Accessing private patient health care data (name, address, diagnosis, treatment, prognosis, etc.) like Google has without the patient's knowledge or permission and without any medical need is illegal -- no matter how many excuses you make!
As someone who's worked with the HIPAA regs since before they were enacted as law, no it's not, at least not in the sense you seem to be claiming.
It's standard practice these days to have patients sign a HIPAA disclosure notice that informs patients that their data may be shared with other parties, and that those parties include not only other doctors and medical professionals, but also partners, for billing, analysis, and a host of other reasons. So all those people whose information google has have likely already given their permission, and the provider no longer need notify the patient of each specific information sharing that happens.
One thing that could enter into it here is: these tests are not OTC stuff but prescribed by a physician -- which puts them into the realm of the healthcare system and under the protections of HIPAA. But, on the other hand we recently saw how well even HIPAA works when one of America's largest hospital chains was caught selling their patient's private healthcare and other personal information (name, address, diagnosis, treatments, etc...) to Google. (But don't worry -- Google promised to just store the data on their server and not use it or sell it. LOL...).
Wow... Another episode of "Whadabout Google" brought to you by GeorgeBMac.
As least get your facts right if nothing else. Google didn't buy private health data from "one of America's.largest hospital chains. When you post half truths you also post at least half lies.
By the way a BAA (Business Associate Agreement) to comply with HIPAA obligations is not a trivial contractual agreement. At least Apple doesn't think so. since they won't agree to one.
Then how did all that private patient data (names, addresses, diagnosis, treatments, etc., etc., etc....) end up on Google servers (not hospital cloud servers but Google's own servers for Google to use as they will) without the knowledge or consent of the patients involved?
.. Did that hospital chain decide to give it away for free?
Oh yeh, that's right, the hospital chain declared that Google was their "health partner".
So you're slowly getting closer. Now at least you aren't claiming Google bought it, even tho you've made up another claim that Google can use it for whatever they want. Why would you want to known for being dishonest, or minimally what my wife would call a "drama queen".
Keep reading and you'll get there along with understanding the reason the data is where it is.
Oh, and by the way if wouldn't harm anything to get back on topic: Apple and DNA testing.
I have read enough: Google and the hospital chain cooked up a scheme and Google ended up getting boatloads of private, personal health information without patient's knowledge or consent. I doubt that the hospital chain just gave it to them as you imply.... there is no reason for them to take it and store it if they didn't plan on using it for their own purposes.
... it was illegal.
You're not reading if you don't know why Google has the data stored under a BAA & HIPAA-compliant contract, and further claiming "it was illegal". Where the heck did you get that "fact" from?? Who ruled it illegal, the court of Mr Mac? So we're all supposed to sort out the lie from the truth claim by claim as you make 'em? You should hold yourself to a higher standard.
Here's a link to a wonderfully considered discussion at Vox. Listen to the podcast in it's entirety or read the high points in the accompanying article.
BTW Google has struck similar partnerships with the health systems of Stanford University, the University of Chicago and the University of California at San Francisco. You might look into those too for legality in the Court of Mr.Mac.
Accessing private patient health care data (name, address, diagnosis, treatment, prognosis, etc.) like Google has without the patient's knowledge or permission and without any medical need is illegal -- no matter how many excuses you make!
Thank you Judge Mac for arranging the investigative teams evidence collection and your ruling of illegality based on that evidence. Great work. /s
No, it's not great work. It's known by everybody trained in HIPAA.
Google might have had a valid defense if they had not collected names & addresses along with all that private, protected health care information. But they did.
One more (perhaps fruitless) etfort to get the discussion back on topic: All this mix of imaginary and non-imaginary Google stuff from you has what to do with Apple and employee genetic testing? Nothing as far as I can see, serving only as a distraction and yet another Whaddabout Google moment.
I am sorry that you are so sensitive about Google...
" these tests are not OTC stuff but prescribed by a physician -- which
puts them into the realm of the healthcare system and under the
protections of HIPAA. But, on the other hand we recently saw how well
even HIPAA works when one of America's largest hospital chains was
caught selling their patient's private healthcare and other personal
information (name, address, diagnosis, treatments, etc...) to Google.
(But don't worry -- Google promised to just store the data on their
server and not use it or sell it. LOL...)."
I'm sorry you hold honesty in such low regard...
Wouldn't it be better all around if you made your points using 100% truth rather than half-truth's. You know what that makes the other half.
One thing that could enter into it here is: these tests are not OTC stuff but prescribed by a physician -- which puts them into the realm of the healthcare system and under the protections of HIPAA. But, on the other hand we recently saw how well even HIPAA works when one of America's largest hospital chains was caught selling their patient's private healthcare and other personal information (name, address, diagnosis, treatments, etc...) to Google. (But don't worry -- Google promised to just store the data on their server and not use it or sell it. LOL...).
Wow... Another episode of "Whadabout Google" brought to you by GeorgeBMac.
As least get your facts right if nothing else. Google didn't buy private health data from "one of America's.largest hospital chains. When you post half truths you also post at least half lies.
By the way a BAA (Business Associate Agreement) to comply with HIPAA obligations is not a trivial contractual agreement. At least Apple doesn't think so. since they won't agree to one.
Then how did all that private patient data (names, addresses, diagnosis, treatments, etc., etc., etc....) end up on Google servers (not hospital cloud servers but Google's own servers for Google to use as they will) without the knowledge or consent of the patients involved?
