back to article Google brings its secret health data stockpiling systems to the US

Google is at it again: storing and analyzing the health data of millions of patients without seeking their consent - and claiming it doesn’t need their consent either. Following a controversial data-sharing project within the National Health Service (NHS) in the UK, the search engine giant has partnered with the second-largest …

  1. elDog

    So all that crap about HIPAA is being scuttled by google's bucks

    I've spent a good bit of my life worrying about patient privacy and consent - opt-in/out, etc.

    While I knew that hospitals and insurance companies and pharma and laboratories and couriers and every medical practice already had access to my vitals, I never expected that paradigm of "First, Do No Evil" would suck it all in.

    Get over it. We don't have any privacy.

    Says I, signing in via google.

    1. JohnFen Silver badge

      Re: So all that crap about HIPAA is being scuttled by google's bucks

      In all fairness, HIPAA was never really all that to begin with -- it's so full of holes and exceptions that it has always provided far, far less protection than people expect.

  2. cantankerous swineherd Silver badge

    definitely evil

  3. Marketing Hack Silver badge
    Thumb Down

    Nothing surprises me about Google anymore....

    The ship sailed on "Don't be evil" more than a decade ago. Nowadays, I am half expecting catch the daily news and find out that Google has been implicated in hiring a mercenary army to bloodily depose some publicly-minded third world leader, so they can replace him with a corrupt general who will give them free reign on his citizens data.

    1. Rich 11 Silver badge

      Re: Nothing surprises me about Google anymore....

      Third world? New World and Old World countries would be more profitable.

      Anyway, let's not go giving them ideas.

    2. iron Silver badge

      Re: Nothing surprises me about Google anymore....

      You must have missed the report, they did and their corrupt replacement is named Trump...

      1. not.known@this.address Bronze badge
        Facepalm

        Re: Nothing surprises me about Google anymore....

        "You must have missed the report, they did and their corrupt replacement is named Trump..."

        What, Google is owned by the RUSSIANS??? After all, weren't the losers claiming the ONLY reason Donald Trump was elected was because the Russians told everyone to vote for him through Facebook... uh, Google, uh...

        How exactly did they* do it again?

        *'they' being the Russians, Facebook, Google, Big Oil, Big Iron, The Military-Industrial Complex, The Illuminati, the Mafia, a secret cabal of uber-powerful rich old dudes who have discovered immortality, the fairies down the bottom of the White House Garden and all the other groups who apparently were the one and only reason Trump was elected...

        1. Derezed

          F

          You forgot lizard people

        2. JohnFen Silver badge

          Re: Nothing surprises me about Google anymore....

          "After all, weren't the losers claiming the ONLY reason Donald Trump was elected was because the Russians told everyone to vote for him through Facebook"

          No they weren't claiming that.

        3. Richocet

          Re: Nothing surprises me about Google anymore....

          Nice blending of the straw man and appeal to ridicule argument strategies.

        4. Roj Blake Silver badge

          Re: What, Google is owned by the RUSSIANS???

          Well, they were founded by Sergey Mikhaylovich Brin

      2. Chairman of the Bored Silver badge

        Re: Nothing surprises me about Google anymore....

        I thought that the mythology is that Google loves Obama and Clinton? Oracle supposedly loves Trump... So if Oracle is responsible for Trump getting in, I'd have to say it's about their only success this decade.

    3. Anonymous Coward
      Anonymous Coward

      Re: Nothing surprises me about Google anymore....

      That's called Sidewalk. It's in Toronto.

  4. Mark192

    "it claimed [...] the hospital’s IT systems wouldn’t be able to handle the load of Google’s database queries [...] and the auditors simply took their word for it."

    Yeah, I think that's a given.

  5. sbt Silver badge
    Flame

    It's about time patients got custody of their medical records

    Clearly health-care providers, government or otherwise, can't be trusted with them when seduced so easily by the big data snake-oil salespeople.

    Opting out of e-health records isn't enough when individual providers offer up records so freely.

    We need a technical solution where folks can keep their own records and only share them with doctors, etc on a need to know basis. It's a pain, but having betrayed our trust, the centralised system is doomed.

    Much like the illegal accesses by police of their central databases undermines trust. Don't get me started on credit agencies.

    1. Twanky Bronze badge

      Re: It's about time patients got custody of their medical records

      I applaud the principle - but I know people who can't find the paperwork they received last week, let alone stuff from a couple of years ago.

      'What? Oh, was that a scan? Yeah, I think they did something like that. Yeah, they were definitely blue and white pills the pharmacy gave me - or was that the time they gave me the big yellow ones?...'

      1. Pascal Monett Silver badge

        Yup, you nailed that : people are rubbish at proper document handling and storage. Oh sure, there' the odd exception - like my wife actually, but generally speaking papers are to be stuffed in a closet and forgotten, or judged useless and thrown out. Medical records ? Why would I keep a five-year old bill from my local pharmacist ?

