VentureBeat

The Wall Street Journal is reporting that Google will announce its long-awaited online health service featuring “personal health records” today. A closer reading of that story, however — bolstered by a timely CNET piece — suggests that Google will simply preview its service at a healthcare-IT trade show now underway in Orlando.

A preview is better than nothing, of course. But if that’s all Google has planned today, it’s really not much of a launch. We unpack the WSJ coverage and survey the Google Health landscape over at VentureBeat Life Sciences.

(UPDATED: See below.)

Well, the WSJ says so in this somewhat breathless report that states Google will announce its long-awaited personal health-record service today.

My first thought was that the announcement was timed to get Google on the record in advance of the Health2.0 “Spring Fling” conference in San Diego next week, which will feature lots of talk about the role of the Internet in improving healthcare. Another possibility is that Google is pulling a bait-and-switch similar to that of Navigenics, which last November “announced” its personal-genomics service but held off launching it until — well, until not yet.

Yet a third possibility — and the most likely one to me — is that, as this CNET article states, Google CEO will merely “preview” Google Health at the annual meeting of the Healthcare Information and Management Systems Society, supposedly the largest healthcare IT meeting in the world. Whatever it is, don’t hold your breath; the WSJ itself states that “[i]t wasn’t clear when the Google service for creating personal health records will begin to be available for consumers to access.”

In fact, the WSJ article doesn’t actually describe Google Health in any sort of detail, and instead is largely devoted to pointing out the major challenges facing personal health records, many of which will sound familiar to regular readers here. These include:

• Limited adoption of electronic medical-record systems. Only 14 percent of U.S. medical practices even use digital records, which will complicate the process of moving medical information to the Google system.
• Incompatible electronic medical-record systems at hospitals and doctors’ offices. Because existing digital-record systems use different data formats, systems like Google’s will have to be able to import most, if not all, of them, pushing up complexity and cost.
• Privacy. Third-party systems such as Google’s aren’t regulated by federal medical-privacy laws, giving providers plenty of freedom to, for instance, sell ads tailored to your medical profile. (Google told the WSJ that “trust between Google and our users is one of the absolute cornerstones of our business.”)

Unmentioned by the WSJ is another nagging question, which is the extent to which patients can “customize” their medical profile — which, when it comes down to it, means the ability to selectively share, edit or even delete information. As I’ve noted before, such customization could undermine the usefulness of health records to doctors, while limiting peoples’ freedom to edit them makes them a whole lot less “personal.”

To be sure, a preview by Schmidt is better than what we’ve seen so far — mostly screenshots of what appear to be leaked early prototypes of the Google Health site, plus a vague announcement of a Google Health pilot project in Cleveland. In fact, the CNET piece mentioned above actually delivers some of the goods, offering a brief description (but no screenshots) of the preview.

Among the intriguing new details: The service will allow customers to “customize” their health records, although CNET doesn’t say by how much; will be integrated with Google’s maps and email applications to allow people to more easily search for doctors and save their contact information; and will allow third-party widgets that work within the platform, such as one that might alert patients through Google’s calendar when it’s time for them to take medication.

It’s tempting to conclude that this steady drip-drip-drip of information is part of a master PR plan for generating maximum enthusiasm for the Google Health service. (If so, it’s working brilliantly.) As for the launch itself, I suspect we won’t be able to miss it when it actually happens. Accept no substitutes.

UPDATE: Google Health chief Marissa Mayer makes the official announcement in this blog post. The bottom line: A launch of Google Health is likely “in coming months,” but not now. There are some nifty screenshots, though — one of which we’ve basically seen before — but I’ve reproduced them both below for reference. (Click either for larger versions.)

So Google Health has finally made its first formal announcement — not a splashy rollout along the lines of Microsoft’s HealthVault (see our coverage), but a limited — and closed to the public — testbed launched in partnership with the Cleveland Clinic.

Here’s what we know about the project: The Cleveland Clinic, which already has a sophisticated electronic medical-records system serving some 100,000 patients, will allow 1,500 to 10,000 of them to sync up their records with Google’s nascent Internet-based personal-health-records system. The main goal is to allow patients to take their medical records with them wherever they go. Many of the clinic’s patients spend as many as five months of the year elsewhere, particularly in Florida and Arizona, and the clinic’s chief information officer, C. Martin Harris, is casting the initiative as a way to eliminate the need for those patients to carry paper copies of their records with them.