.. Did that hospital chain decide to give it away for free?
Oh yeh, that's right, the hospital chain declared that Google was their "health partner".
So you're slowly getting closer. Now at least you aren't claiming Google bought it, even tho you've made up another claim that Google can use it for whatever they want. Why would you want to known for being dishonest, or minimally what my wife would call a "drama queen".
Keep reading and you'll get there along with understanding the reason the data is where it is.
Oh, and by the way if wouldn't harm anything to get back on topic: Apple and DNA testing.
I have read enough: Google and the hospital chain cooked up a scheme and Google ended up getting boatloads of private, personal health information without patient's knowledge or consent. I doubt that the hospital chain just gave it to them as you imply.... there is no reason for them to take it and store it if they didn't plan on using it for their own purposes.
... it was illegal.
You're not reading if you don't know why Google has the data stored under a BAA & HIPAA-compliant contract, and further claiming "it was illegal". Where the heck did you get that "fact" from?? Who ruled it illegal, the court of Mr Mac? So we're all supposed to sort out the lie from the truth claim by claim as you make 'em? You should hold yourself to a higher standard.
Here's a link to a wonderfully considered discussion at Vox. Listen to the podcast in it's entirety or read the high points in the accompanying article.
BTW Google has struck similar partnerships with the health systems of Stanford University, the University of Chicago and the University of California at San Francisco. You might look into those too for legality in the Court of Mr.Mac.
Accessing private patient health care data (name, address, diagnosis, treatment, prognosis, etc.) like Google has without the patient's knowledge or permission and without any medical need is illegal -- no matter how many excuses you make!
Thank you Judge Mac for arranging the investigative teams evidence collection and your ruling of illegality based on that evidence. Great work. /s
No, it's not great work. It's known by everybody trained in HIPAA.
Google might have had a valid defense if they had not collected names & addresses along with all that private, protected health care information. But they did.
One more (perhaps fruitless) etfort to get the discussion back on topic: All this mix of imaginary and non-imaginary Google stuff from you has what to do with Apple and employee genetic testing? Nothing as far as I can see, serving only as a distraction and yet another Whaddabout Google moment.
The fact of the matter is: HIPAA is breaking down under the weight of money that can be made from EHRs. When HIPAA was enacted medical records were kept mostly on paper and were time consuming and expensive to duplicate. But today's EHRs can be duplicated and distributed in seconds and in mass -- and they are. I recently went to see a new physician and she knew all about me before she ever saw me --- she had checked my EHR! Google is just one of the offenders. The one that I used as an example that HIPAA protections are breaking down.
See, that's the post you should have made to begin with. Your initial one was FUDeliciousness. This paragraph is actually good AND informative, so congrats are in order for using a good example. Why couldn't you have done that originally rather than the lazy dishonest way?
By the way EHR's too are expected to be compliant with HIPAA. Your doctor knowing your health history before your appointment was not illegal or non-compliant unless rules were not followed.
Here's a salient point to consider: This genetics company testing might not fall under HIPAA rules to begin. Consumer-direct DNA testing services are not classed as covered entities under HIPAA and are therefore not subject to its regulations. That means these types of services are not protected by HIPAA and you do not have the same rights with respect to your personal data.
Yeh, you're correct: I do hold Google in low regard (at least in regards to privacy). But I do honestly respect them for being very good at what they do if that makes you feel any better.
And, LOL... Sorry, but because you don't like criticism of Google does not make that critcism "FUD". Sorry, neither you not Google get to make up your own rules. Well, maybe Google does. Obviously.
beowulfschmidt said: So all those people whose information google has have likely already given their permission, and the provider no longer need notify the patient of each specific information sharing that happens.
Yep, that's the thing. While there are data breaches and that kind of thing constantly going on... the vast majority of information of all sorts has already been signed-away in the ToS, fine-print, etc.
But, one would hope when it comes to medical info, the rules would be different around clarity and what 'partners' could entail and such, but I suppose it wouldn't surprise me too much if they weren't.
beowulfschmidt said: So all those people whose information google has have likely already given their permission, and the provider no longer need notify the patient of each specific information sharing that happens.
Yep, that's the thing. While there are data breaches and that kind of thing constantly going on... the vast majority of information of all sorts has already been signed-away in the ToS, fine-print, etc.
But, one would hope when it comes to medical info, the rules would be different around clarity and what 'partners' could entail and such, but I suppose it wouldn't surprise me too much if they weren't.
The rules are, in fact, spelled out, if not as clearly, being legalese written by lawyers, as most regular people think they should be.
Comments
It's standard practice these days to have patients sign a HIPAA disclosure notice that informs patients that their data may be shared with other parties, and that those parties include not only other doctors and medical professionals, but also partners, for billing, analysis, and a host of other reasons. So all those people whose information google has have likely already given their permission, and the provider no longer need notify the patient of each specific information sharing that happens.
Yeh, you're correct: I do hold Google in low regard (at least in regards to privacy). But I do honestly respect them for being very good at what they do if that makes you feel any better.
And, LOL... Sorry, but because you don't like criticism of Google does not make that critcism "FUD". Sorry, neither you not Google get to make up your own rules. Well, maybe Google does. Obviously.
But, one would hope when it comes to medical info, the rules would be different around clarity and what 'partners' could entail and such, but I suppose it wouldn't surprise me too much if they weren't.