        Medical documents are much better in the hands of medical professionals. That does not include Google, even if they hire a "Chief Medical Officer". Is that person even a doctor ? Well I'll be damned, she is. And the head of Google Health is as well. I hope that's a good sign, but that still doesn't make Google a medical company.

      2. sbt Silver badge
        Boffin

        can't find the paperwork

        Obviously the technical solution would have to address retention and access for end user with the skill levels of consumers rather than medical professionals. And if it's electronic, at least you're not relying on the patient keeping hard copies or remembering diagnoses or prescription details.

        Didn't say it would be easy. But I think we should resist the temptation to outsource control of our personal information to governments and corporations just because it's hard for individuals.

    2. Mike 137 Bronze badge

      Re: It's about time patients got custody of their medical records

      The solution is conceptually simple - role-based access rights managed by the primary healthcare professional (one's general practice doctor) via prior affirmative, specific, informed and unambiguous consent for each instance of sharing, plus the same constraint imposed on subsequent tiers of sharing.

      The result would be automated whitelist control by the individual over who could access their medical records. A blanket implied consent for emergency use to protect vital interests could be included. Where and how the records are actually stored would in principle be immaterial.

      There's a law in place that already provides for this - the GDPR - and the technologies are commonplace, so where's the problem?

      1. JetSetJim Silver badge

        Re: It's about time patients got custody of their medical records

        > so where's the problem?

        Where to start:

        a) govmt's complete inability to adequately specify/contract/implement an NHS_IT solution

        b) lobbyists from industry polluting everything in (a)

    3. Korev Silver badge

      Re: It's about time patients got custody of their medical records

      Personally, if I'm hit by a bus, I'd like the doctors etc to not have to get my explicit permission to see my records as I may not be in a position to authorise it.

      1. JohnFen Silver badge

        Re: It's about time patients got custody of their medical records

        Yeah, this is the problem, and is why we need some actually strong and effective legislation that protects health information while allowing it to be accessed for the patient's benefit in situations where the patient may not be able to decide on consent.

      2. sbt Silver badge
        Terminator

        All in all, it's just another bit on the bus

        ED staff treat folks without records all the time. They treat the patient as they find, with the conditions/injuries they present with. Allergies and whatnot that are dealt with now by medical bracelets, could be augmented with relevant info stored on an NFC style setup for your watch/fitness bracelet/smartphone, and retrivable by hospital staff.

      3. sabroni Silver badge

        Re: It's about time patients got custody of their medical records

        Personally, If I'm hit by a bus then I know next time I go online I'll want adverts for medical equipment.

  6. don't you hate it when you lose your account Bronze badge

    When these guys implode

    It'll make any previous financial collapse look like a walk in the park

  7. Dinanziame
    Angel

    This is the US, right?

    We'll be following the class action lawsuit with great interest.

  8. Kevin McMurtrie Silver badge

    HIPAA is dead, long live The Google

    I followed online government instructions to report a leak of medical data to HIPAA. Kaiser Permanente has partnered scammers TWICE and leaked at least enough information about my visits to perform spear phishing. Kaiser admitted to these incidents so it's easy to report, right? My HIPAA complaint went to the Office for Civil Rights and was rejected.

  9. DougS Silver badge

    Wow

    Google is the LAST company I'd want to have access to my health information. It wouldn't matter if it was anonymized, since it would be so simple for them to de-anonymize if you use Gmail and get your appointments from your doctor emailed to you, or an Android phone that can track when you are at a doctor's office or hospital.

    Yeah, I'm sure we can trust them to not do that, and to not use that information against you in ads. You'll just happen to see ads for Lipitor once you've been diagnosed with high blood pressure, all a coincidence, because they have no incentive to do that - well, other than the huge piles of money drug companies will pay to advertise to people who they know need their drugs, rather than the shotgun approach of advertising on TV to everyone!

    Obviously HIPPA needs an update for the internet age, because if this isn't wildly illegal the law is clearly stupid.

    1. Mage Silver badge
      Devil

      Re: Wow

      And they were allowed to buy Fitbit.

      1. CrazyOldCatMan Silver badge

        Re: Wow

        And they were allowed to buy Fitbit.

        I had been musing about buying one of their latest devices. The new that they were being borged killed the desire to do it.

        Not only the "all your data are belong to us" but the example of Nest et. al. where adequately-working devices and services get terminated in short order after being googlified.

      2. JohnFen Silver badge

        Re: Wow

        At least using Fitbit is completely optional. Getting medical attention may not be.

    2. Derezed

      Huh?

      "Google is the LAST company I'd want to have access to my health information. It wouldn't matter if it was anonymized, since it would be so simple for them to de-anonymize if you use Gmail and get your appointments from your doctor emailed to you, or an Android phone that can track when you are at a doctor's office or hospital."

      Why trust them with your email? Why trust Android infected with Google?

      1. DougS Silver badge

        Re: Huh?

        I don't trust them with either, but many many people do.

  10. Il'Geller

    SQL and Google

    ...and claiming it doesn’t need their consent either....

