What Will Happen to Google Health Data After 2012?

Let’s face it, I haven’t actually been nice to Google of late when it comes to healthcare (or maybe I have, just once). While I believe the criticisms are justified, I can see why some people might think I’m beating a dead horse, namely Google Health. But there are some unresolved questions in the area of privacy that Google really should answer.

Google’s ill-fated attempt at a PHR isn’t completely dead. The company won’t “retire” the online service until January, and will allow users to download their data through Jan. 1, 2013. Naturally, others have stepped up to try to fill the (tiny) void left by Google Health’s demise. To nobody’s surprise, Microsoft is helping the remarkably small number of Google Health users transition their accounts to HealthVault, Microsoft’s own overly hyped, underutilized PHR platform.

What concerns me is what will happen to data already on Google’s servers. Will records be archived? Will sensitive patient health data stay on Google’s servers in perpetuity? Nobody has said for sure.

Are records safe from Google’s data-mining juggernaut? Google has consistently said that it would not use health records for anything other than to steer traffic to its core search engine, but let’s face it, Google’s primary source of revenue is from algorithm-driven advertising.

But, you say, HIPAA protects patients from unauthorized uses of their data, right? Well, remember back to 2009, when the American Recovery and Reinvestment Act expressly made third-party data repositories, health information networks and, yes, personal health records, into HIPAA business associates, effectively holding them to the same rules as covered entities under HIPAA.

Wouldn’t you know, both Google and Microsoft came out and said they were not subject to this provision. No less an insider than former national health IT coordinator Dr. David Brailer, who was a part of the legislative negotiations, told me then that lawmakers had Google Health and HealthVault specifically in mind when they crafted the ARRA language. As far as I know, there haven’t been any reported data breaches involving either PHR platform, so there’s been no need to test whether ARRA actually does apply to them, but if I had my data on Google’s or Microsoft’s servers, I’d be concerned. I’d particularly want to know what Google plans on doing with the data it’s been holding once Google Health does shut down.

Perhaps it’s time for me to make some phone calls.

About the author

Neil Versel

Neil Versel


  • All of these DIY PHRs are plain BS, IMHO.

    Hmm, ran out of abbreviations.

    Why didn’t Google Health work?
    – Lack of trust of what the G (Google not government) might do with all of this very personal data?
    – JPL (just plain lazy)? Who want to gather, then type in all of their health data?

    On the HIPAA side, that is interesting perspective. As we know, laws were meant to be worked around.
    And who better to work around laws and these two behemoths.

    The angle they will probably go from is this: if Bob Smith voluntarily uploads his personal information, and puts a check mark next to the 7 page EULA that says “we” don’t have to follow HIPAA, then we don’t have to follow HIPAA.

    Generally laws specifically written for one thing don’t work, because that one thing can change the way it works.

    I still laugh at the idea that people actually want their medical records so convenient that they can lose them…or have them stolen. Yes, of course there are a few, but most people just don’t give a damn. Look how many people actually get a physical once a year.

  • John … Here’s the deal … you keep beating the Google dead horse and I’ll keep beating the ONC dead horse.

    Off topic a bit … had this vision tonight. Remember the final scene in Indiana Jones Arc of the Covenant where the camera pulls back and you view this massive goverment warehouse with a zillion boxes and there is a realization that nobody is ever going to find the Arc again?

    Well … that’s what some data warehouse is going to look like when the final umbilacals of the National Health Information Network feeds are plugged into some janitor’s closet at ONC.

    Back to your original point … so what are they going to do with that data? Suggest they donate the servers to ONC … sign them over … load them on a truck and send them east … anything to make sure they don’t get pinged later on for doing something nefarious with the personal information. Let ONC figure out how to reliably eradicate the data.

  • Hey Don B,
    This is actually Neil Versel’s post, not mine. I’m going to have to find a better way to highlight the post author. It’s on my to-do list.

    I’ll leave the dead horse beating to Neil. Unless it’s CCHIT, and then I can’t resist.

  • Dang! Sorry … I will pay more attention. Sorry Neil.

    … and John if you are taking on CCHIT … how passe!

  • “The Magic of Big Data: GE, MIT Unveil New Way of Visualizing Disease”

    Anonymized? Right…Imagine as “they” do, having access to billions of health records across the US. Now we understand the push for national healthcare and the state’s desperate want of such data. The care provider’s budget or patient health cost clearly is of no concern!

  • Now there is a scary thought …

    Here’s better link to “packets” referenced item and its first two paras:


    “What can you do with a massive amount of medical data—20 million anonymous patient files, with a decade’s worth of health-related information about all sorts of diseases, routine to serious?”

    “GE partnered with a team of computer scientists and programmers at MIT’s SENSEable City Lab to produce Health InfoScape—an interactive, customizable data visualization that leverages 7.2 million files from the “Medical Quality Improvement Consortium,” GE’s electronic medical records database, available to customers through GE’s EMR software. The data vis aims to create new ways of understanding human health in the United States.”

    Well … what if those records were not anonymous and CMS/ONC could view who the individuals were who were the data outlyers … those who complicate comparative effectiveness data crunching?

    I agree with packets completely … this is not about the providers’ and patients’ costs … this is all about the MEGA payer’s cost … and finding ways to cut costs and then using the “$500 billion savings” to ostensibly pay for services to a new group of political constituents who aren’t paying anything now.

    Regardless of what the academic stooges say … there is little to any good that will come from dumping all of America’s health care data into a warehouse at CMS/ONC.

  • Don B,
    I think you give the government far too much credit. Even if Google Health or individual providers sent all of their data over to ONC/CMS, I don’t think they’d do much with it. They don’t even know how to accept most of the data. Insurance providers on the other hand is another story. They could pull some interesting information that they’d use for their benefit.

  • Wait wait wait! thought that’s what this was all about!

    Thought the whole ARRA deal was to get health care and treatment data on everyone in the country so the crime stoppers at ONC could crunch real people’s stuff against fuzzy comparative effectiveness research business rules written by Harvard Med School research assistants …

    … so we can save a lot of money on healthcare as a nation … and everyone would be well forever and ever.

    Wonder why the program wasn’t just set up to have all the payers port their data to ONC … instead of installing 23billion miles of optical fiber to connect Dr. Welby to the ONC closet?

Click here to post a comment