Monday, May 19, 2008

The Launch of Google Health

BIDMC is now live with Google Health. In the interest of full disclosure, I am a member of the Google Health Advisory Council and have not accepted any payments from Google for my advisory role. BIDMC is also working with Microsoft Health Vault and Dossia.

I'm now at Google Headquarters in Mountain View with the Google Health team - Roni, Missy, Maneesh, Jerry etc. and several dozen reporters.

Here's the functionality we've launched.

When a user logs into Google Health and clicks on Import Health Records - the following choices appear

Cleveland Clinic
Minute Clinic/CVS
Quest Laboratories

which are all early integrators with Google Health. At BIDMC, we have enhanced our hospital and ambulatory systems such that a patient, with their consent and control, can upload their BIDMC records to Google Health in a few keystrokes. There is no need to manually enter this health data into Google's personal health record, unlike earlier PHRs from Dr. Koop, HealthCentral and Revolution Health. Once these records are uploaded, patients receive drug/drug interaction advice, drug monographs, and disease reference materials. They can subscribe to additional third party applications, share their records if desired, and receive additional health knowledge services.

A few important notes.

Security and privacy are foundational to Google Health. The privacy policy, with oversight from the Google Health Advisory Council, stipulates that data will never be transfered, sold, mined or released without specific consent of the patient. Patients completely control the content and may remove it any time. This is similar to the Microsoft Health Vault policy.

Security standards include use of certificates, IP address restrictions controlling partner transmissions in and out of Google health, no caching of health data to the desktop (Google desktop will not index Google Health pages) and encrypted transmission.

The data standards underlying Google interoperability include a proprietary form of the Continuity of Care Record, called CCR/G. Google has committed to supporting the standards which have been recognized by HHS Secretary Leavitt including the Continuity of Care Document. The vocabulary standards used by Google and its decision support partner, Safe-Med, include SNOMED CT, LOINC, NDC, RxNorm, and ICD9.

Over the next few months, it will be interesting to see how many of the 40,000 monthly users of BIDMC's Patientsite will elect to use Google Health. Our plan is to continue to support Patientsite but also enpower patients with interoperability to other personal health records that they may find useful.

Our rollout strategy is that we've enabled the Google Health link to 5000 patients with existing Google gmail accounts (based on their Patientsite email addresses). We'll then expand the rollout as rapidly as we can based on our experience with supporting patients who use Google Health. Here's the message we sent out to our Clinicians and their Patients:

"Over the past year, BIDMC has worked with Google Health to integrate Patientsite and Google's new patient portal.

Google Health is a place for patients to gather their data from providers, payers, pharmacies and labs in one place, then receive decision support such as drug monographs, and disease information.

It is an Opt-In service and the patient controls every aspect of the Google Health site.

There is no additional work for you or your practice.

More information will be coming soon and we'll followup next week. Below is the email we'll send to your patients:

Beth Israel Deaconess Medical Center has partnered with Google Health to offer you additional features regarding your personal health records.

Patients who use PatientSite will now be able to upload their records about diagnoses, medications and allergies from PatientSite to Google Health, and then also use Google's specialized medical knowledge features - online reference materials about medical conditions, information about drug safety, questions to ask your doctor, and more.

How will this work? Initially, patients with a Google Gmail email address will have a new link in PatientSite called Google Health that will enable them to optionally use these Google features. We will add this link to additional Patientsite patients over the next few weeks.

These features are completely optional and will always be under the control of the patient. Google will not target advertising to the site, use the data, resell or share this data in any way. At no time will BIDMC share your data with Google without your consent. The decision to participate and share data is completely up to you. If you decide to participate, you can change your mind at any time and not participate. We hope these new features are helpful to you.

PatientSite Support"


Vince Kuraitis said...

Google is supporting a subset of the CCR standard . The CCR is an open standard and is not proprietary.

The distinction is important as everything that I've heard Google say tells me they are committed to open health information exchange. Thus, they are supporting both ASTM CCR and HL7 CCD as standards for summary records.

John Halamka said...

Correct - they are committed to supporting the CCR and CCD. What I meant by proprietary is the CCR/G implementation guide for Google's flavor of CCR.