    Google still practices SQL approach: Google annotates, explains patient data from the outside, only what Google has access to. For example, by his queries or unrelated patterns (extracted from the texts found by the patient and known to Google).

    And those information, those texts that are not available to Google - for example, which are read in places inaccessible to Google - are simply not noticed. But in a health-related cases the inability to get any details is just dangerous! This is not the Internet search, when Google can make naive eyes and say " Google did not find this and output only what it found."

    AI technology, as I've told you a million times, clarifies data from within, using all data in personal devices. That is, the patient annotates everything in there, and ALL related to his health data will be structured and used. (Not just those that Google saw.)

    AI technology ensures that everything, on which human health depends, will not be lost! Google and SQL don't.

    1. ThadiasVonBasterd

      Re: SQL and Google

      Please just go away.. Go try to pedal your complete and utter bullshit elsewhere. This site arguably has the most technically literate readership on the internet so nobody is buying it. You do not understand patent law and you do not understand A.I, Neither do you do own A.I. in short, Fuck off.

  11. KBeee
    WTF?

    So when did

    “only to help the covered entity carry out its health care functions.” become

    "only if you can make money out of it."

  12. Chairman of the Bored Silver badge
    Unhappy

    Didn't Microsoft...

    ... already fire a few rounds into HIPPA's head and chest? Anyone remember Microsoft Health Vault? I'm sure that steaming pile of database was totally altruistic...

  13. Rol Silver badge

    Do know evil

    "My conscience is troubling me regarding all this confidential data slurping"

    "And did I mention you have unlimited access to the nineteenth hole. We will cover all your expenses, incidental or otherwise"

    "Well I'm beginning to feel a little better about it"

    "And as a valued contributor to our scheme we will enrol you into our employee pension running out of Barbados, which qualifies you to an annual all expenses paid contributor meeting that can go on for upwards of two weeks at a time"

    "You know. My first shudders of doubt have all but left me. All I need is a nice new car and I think my reservations will be calmed"

    "Well if we can stick a small unobtrusive camera on it, then I think we have sufficient grounds for adding it to our street view scheme"

    "Sold"

  14. mihares
    Big Brother

    It didn't even need to be THIS shady, but they would have felt uncomfortable otherwise...

    Honestly: if they put out a passing announcement, probably, nobody would have given half a hedgehog's ass about it. Or, if they wanted to give themselves an even passing appearance of transparency, they could have informed the patient that their data were used to train whatever the frick they are training with them and then lying about the data being rendered somewhat anonymous.

    But no: they had to keep it quiet and deliberately make it feel as shady as it really is: data harvesting without consent for monetisation that does _not_ benefit in any way, shape or form those to whom the data "belong" --those who generate them.

    I'm starting to believe that even the slightest whiff of moral integrity or honesty is enough to give Google's (and Facebook's, since they are up to the same stuff, guaranteed, they just haven't been caught yet) management a stroke.

    If they continue this way, they'll make oil and tobacco companies like cute little fluffy bunnies... Time to rid the world of (all of) these companies, really.

  15. adam payne Silver badge

    [b]but there didn’t seem to have been any inquiry into the actual systems in place at the hospital and the auditors simply took their word for it[/B}

    Well of course the auditors took their word for it, what else could they have been done.

    /sarcasm

    1. John Brown (no body) Silver badge

      "Well of course the auditors took their word for it, what else could they have been done."

      Sounds like they engaged the wrong Auditors!

      1. Rol Silver badge

        Until auditors are appointed by the courts, the relationship between inspector and business is going to be highly nuanced. The auditor needs to do a professional job, but would also like to get the gig again, next year.

        Respectability is nothing more than an asset that can be cashed in at will. Professionalism is knowing how much that respectability is worth and when and how best to trade it.

  16. JohnFen Silver badge

    Way to go, guys

    What a great way to take the already crazy US healthcare system and make it even crazier, more hazardous, and more of a pain in the ass. Now I have to regularly ask my current and potential medical providers if they're sharing data with Google in order to know who to avoid.

    1. jtaylor

      Re: Way to go, guys

      Now I have to regularly ask my current and potential medical providers if they're sharing data with Google in order to know who to avoid.

      They won't even know. Doctors and patients aren't being informed about this project. Even if your provider isn't part of the Ascension network, their network and hospital system, and your pharmacy benefit provider will retain your records, and those might end up commercialized in the future.

      I'm still worried about CVS-Aetna and Cigna-Express Scripts.

      1. JohnFen Silver badge

        Re: Way to go, guys

        Yes, I wasn't talking about asking the doctors -- they often don't know. I was talking about asking the business side.

        In a sense, this is little different than the increasing number of people who are asking medical providers about their religious stance, since the US is increasingly allowing discrimination on the basis of religious beliefs.

  17. Anonymous Coward
    Anonymous Coward

    all or nothing

    "it claimed that it was essential for Google to store all the data itself because the hospital’s IT systems wouldn’t be able to handle the load of Google’s database queries."

    Interesting stance, not without merit, but then, why not anonimizing data once at Google, eh ?

    Ok, I get it, this is utter BS :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019