By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: HIPAA Compliance Concerns with Google
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > HIPAA Compliance Concerns with Google
Medical Records

HIPAA Compliance Concerns with Google

onlinetech
onlinetech
Share
4 Min Read
SHARE

After reading a blog post about House Representative Mary Bono Mack (R-Calif.) and her concerns about Google’s new privacy policy potentially violating HIPAA compliance standards, I’ve concluded that:

After reading a blog post about House Representative Mary Bono Mack (R-Calif.) and her concerns about Google’s new privacy policy potentially violating HIPAA compliance standards, I’ve concluded that:

  • Searching for a medical phrase does not make that phrase protected/patient health information (PHI)
  • Users that volunteer search phrases and use Google are consenting to their privacy policy
  • It’s unfortunate a House Representative does not understand HIPAA
  • It’s unfortunate a House Representative does not understand Google or their privacy policy

In an interview with USA Today’s Technology Live blog, Mack used an example in which a user searches for cervical cancer on Google, doesn’t log out, and then is tracked across other products online (?). I assume she means the information they collect will influence the ads shown on Google’s Display Network across other sites you may visit.

Google doesn’t store any actual patient health information, such as the kind that a physician might collect in a clinic. SearchEngineLand.com’s article cites Google’s new privacy policy, stating:

More Read

Lung Center Of Philipines
More “Conversations” – Not More Health IT – Are What’s Needed To Increase Patient Engagement And Improve Patient Satisfaction
PCI Compliance Status & Data Breaches
Healthcare IT: Will 2015 Be the Year of Data Breaches?
RSNA 2013: Three Considerations for Mixing “Ologies” in Image-Enabled EHRs
How Smart Doctors Protect and Encrypt Their Patients Information

When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.

They also state that they require opt-in consent when it comes to sharing any sensitive personal information. In her interview, Mack also questions the definition of sensitive data, “They are saying that they do not track sensitive data like that. I don’t know who determines what’s sensitive and what’s not. And that’s probably another question on another day and a more extensive hearing.” Perhaps they should go by the Department of Health and Human Services (HHS)’s definition as written in their Summary of the Privacy Rule, as they are the leading government agency:

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”12

“Individually identifiable health information” is information, including demographic data, that relates to:

  • the individual’s past, present or future physical or mental health or condition,
  • the provision of health care to the individual, or
  • the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13  Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

Yale.edu’s HIPAA Guide offers more specific identifiers, including medical record number, account number, certificate/license number, web URL, IP addresses, finger or voice prints, etc.

Ultimately, the question remains, how can the Department of Health and Human Services and our government expect HIPAA compliance from healthcare and related organizations if government representatives appear to be unfamiliar with the standards and equally out of touch with technology and the use thereof? While the acts passed in 2009, I think healthcare organizations, business associates and the lawmakers could all benefit from a more in-depth review of the law.

If you’d like a refresher on HIPAA, our HIPAA FAQ and HIPAA Glossary of Terms could help.

References:
Google’s New Privacy Policy May Violate HIPAA, Congresswoman Says
Google Preview: Privacy Policy
Google Preview: Privacy FAQ
HHS’s Summary of the Privacy Rule
Yale.edu’s Health Insurance Portability and Accountability Act Guide

  

TAGGED:GoogleHIPAA compliance
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

contamination
Batch Failures And The Hidden Costs Of Contamination
Health Infographics
October 21, 2025
Medication Management For Seniors
Simplifying Medication Management For Seniors
Infographics Senior Care
October 21, 2025
Guide To Pursuing a Career in Nursing as a Foreigner in the USA
Collaboration Is the Prescription for Better Patient Care
Health
October 20, 2025
Epidemiological Health Benefits
Personal and Epidemiological Health Benefits of Blood Pressure Management
Health
October 13, 2025

You Might also Like

Health IT Helps Physical and Fiscal Bottom Lines

August 7, 2011

Linking Meaningful Use and HIT Sector Consolidation

October 16, 2012
Image
eHealthMedical RecordsTechnology

Who Needs a Patient Relationship When You Have an EHR?

March 6, 2013
David Perez
eHealthMedical RecordsTechnology

Interview: Seamless Medical’s David Perez Is Giving the Physician Waiting Room a 2.0 Update

October 16, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?