Author Archive

Are Google Health’s Privacy Practices Healthy?

Friday, June 20th, 2008

by Jessica Young and Annie I. Antón

On May 19, 2008, Google launched Google Health [1], a new Personal Health Record (PHR) web portal that allows patients to gather and organize their medical records while keeping their physicians up to date about their health condition. As with other PHRs, like Microsoft’s HealthVault, Google Health does not appear to be covered by federal or state health privacy laws. According to the Google Health Terms of Service, Google is not a “covered entity” as defined in the Health Insurance Portability and Accountability Act (HIPAA); as such, “HIPAA does not apply to the transmission of health information by Google to any third party” [2].

Researchers at ThePrivacyPlace.org have evaluated privacy policies and privacy breaches since its founding in 2001. In particular, The Privacy Place researchers are addressing the extent to which information is protected in financial and health care systems that must comply with relevant laws and regulations.

Google Health is not a covered entity as defined in HIPAA. Thus, any personal health data that you submit to Google Health will not be afforded the same legal protections required of health care providers under HIPAA. Until state and federal agencies establish and enforce laws to protect the privacy of personal health records maintained by non-covered entities, individuals should carefully consider the risks involved in submitting sensitive health information to Google Health and other PHRs such as HealthVault. PHRs are not subject to the same privacy and security laws to which traditional medical records are subject to in the United States.

As with our analysis of Microsoft’s HealthVault [3] in October 2007, we encourage patients to carefully consider and question the privacy practices as articulated in the Google Health privacy policy, terms of service, and frequently asked questions. To further explore this new service, we analyzed and evaluated the protections and vulnerabilities involved in using Google Health. The Google Health Help Center provides a link and U.S. Postal Address—but no other contact method, such as email address or phone number —for users to submit a “Question About Privacy” [4]; clicking on this link displays a web page with a form for inquiries that states, “[w]e hope this information [Privacy Policy] will help you make an informed decision about sharing your personal information with us” [5]. Unfortunately, Google has been unresponsive to our questions regarding its Google Health privacy policy.

We sent four questions regarding Google Health’s privacy practices via the Google Health Help Center [5] on May 23, 2008. On June 4, 2008, we submitted the same four questions but this time via Google’s Web Search Help Center [6], where users are invited to submit questions specifically about Google’s privacy practices. It has been over three weeks since our first inquiry and we have yet to receive a response of any kind to any of our questions. Patients are concerned about the privacy of their health information [7]. A lack of prompt replies to questions regarding health privacy is disconcerting and suggests that privacy is not a priority for those managing Google Health or manning the Google Help Center.

We focused on three questions of Microsoft’s HealthVault in our previous analysis [3]. Here we examine these same three questions within the context of Google Health.

Will your health information be stored in other countries without appropriate legal oversight, skirting many of the protections afforded by the HIPAA?

The three Google Health privacy-related documents provide no insights about where personal health information will be stored. As we received no answers to our inquiries to the Google Health Help Center, we turned to the general Google Privacy Policy, which states, “Google processes personal information on our servers in the United States of America and in other countries” [8]. Users should always be concerned about the location of their data because different countries have different data protection standards and laws. If your data is breached in some way, the physical location of the server on which it was stored will affect the recourses that will be available to you.

Will your health care records be merged with other personal information about you that was previously collected within the context of non-health related services?

No, according to the documents we reviewed. Google Health’s Privacy Policy states: “The [record] log information will be used to operate and improve service and will not be correlated with your use of other Google services” [9]. This is also addressed in the FAQ by the statement that “no personal or medical information in your Google Health profile is used to customize your Google.com search results or used for advertising” [10]. At this point in time, it appears that Google Health information will not be merged with information from other Google services without your consent.

Are the access controls to your health records based not only on your consent, but also on the principle of least privilege?

Google Health allows users to grant read/write access to their information to other third-party sites and/or individuals. The Google Health Privacy Policy states: “you [as a Google Health user] can revoke sharing privileges at any time. When you revoke someone’s ability to read your health information, that party will no longer be able to read your information, but may have already seen or may retain a copy of the information” [9]. Thus, users should determine their access control rules as soon as possible when setting up their accounts. Access control rules and the ability to change these rules become immaterial once private health information reaches an unauthorized or unintended agent. Google is not clearly implementing the principle of least privilege, because it appears that others may be able to grant read/write access to your health information, leaving the door open for data breaches.

References

[1] Google Health.

[2] Google Health Terms of Service, April 28, 2008

[3] A.I. Antón. Is That Vault Really Protecting Your Privacy?, ThePrivacyPlace.org Blog, October 9, 2007.

[4] Google Health Help Center Contacting Support page.

