Monday, May 19, 2008

The Launch of Google Health

BIDMC is now live with Google Health. In the interest of full disclosure, I am a member of the Google Health Advisory Council and have not accepted any payments from Google for my advisory role. BIDMC is also working with Microsoft Health Vault and Dossia.

I'm now at Google Headquarters in Mountain View with the Google Health team - Roni, Missy, Maneesh, Jerry etc. and several dozen reporters.

Here's the functionality we've launched.

When a user logs into Google Health and clicks on Import Health Records - the following choices appear

BIDMC
Cleveland Clinic
Longs
MEDCO
Minute Clinic/CVS
Quest Laboratories
RxAmerica
Wallgreens

which are all early integrators with Google Health. At BIDMC, we have enhanced our hospital and ambulatory systems such that a patient, with their consent and control, can upload their BIDMC records to Google Health in a few keystrokes. There is no need to manually enter this health data into Google's personal health record, unlike earlier PHRs from Dr. Koop, HealthCentral and Revolution Health. Once these records are uploaded, patients receive drug/drug interaction advice, drug monographs, and disease reference materials. They can subscribe to additional third party applications, share their records if desired, and receive additional health knowledge services.

A few important notes.

Security and privacy are foundational to Google Health. The privacy policy, with oversight from the Google Health Advisory Council, stipulates that data will never be transfered, sold, mined or released without specific consent of the patient. Patients completely control the content and may remove it any time. This is similar to the Microsoft Health Vault policy.

Security standards include use of certificates, IP address restrictions controlling partner transmissions in and out of Google health, no caching of health data to the desktop (Google desktop will not index Google Health pages) and encrypted transmission.

The data standards underlying Google interoperability include a proprietary form of the Continuity of Care Record, called CCR/G. Google has committed to supporting the standards which have been recognized by HHS Secretary Leavitt including the Continuity of Care Document. The vocabulary standards used by Google and its decision support partner, Safe-Med, include SNOMED CT, LOINC, NDC, RxNorm, and ICD9.

Over the next few months, it will be interesting to see how many of the 40,000 monthly users of BIDMC's Patientsite will elect to use Google Health. Our plan is to continue to support Patientsite but also enpower patients with interoperability to other personal health records that they may find useful.

Our rollout strategy is that we've enabled the Google Health link to 5000 patients with existing Google gmail accounts (based on their Patientsite email addresses). We'll then expand the rollout as rapidly as we can based on our experience with supporting patients who use Google Health. Here's the message we sent out to our Clinicians and their Patients:

"Over the past year, BIDMC has worked with Google Health to integrate Patientsite and Google's new patient portal.

Google Health is a place for patients to gather their data from providers, payers, pharmacies and labs in one place, then receive decision support such as drug monographs, and disease information.

It is an Opt-In service and the patient controls every aspect of the Google Health site.

There is no additional work for you or your practice.

More information will be coming soon and we'll followup next week. Below is the email we'll send to your patients:

Beth Israel Deaconess Medical Center has partnered with Google Health to offer you additional features regarding your personal health records.

Patients who use PatientSite will now be able to upload their records about diagnoses, medications and allergies from PatientSite to Google Health, and then also use Google's specialized medical knowledge features - online reference materials about medical conditions, information about drug safety, questions to ask your doctor, and more.

How will this work? Initially, patients with a Google Gmail email address will have a new link in PatientSite called Google Health that will enable them to optionally use these Google features. We will add this link to additional Patientsite patients over the next few weeks.

These features are completely optional and will always be under the control of the patient. Google will not target advertising to the site, use the data, resell or share this data in any way. At no time will BIDMC share your data with Google without your consent. The decision to participate and share data is completely up to you. If you decide to participate, you can change your mind at any time and not participate. We hope these new features are helpful to you.

PatientSite Support"

30 comments:

  1. Google is supporting a subset of the CCR standard http://code.google.com/apis/health/ . The CCR is an open standard and is not proprietary.

