Internet giant Google has announced it has embarked on a pilot project with the Cleveland Clinic which will involve Google storing the medical records of between 1,500 and 10,000 patients. Participation will be voluntary—patients must consent to having their records handled by Google’s new service. The Cleveland Clinic already operates its own electronic records system called MyChart; however, the Google service will make medical records available to patients using the same passwords they can use to access Google’s other services, like GMail. The records will include details about prescriptions, medical conditions, allergies, and the like, the patients can allow physicians and others to access at their discretion.
"By using the GData protocol already offered in many Google products, and supporting standards-based medical information formats like the Continuity of Care Record (CCR), our health efforts will help you access, store and communicate your health information," wrote Alan Newberger, an engineer on Google’s health team. "Above all, health data will remain yours—private and confidential. Only you have control over when to share it with family members and health providers."
Google previously announced Google Health would open its doors in 2008, but the company hasn’t offered any information on expanding its pilot program.
Google isn’t the only major computing company looking at health information: Microsoft announced its own HealthVault program late last year, aiming to provide health information as well as secure access to medical records.
Privacy advocates have warned of the dangers of storig health records electronically: abuse or security problems with the systems could result in massive invasions of privacy, discrimination, extortion, loss of employment, or other serious consequences. In the United States, third-party health information services also aren’t covered by the 1996 Health Insurance Portability and Accountability Act (HIPAA), which means information on those systems may be more easily obtained by the government or a third party, or even be used for marketing purposes. (Google already parses the content of email and instant messages traversing its services to target advertising to its users.) Among other requirements, HIPAA mandates patients be informed by their physicians when they are subpoenaed for a patient’s medical records.