Here’s what we don’t know: In the release, Google’s Marissa Mayer says that “we believe patients should be able to easily access and manage their own health information,” but it isn’t really clear what “manage” means in this context. One of the primary questions hanging over the use of personal health records — a term that usually implies some degree of patient control over their record — is how useful they’ll actually be for doctors and other health professionals if patients are free to selectively share their medical information, or even edit or delete it.

In fact, it’s something of a paradox. If patients don’t have this sort of control over their records, they won’t exactly be “personal.” By contrast, if patients are able to exercise substantial discretion over how their information is shared, other doctors may not find much reason to trust them, particularly if people are taking the opportunity to hide or minimize embarrassing information. (The average episode of House can provide several examples — albeit exaggerated ones — of how even seriously ill people might choose to conceal vital information from their doctors, even to the point of actively misleading them.)

There are plenty of logistical issues to work out, too. The Cleveland Clinic may have a state-of-the-art medical-record system, but odds are good that many of the physicians these patients will see elsewhere don’t — so how will these doctors actually use this information? Sure, the patient can “empower” their doctors to view the information on the Web, and maybe that’s enough. But I wouldn’t be at all surprised to find a lot of Arizona or Florida clinicians printing out the information and stuffing it back into paper folders, which would seem to undermine the whole point of the exercise.

Finally, of course, there are privacy concerns as well, as I’ve written about previously with respect to HealthVault. Google’s system apparently won’t be regulated by the medical-privacy provisions of the federal law known as HIPAA, at least according to this AP story.

In fact, the World Privacy Forum just released a report (PDF link) on the risks to patient privacy posed by “third party” health-record systems such as those Google, Microsoft and others are working on. The Cleveland pilot project looks pretty unlikely to actually answer those sorts of nagging questions, which suggests that Google is more interested in giving its technology a workout than in grappling with how personal health records might be used — and possibly abused — in practice.

The NYT’s Steve Lohr, who’s written some in-depth pieces on the subject, has more in this blog entry.

When Microsoft launched its much-ballyhooed HealthVault medical-records system for individuals (see my review here), it made such a fetish of security protections that it virtually rendered the service unusable. My own effort just to establish a HealthVault account took roughly two hours, much of that devoted to simply coming up with a password the system would accept; I documented the struggle here. One of the company’s PR reps even emailed me to note that Microsoft is taking “extra precautions at every layer of security” because “privacy and security is one of the areas that Microsoft is taking very seriously for HealthVault.”

As I wrote at the time, it’s hard to fault Microsoft for being paranoid about security, given how privacy concerns are going to be a major hurdle to widespread adoption of online health records. But is the Redmond giant really serious about protecting patient privacy?

Maybe not. Earlier this week, Annie Antón, a software professor at North Carolina State University, raised three important questions about Microsoft’s dedication to patient privacy based on a close reading of the HealthVault privacy statements (here and here). Antón’s post at the Privacy Place blog is worth reading in its entirety, but I can’t help summarizing it as well.

The big surprise (to me, at least) is that services like HealthVault aren’t covered by HIPAA, a mammoth federal law that, among other things, sets some strict standards for the privacy of medical data. Privately-managed record repositories like HealthVault apparently weren’t even envisioned when Congress passed HIPAA in 1996, and so they’re exempt from its provisions (which, to be fair, many people consider onerous).

All that makes it even more important to look at what Microsoft actually promises, and what Antón turned up is disquieting. For instance, Microsoft reserves the right to store your medical data offshore, in countries that may not have the same privacy protections as the U.S.

The software giant also plans to merge other personal information it holds about you with information stored in HealthVault. (That certainly puts the intrusive questions Microsoft’s Live.com service posed to me during registration in a new light.) Finally, HealthVault appears to open the door to a potentially unlimited line of people, entities or programs that can obtain permission to read and alter your health information, since it’s possible to delegate the ability to grant those permissions to others.

Antón also questions whether Microsoft’s decisions in these cases leave users with any legal recourse if their data does leak. It’s a great question, and one I’m in no position to answer at the moment, although I’d certainly want to take a hard look at extending HIPAA privacy provisions to these sorts of electronic records. This analysis certainly underscores the wisdom of approaching services like HealthVault very, very cautiously, because once your medical privacy has been breached, there’s virtually no way of getting it back.