Me said...

Is there a role for Google's "Open Social" construct in the development of Google Health?

John Halamka said...

Google has isolated Google Health from all other Google applications including OpenSocial to ensure privacy and security are protected.

e-Patient Dave said...

John, you know I love and respect you guys, but what about the concerns voiced by John Grohol over at the e-Patients blog, and me in January on my blog?

Is it correct that this Google service is not subject to HIPAA protections?

And as Grohol asks, if you tell Google to delete all your information, what guarantee can there possibly be that (a) they did so, and (b) it's also been deleted from any partners to whom they gave it? How can Google possibly control that?

I deal with Google almost every day at work, as a buyer of their advertising, and I can say first-hand that they can be real obfuscators. (I have to dissect and recalculate the data in their reports to see what's actually going on, and they change their algorithms at will, with only partial explanations to buyers, and sometimes no explanation at all.)

I'm not asserting (at this moment) that they're evil, I'm just asking specific questions.

I just can't see the upside of handing the Googolith your data when there's not a stitch of assurance (other than "trust us, really") that it'll be protected. And for me that went out the door once with the hypocrisy episode and a second time with the China cave-in (both in my blog post above).

What do you think about this?? You must believe your patients' data will really be safe with them - why?

Unknown said...

Hi I am Sharon, I just can't see the upside of handing the Google your data when there's not a stitch of assurance (other than "trust us, really") that it'll be protected.
My link

e-Patient Dave said...

Hi Sharon - are you a real commenter or was that just a spam link-drop? You pasted in one of my sentences and just dropped a link that seems to go to nothing relevant.

John Halamka said...

HIPAA was created for provider organizations. Google has had to implement privacy policies that are as strong or stronger than HIPAA, since HIPAA does not apply to a third party, non-provider, which acts as a steward of patient data. Here's the detailed comparison of HIPAA to Google's policy.

Unknown said...

John, even with the Google document you mentioned many people will have remaining questions about the protection of data privacy in the Google PHR. The issue is important enough to impact negatively the deployment of the PHR in the near future, IMO.

Google will need to be seriously pro-active about these issues if it wants people to embrace the new service and use it. What are the actions that Google intends to take in order to allay our fears?

JGF said...

Will Google publish their content catalogs, such as their condition list, immunization list, procedure list, medication list, etc?

Do those items have formal relationships to standards such as SNOMED, RxNorm, etc?

David Hamilton said...

John, the Google privacy policy may be stronger than HIPAA on paper -- well, on the screen -- but it's effectively toothless, because users have little recourse should their personal data be compromised. Check out the Google Health TOS, which near as I can tell explicitly limits Google's liability in such cases.

I'm increasingly convinced that the lack of HIPAA (or HIPAA-like) privacy protections is going to be a major stumbling block for PHR adoption -- at least for anyone not eligible for Medicare, and thus beyond the reach of insurers' medical underwriters.

I've gone into more detail about the shortcomings of Google Health over at BNET.

Unknown said...

If I already extensively use PatientSite and have all of my health records at BIDMC, what would I gain from moving it all to Google Health? I can access PatientSite from afar and even email my providers. Any advantage other than the input from a pharmacy?

David Szabo said...

Its not quite right to say that Google is entirely unregulated. The Federal Trade Commission will enforce Google's privacy policy, for example.

However, Google is not subject to a variety of other requirements and protections that apply to HIPAA "covered entities." For example, Google need not comply with any standards for user authentication, which could be a real issue given the weak authentication process used by gmail.

John Halamka said...

The interesting advantage over Patientsite that Google Health may develop is that it is a development platform which thousands of programmers can extend. I expect hundreds of new applications over the next 6 months that will enable patients to get decision support, graph/chart their data, and connect to home health devices like blood pressure cuffs/exercise machines. The utility of Google Health will be measured by the number the patients who decide to use it based on the value add of these new applications

Peter Durkson said...

Does anybody know of a blog dedicated to tracking Google Health New Applications? We're trying to conceptualize an Hawaii
Connected Care System and Google Health PHR plus future applications
could be very helpful to our mission of helping baby boomers to age in place. IT innovators welcomed!