    The distinction is important as everything that I've heard Google say tells me they are committed to open health information exchange. Thus, they are supporting both ASTM CCR and HL7 CCD as standards for summary records.

    ReplyDelete
  2. Correct - they are committed to supporting the CCR and CCD. What I meant by proprietary is the CCR/G implementation guide for Google's flavor of CCR.

    ReplyDelete
  3. Is there a role for Google's "Open Social" construct in the development of Google Health?

    ReplyDelete
  4. Google has isolated Google Health from all other Google applications including OpenSocial to ensure privacy and security are protected.

    ReplyDelete
  5. John, you know I love and respect you guys, but what about the concerns voiced by John Grohol over at the e-Patients blog, and me in January on my blog?

    Is it correct that this Google service is not subject to HIPAA protections?

    And as Grohol asks, if you tell Google to delete all your information, what guarantee can there possibly be that (a) they did so, and (b) it's also been deleted from any partners to whom they gave it? How can Google possibly control that?

    I deal with Google almost every day at work, as a buyer of their advertising, and I can say first-hand that they can be real obfuscators. (I have to dissect and recalculate the data in their reports to see what's actually going on, and they change their algorithms at will, with only partial explanations to buyers, and sometimes no explanation at all.)

    I'm not asserting (at this moment) that they're evil, I'm just asking specific questions.

    I just can't see the upside of handing the Googolith your data when there's not a stitch of assurance (other than "trust us, really") that it'll be protected. And for me that went out the door once with the CNet.com hypocrisy episode and a second time with the China cave-in (both in my blog post above).

    What do you think about this?? You must believe your patients' data will really be safe with them - why?

    ReplyDelete
  6. Hi I am Sharon, I just can't see the upside of handing the Google your data when there's not a stitch of assurance (other than "trust us, really") that it'll be protected.
    My link Themedica.com

    ReplyDelete
  7. Hi Sharon - are you a real commenter or was that just a spam link-drop? You pasted in one of my sentences and just dropped a link that seems to go to nothing relevant.

    ReplyDelete
  8. HIPAA was created for provider organizations. Google has had to implement privacy policies that are as strong or stronger than HIPAA, since HIPAA does not apply to a third party, non-provider, which acts as a steward of patient data. Here's the detailed comparison of HIPAA to Google's policy.

    http://www.google.com/health_hipaa.html

    ReplyDelete
  9. John, even with the Google document you mentioned many people will have remaining questions about the protection of data privacy in the Google PHR. The issue is important enough to impact negatively the deployment of the PHR in the near future, IMO.

    Google will need to be seriously pro-active about these issues if it wants people to embrace the new service and use it. What are the actions that Google intends to take in order to allay our fears?

    ReplyDelete
  10. Will Google publish their content catalogs, such as their condition list, immunization list, procedure list, medication list, etc?

    Do those items have formal relationships to standards such as SNOMED, RxNorm, etc?

    ReplyDelete
  11. John, the Google privacy policy may be stronger than HIPAA on paper -- well, on the screen -- but it's effectively toothless, because users have little recourse should their personal data be compromised. Check out the Google Health TOS, which near as I can tell explicitly limits Google's liability in such cases.

    I'm increasingly convinced that the lack of HIPAA (or HIPAA-like) privacy protections is going to be a major stumbling block for PHR adoption -- at least for anyone not eligible for Medicare, and thus beyond the reach of insurers' medical underwriters.

    I've gone into more detail about the shortcomings of Google Health over at BNET.

    ReplyDelete
  12. If I already extensively use PatientSite and have all of my health records at BIDMC, what would I gain from moving it all to Google Health? I can access PatientSite from afar and even email my providers. Any advantage other than the input from a pharmacy?

    ReplyDelete
  13. Its not quite right to say that Google is entirely unregulated. The Federal Trade Commission will enforce Google's privacy policy, for example.

    However, Google is not subject to a variety of other requirements and protections that apply to HIPAA "covered entities." For example, Google need not comply with any standards for user authentication, which could be a real issue given the weak authentication process used by gmail.

