit or real concerns, is more likely — but too much focus is on there to demand more then voicing possible issues, that have already been expressed at the Advisor Board Google set up.
What could be interesting — and I’ll say it a second source of revenue for Google — would be epidemiology statistics. I said, and allow me to insist: statistics; not personally identifiable information (PII). Some inconsequential poster at Google Policy blog tried to explain why an IP address was not a PII: shame on him. Apart from that, I do believe that Google is the most capable institution to figure out what makes PII. Such database would be extremely valuable to official health institutions, pharmaceutical companies and medical research labs; they could help resolve conjectures, and help us out of the sampling problem.
Should a commercial company own that? Certainly not — which proves it is high time to legally clarify the difference between information and hosting facilities, beyond the cases where the information has been made public and offended a third party: can we be happy with an information legal framework that focuses on copy-rights and libel?
How to organise user-approved access rights, safeguards regarding deletions and breaches? What could the incentives for the hosting facility ownership?
Good post Nick.
Last year, Google invested in 23 and me, an organisation that specialises in genetic sequencing. Apparently, the company intends to create a genetic database that people can search for both personal and scientific reasons. As they say on their site: “unlock the secrets of your own DNA, today!”
For some reason, I always get nervous whenever “the secrets of my DNA”, “search” and “health insurers” are mentioned in close proximity to each other.
I know they have no intention of doing this, but once you’ve all got used to advertising based upon your state of health and your sequence, I was wondering will you need to update the 15th amendment? It currently states: “The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of race, color, or previous condition of servitude”.
Do you think you might need to add “DNA sequence” to it at any time soon?
I was at the conference and actually surprised with all the other technology from sensors to tele-medicine, there was actually very little “consumerization”. Google’s entry was one of the few in the category. It struck me the consumer – you and I – needs to become more of the focus. In return we have to get over issues of privacy and security. We seem to be ok sharing deep dark secrets with Facebook, but not health records with employers and insurance companies…or may be that tells us how screwed up our health care system really is, and that privacy is the least of our concerns
There is ample evidence that insurance companies and employers would prefer to discriminate against those with poor health. Unfortunately there is a strong correlation between socio-economic status and health, so you’ll end up discriminating against the most disadvantaged.
Both the UK and US have low rates of social mobility, so whilst ability maybe evenly distributed in the population, opportunity is not. As Peter Lampl, Chairman of the Sutton Trust, said :
“It is appalling that young people’s life chances are still so tied to the fortunes of their parents, and that this situation has not improved over the last three decades”.
Discriminating against the most disadvantaged would not help this situation. However, I do realise that the US already discriminates healthcare provision based upon wealth, so it probably would be no surprise if you stopped the poor and sick from working as well.
Vinnie, as for you question whether “privacy is the least of our concerns”? Well, ask yourself :
“If Brin and Page had been born and raised in Lake Providence, Louisiana, would anyone have heard of them?”
There are bigger problems than privacy, however compounding those problems with further discrimination won’t help.
Without minimizing the genuine concerns about security and exploitation, health records are a treasure trove of information that is useful for developing better drugs. Epidemiology information, genetic information, etc for doing continuous meta-analysis etc is critical for the future of healthcare, and if we started thinking about ways to make this information accessible in ways that benefits healthcare without compromising privacy it would be great.
I think Vinnie is right on target. Our healthcare system is so screwed up that people, who I think would jump to join efforts to improve the drugs we develop are leery about trusting the health industry and rightly so in many cases
To continue to support what Bertil said, some of the key issues are data ownership, data access and data interoperability. I want to know if Google has plans to support HL7, if I can move my data from GoogleHealth to HealthVault if I wanted to? How would my physician access the data and what would he/she see?
… and so on and so forth
The information systems of the health industry are probably 20 years behind most other technologic based businesses. In many offices the super-user is the secretary with unrestricted access to demographic, billing and medical data. The transition to get medical information from paper based systems to electronic ones will probably make the transition that the financial industry underwent look puny. I am certain there will be stupendous opportunities and dangerous missteps in the process.