Peter Durkson said...

We're looking forward to future applications of Google Health as they may apply to our mission at to build an Hawaii connected care system. IT innovators welcomed!

Nick's musings said...

Does google at some point plan to tie up with Insurance companies too such as Aetnas and Cignas of the world to obtain benefit info, claims info, etc. Also in such cases would google provide a product to extract information normalize it and send it to the Google Health Account or is it the responsibility of individual service providers to convert the data into GOOGLE CCR implementation format and send it to them.

Barbara said...

The technology is attractive. Issues regarding privacy are significant and there are obviously no guarantees. However, HIPPA itself is doublespeak. HIPPA is more about how little privacy one actually has with their PHI—if you read the fine print. So going to Google may not be so much of a privacy threat in the end. However, the hype saddens me. This technology is accessible only to those who are in a position to have access (i.e. people who are reasonably well-off economically), to those who have Insurance...and assumes we will really see/feel tangible benefits from a closer link to providers/suppliers of healthcare. So, very cool technology with all the right buzz words and standards acronyms. No reason to believe that health care itself will improve or that access to providers will improve.

Steve Rothschild said...

I think the challenge for PHRs, Google Health, Microsoft HealthVault is the consumer perception of privacy, not whether it is HIPAA compliant. Should physicians and healthcare organizations promote the adoption of these sites as part of the patient enrollment and care process, then they will be successful. John, is this something you have plans to implement in your organization?

Unknown said...
This comment has been removed by the author.
Unknown said...

To: John Halamka
I just came across this blog and Google Health. I have reviewed the links you provided. As an individual who has worked in politics and in the legal field and who is earning a degree in medicine and will be working in the medical field I have many concerns with Google Health and other online medical records storage systems. I can certainly see the upside to an individual having all of their medical records available for easy access. However, knowing the invasive, continually changing face of the courts and legislative process, I can also see looming in the distance the "big brother" computerized control of an individual's life including courts and legislative members giving rights to employers, schools, financial institutions and others who claim the "right to know" a person's medical history before they make a decision to hire, accept, or work with an individual. This will be especially true if the USA turns over to a socialized healthcare system such as exists in England, Canada and many other countries. I can tell you that over my lifetime of almost six decades the invasion of personal privacy and individual rights has reached levels not imagined in generations past. While Google is going great work in many areas, I can see that this new work will be subject to court and legislative rulings that demand Google turn over all records, as Google already caveats in the current links that I reviewed. There is no reassurance that can be provided that will cover all of the needs of an individual because companies that provide services are themselves open to external control, and therefore they cannot provide assurance of control that they themselves do not have. There are many countries who already have universal electronic medical record documentation and the full effects of who will have access to that information are continuing to be played out in nations around the world. However, it is clear that this is an enormous risk for the rights of the individual in a myriad of venues.

Unknown said...

Dear John, I sent you an invitation as speaker to Andicom 2008.
Did you recieve it? are you considering it?
Please let me know.
Best regards,

frankb said...


frankb said...


e-Patient Dave said...

Hi Frank - both of your comments got through.

What are you talking about? I'm a patient and PatientSite user, and my primary physician has access to it. He's right in the system.

Some of my doctors elect not to be in PatientSite. I don't like that but I can live with it, and it's certainly not PatientSite's doing.

Also, I gave my login info to others I trust, so they just log in and look at everything the same I do. Would that accomplish what you need?

mkrigsman said...

As a patient, sharing medical records with Google makes me nervous.

While it's clear various privacy safeguards in place, the future often holds surprises. Government demands for information, security lapses, and technology failures all create the possibility of serious privacy breaches.

In theory, it's a great idea, in practice I believe the risks outweigh the benefits.

I write a blog for ZDNet on IT failures, so my perception is based on hard observation of many situations where good intentions have failed to prevent disaster.

Michael Krigsman

Anonymous said...