    ReplyDelete
  14. The interesting advantage over Patientsite that Google Health may develop is that it is a development platform which thousands of programmers can extend. I expect hundreds of new applications over the next 6 months that will enable patients to get decision support, graph/chart their data, and connect to home health devices like blood pressure cuffs/exercise machines. The utility of Google Health will be measured by the number the patients who decide to use it based on the value add of these new applications

    ReplyDelete
  15. Does anybody know of a blog dedicated to tracking Google Health New Applications? We're trying to conceptualize an Hawaii
    Connected Care System and Google Health PHR plus future applications
    could be very helpful to our mission of helping baby boomers to age in place. IT innovators welcomed!
    www.mauiagewave.com

    ReplyDelete
  16. We're looking forward to future applications of Google Health as they may apply to our mission at www.mauiagewave.com to build an Hawaii connected care system. IT innovators welcomed!

    ReplyDelete
  17. Does google at some point plan to tie up with Insurance companies too such as Aetnas and Cignas of the world to obtain benefit info, claims info, etc. Also in such cases would google provide a product to extract information normalize it and send it to the Google Health Account or is it the responsibility of individual service providers to convert the data into GOOGLE CCR implementation format and send it to them.

    ReplyDelete
  18. The technology is attractive. Issues regarding privacy are significant and there are obviously no guarantees. However, HIPPA itself is doublespeak. HIPPA is more about how little privacy one actually has with their PHI—if you read the fine print. So going to Google may not be so much of a privacy threat in the end. However, the hype saddens me. This technology is accessible only to those who are in a position to have access (i.e. people who are reasonably well-off economically), to those who have Insurance...and assumes we will really see/feel tangible benefits from a closer link to providers/suppliers of healthcare. So, very cool technology with all the right buzz words and standards acronyms. No reason to believe that health care itself will improve or that access to providers will improve.

    ReplyDelete
  19. I think the challenge for PHRs, Google Health, Microsoft HealthVault is the consumer perception of privacy, not whether it is HIPAA compliant. Should physicians and healthcare organizations promote the adoption of these sites as part of the patient enrollment and care process, then they will be successful. John, is this something you have plans to implement in your organization?

    ReplyDelete
  20. This comment has been removed by the author.

    ReplyDelete
  21. To: John Halamka
    I just came across this blog and Google Health. I have reviewed the links you provided. As an individual who has worked in politics and in the legal field and who is earning a degree in medicine and will be working in the medical field I have many concerns with Google Health and other online medical records storage systems. I can certainly see the upside to an individual having all of their medical records available for easy access. However, knowing the invasive, continually changing face of the courts and legislative process, I can also see looming in the distance the "big brother" computerized control of an individual's life including courts and legislative members giving rights to employers, schools, financial institutions and others who claim the "right to know" a person's medical history before they make a decision to hire, accept, or work with an individual. This will be especially true if the USA turns over to a socialized healthcare system such as exists in England, Canada and many other countries. I can tell you that over my lifetime of almost six decades the invasion of personal privacy and individual rights has reached levels not imagined in generations past. While Google is going great work in many areas, I can see that this new work will be subject to court and legislative rulings that demand Google turn over all records, as Google already caveats in the current links that I reviewed. There is no reassurance that can be provided that will cover all of the needs of an individual because companies that provide services are themselves open to external control, and therefore they cannot provide assurance of control that they themselves do not have. There are many countries who already have universal electronic medical record documentation and the full effects of who will have access to that information are continuing to be played out in nations around the world. However, it is clear that this is an enormous risk for the rights of the individual in a myriad of venues.

    ReplyDelete
  22. Dear John, I sent you an invitation as speaker to Andicom 2008.
    Did you recieve it? are you considering it?
    Please let me know.
    Best regards,
    NICOLAS RUEDA

    ReplyDelete
  23. DEAR JOHN,
    ARE THE RESIDENT PRIMARY PHYSICIAN'S, EVERY GOING TO TO BE ALLOWED ON THE PATIENT SITE.