[5] Google Health Help Center Contact Us [Question about privacy] page.

[6] Google Web Search Help Center.

[7] National Consumer Health Privacy Survey, California Health Care Foundation, 2005.

[8] Google Privacy Policy, October 14, 2005.

[9] Google Health Privacy Policy, no date provided.

[10] Google Health Frequently Asked Questions, no date provided.

ThePrivacyPlace Construction

Thursday, May 22nd, 2008

ThePrivacyPlace is pleased to announce that we are moving to a new hosting provider and will be revamping our site to make it more informative. Please bear with us as we work to provide better service!

Online Behavioral Advertising

Thursday, April 10th, 2008

ThePrivacyPlace.org is pleased to announce that Peter Swire, a law professor at Ohio State University, and Annie Antón, a computer science professor at North Carolina State University, have co-authored comments to the Federal Trade Commission regarding Online Behavioral Advertising. The FTC has requested comments for its Proposed Self-Regulatory Principles for Online Behavioral Advertising. Professor Swire and Professor Antón’s comments examine the technical steps necessary to achieve consumer control. Their comments are available on the Center for American Progress website.

ThePrivacyPlace.org Launches New Privacy Policy

Tuesday, February 5th, 2008

ThePrivacyPlace.org is pleased to announce that our latest privacy policy has gone live. You can see the new privacy policy here. You may also be interested in seeing a summary of changes from our previous version or perhaps older versions of the privacy policy.

ThePrivacyPlace.org Authentication Technologies Survey Still Available

Monday, January 28th, 2008

Researchers at ThePrivacyPlace.Org are still conducting an online survey about individuals’ experience with and perceptions of authentication technologies. The survey was released last August and is supported by an NSF ITR grant (National Science Foundation Information Technology Research). Your participation will help us with our investigations regarding digital identities. It will take about 15 to 20 minutes to complete the survey.

As a way of saying thank you for taking the time to complete our survey, we are also offering the chance to enter a drawing for one of two $50 Amazon gift certificates.

The URL is: http://www.theprivacyplace.org/current-survey/

The results will be posted on ThePrivacyPlace.org later in 2008.

Data Privacy Day

Saturday, January 26th, 2008

Coinciding with the Duke Law School Data Privacy Conference, this Monday, January 28th, is officially Data Privacy Day by proclamation of the Governor of North Carolina. Please take the day to raise awareness and educate your colleagues about the importance of data privacy in all areas of information technology. Alternatively, as Governor Easley, suggests you can “observe the day with appropriate ceremonies and activities that promote awareness of data privacy.” :-)

Upcoming Duke Law School Data Privacy Conference

Monday, December 17th, 2007

On Monday January 28, 2008, the Duke University School of Law will be sponsoring Data Privacy in Transatlantic Perspective: Conflict or Cooperation? The event will focus on the privacy differences between the United States and Europe. The all-day conference will include internationally recognized privacy experts from government and industry discussing the history of privacy, consumer privacy concerns, national security as it affects privacy and how global data flows interact with national privacy standards. Dr. Annie Antón, director of ThePrivacyPlace.org, will be a panelist on panel 2: Consumer Privacy through Notice and Consent.

Dr. Earp discusses privacy concerns in public records with Secretaries of State

Friday, September 7th, 2007

Dr. Julie Earp, associate professor of information systems at NC State’s College of Management and member of ThePrivacyPlace.org, recently discussed privacy and information security concerns with the National Association of Secretaries of State. Topics included redaction of Social Security Numbers and other identifiers as well as the security implications of electronic public records. For more information, see the news article from the North Carolina State College of Management.

ThePrivacyPlace.org Authentication Technologies Survey

Tuesday, August 14th, 2007

ThePrivacyPlace.Org 2007 Authentication Technologies Survey is underway!

Researchers at ThePrivacyPlace.Org are conducting an online survey about individuals’ experience with and perceptions of authentication technologies. The survey is supported by an NSF ITR grant (National Science Foundation Information Technology Research) and will help us with our investigations regarding digital identities. It will take about 15 to 20 minutes to complete.

As a way of saying thank you for taking the time to complete our survey, we are also offering the chance to enter a drawing for one of two $50 Amazon gift certificates.

The URL is: http://www.theprivacyplace.org/current-survey/

The results will be posted on ThePrivacyPlace.org in 2008.

Antón and Spafford Granted NSF Award

Thursday, August 2nd, 2007

Dr. Antón and Dr. Spafford have been awarded $500,000 by the NSF to fund their research project entitled “Transparency and Legal Compliance in Software Systems.” The project is a two year collaborative research project that runs from August 1, 2007 to August 1, 2009. Dr. David Baumer and Dr. Ignacio Valdes are listed as senior personnel on the grant.