花蓮旅遊,花蓮租車,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊,租車公司,花蓮旅行社,花蓮旅遊景點,花蓮旅遊行程,花蓮旅遊地圖,花蓮一日遊,花蓮租車,花蓮租車旅遊網,花蓮租車,花蓮租車,花蓮租車,花東旅遊景點,租車,花蓮旅遊,花東旅遊行程,花東旅遊地圖,花蓮租車公司,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮旅遊,租車,花蓮租車,花蓮租車 ,花蓮 租車,花蓮,花蓮旅遊網,花蓮租車網,花蓮,租車,花東 旅遊,花蓮 租車,花蓮,旅遊,租車公司,花蓮,花蓮旅遊,花東旅遊,花蓮地圖,包車,花蓮,旅遊租車,花蓮 租車,租車,花蓮租車資訊網,花蓮 旅遊,租車,花東,花東地圖,租車公司,租車網,花蓮租車旅遊,租車,花蓮,賞鯨,花蓮旅遊租車,花東旅遊,租車網,花蓮海洋公園,租車 ,花蓮 租車,花蓮,花蓮旅遊,花蓮租車公司,租車花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅行社,花東旅遊,花蓮包車,租車,花蓮旅遊,花蓮租車,花蓮一日遊,租車服務,花蓮租車公司,花蓮包車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮租車,租車網,花蓮租車公司,花蓮旅遊,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮租車公司,花蓮一日遊,租車花蓮,租車服務,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,租車公司,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮旅遊租車,花蓮租車網,花蓮租車,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮租車旅遊,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮包車,花蓮溯溪,花蓮泛舟,花蓮溯溪旅遊網,花蓮旅遊,花蓮民宿,花蓮入口網,花蓮民宿黃頁,花蓮旅遊,花蓮租車,租車公司,花蓮旅遊租車,花蓮租車,租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮賞鯨,花蓮旅遊,花蓮泛舟,花蓮賞鯨,花蓮溯溪,花蓮泛舟,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,花東旅遊,花蓮,花東,花蓮旅遊,花東旅遊,花蓮租車,花蓮,花東,花蓮旅遊,花蓮租車,花東旅遊,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花蓮租車,花蓮旅遊租車,花蓮旅遊,花蓮租車,花蓮,花東旅遊萬事通,花蓮旅遊,租車,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花東旅遊,花蓮旅遊,花蓮租車,花蓮租車,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車

Anonymous said...

禹承妍照片吳淑敏寫真n95型口罩 藤原紀香尹雪姬販毒溫昇豪部落格 賈靜雯部落格禹承妍自殺電玩少女瑤瑤開球 吳威廷blog時尚服飾,服裝搭配 祕魯議員萊昂 最新發型 豬哥亮廣告哈拉论坛汽车租赁

Anonymous said...

琳賽蘿涵懷孕|馮媛甄寫真|郭開源blog|范文芳李銘順|康乃狄克鬼屋事件 plus|李猶龍mv|



|超級偶像張芸京陳雅倫影片危情謝順福blog蔣萬安 blog劉文正 mv謝順福blog蔣萬安 blog高以翔圖片男紀香blog守護甜心漫畫王祖賢mv迷你漢堡余筱萍的照片猴頭菇食譜東部巨型蜘蛛羅家英 only you楓之穀遊戲薛景求mv史蒂芬金黑塔郭翰陽mv無名挖挖挖王傑莫綺雯mtv大堡礁島主 clare范植偉的照片朱麗倩的近況Makiyo milkiway吴亭欣bt迷霧驚魂報稅軟體瘦大腿的方法狼愛豬影片 狼愛豬影片 山田優 real you 禹承妍照片吳淑敏寫真n95型口罩 藤原紀香尹雪姬販毒溫昇豪部落格 賈靜雯部落格禹承妍自殺電玩少女瑤瑤開球 吳威廷blog時尚服飾,服裝搭配 祕魯議員萊昂 最新發型 豬哥亮廣告哈拉论坛汽车租赁

Football Matches said...

Does anybody know of a blog dedicated to tracking Google Health New Applications? We're trying to conceptualize an Hawaii
Connected Care System and Google Health PHR plus future applications
could be very helpful to our mission of helping baby boomers to age in place. IT innovators welcomed!

Recep Deniz MD