    ReplyDelete
  24. DEAR JOHN,
    ARE PRIMARY PHYSICIAN'S EVER GOING TO BE ALLOWED ACCESS TO THE PATIENT SITE. WHAT ARE THE ATTENDING PHYSICIAN'S WORRIED ABOUT?

    ReplyDelete
  25. Hi Frank - both of your comments got through.

    What are you talking about? I'm a patient and PatientSite user, and my primary physician has access to it. He's right in the system.

    Some of my doctors elect not to be in PatientSite. I don't like that but I can live with it, and it's certainly not PatientSite's doing.

    Also, I gave my login info to others I trust, so they just log in and look at everything the same I do. Would that accomplish what you need?

    ReplyDelete
  26. As a patient, sharing medical records with Google makes me nervous.

    While it's clear various privacy safeguards in place, the future often holds surprises. Government demands for information, security lapses, and technology failures all create the possibility of serious privacy breaches.

    In theory, it's a great idea, in practice I believe the risks outweigh the benefits.

    I write a blog for ZDNet on IT failures, so my perception is based on hard observation of many situations where good intentions have failed to prevent disaster.

    Michael Krigsman
    ZDNet:
    http://blogs.zdnet.com/projectfailures

    ReplyDelete
  27. 花蓮旅遊,花蓮租車,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊,租車公司,花蓮旅行社,花蓮旅遊景點,花蓮旅遊行程,花蓮旅遊地圖,花蓮一日遊,花蓮租車,花蓮租車旅遊網,花蓮租車,花蓮租車,花蓮租車,花東旅遊景點,租車,花蓮旅遊,花東旅遊行程,花東旅遊地圖,花蓮租車公司,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮旅遊,租車,花蓮租車,花蓮租車 ,花蓮 租車,花蓮,花蓮旅遊網,花蓮租車網,花蓮,租車,花東 旅遊,花蓮 租車,花蓮,旅遊,租車公司,花蓮,花蓮旅遊,花東旅遊,花蓮地圖,包車,花蓮,旅遊租車,花蓮 租車,租車,花蓮租車資訊網,花蓮 旅遊,租車,花東,花東地圖,租車公司,租車網,花蓮租車旅遊,租車,花蓮,賞鯨,花蓮旅遊租車,花東旅遊,租車網,花蓮海洋公園,租車 ,花蓮 租車,花蓮,花蓮旅遊,花蓮租車公司,租車花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅行社,花東旅遊,花蓮包車,租車,花蓮旅遊,花蓮租車,花蓮一日遊,租車服務,花蓮租車公司,花蓮包車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮租車,租車網,花蓮租車公司,花蓮旅遊,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮租車公司,花蓮一日遊,租車花蓮,租車服務,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,租車公司,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮旅遊租車,花蓮租車網,花蓮租車,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮租車旅遊,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮包車,花蓮溯溪,花蓮泛舟,花蓮溯溪旅遊網,花蓮旅遊,花蓮民宿,花蓮入口網,花蓮民宿黃頁,花蓮旅遊,花蓮租車,租車公司,花蓮旅遊租車,花蓮租車,租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮賞鯨,花蓮旅遊,花蓮泛舟,花蓮賞鯨,花蓮溯溪,花蓮泛舟,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,花東旅遊,花蓮,花東,花蓮旅遊,花東旅遊,花蓮租車,花蓮,花東,花蓮旅遊,花蓮租車,花東旅遊,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花蓮租車,花蓮旅遊租車,花蓮旅遊,花蓮租車,花蓮,花東旅遊萬事通,花蓮旅遊,租車,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花東旅遊,花蓮旅遊,花蓮租車,花蓮租車,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車

    ReplyDelete
  28. Does anybody know of a blog dedicated to tracking Google Health New Applications? We're trying to conceptualize an Hawaii
    Connected Care System and Google Health PHR plus future applications
    could be very helpful to our mission of helping baby boomers to age in place. IT innovators welcomed!

    Recep Deniz MD

    DoktorTR.Net

    ReplyDelete