Pages

February 29, 2008

Google Health update — A new Google World


Thursday, the CEO of Google, Inc. spoke publicly for the first time about what they’ve been designing and building with Google’s new Health project. For those who understand doublespeak and what’s been going on, it was as Dr. John Crippen, a physician in the
UK, wrote: “Google is really frightening. [Unlike the NHS centralized data collection effort] they will get it right from the beginning.”

This is not about our health or convenience. This is a vast private-government partnership to create the world’s largest ever database of genetic, medical and personal lifestyle information, that can and will be used against us.

The Google Health team has been at the 2008 conference of the Healthcare Information and Management Systems Society in Orlando this week, where Google CEO, Eric Schmidt, gave the closing address. He described the enormous database of citizen medical and lifestyle information they are working to gather and store on Google. As reported by Healthcare IT News editorial director Jack Beaudoin, Schmidt said that populating the electronic medical records with enough data to be useful is Google’s biggest initial hurdle because re-keying information (typing it all in) isn’t efficient. So instead, “Google has been aggressively developing partnerships with major employers, health plans and current electronic medical record vendors in order to,” as Schmidt said: “suck up the data they have in their proprietary systems. With the user’s permission, we would take it all and put it in one place.”

[What wasn’t revealed, is that they don’t really need permission to suck up personal information from third party databases, compiled when untold numbers of Americans voluntarily turned it over through commercial health risk assessments, online personal health records and wellness programs through employers or private wellness companies. Participation in those offered through insurers or healthcare providers was also tacit permission for them to use it on your behalf and share it with management vendors, thanks to carefully worded privacy statements and HIPAA regulations. The major healthplans have also already built vast databases merging personal health records with laboratory results, pharmacy records, medical claims and medical records.

It has been sadly easy to convince the public to support these health and wellness initiatives and volunteer private information about their lifestyles, diets and mental and physical health. Even those who understand “correlations don’t equal causation” have come to believe in ‘health risk factors’ and signed onto health risk assessments and “wellness programs.” The lure of the promise that some ‘healthy’ diet or lifestyle, and having ideal health indices — the solutions sold by these third-party stakeholders — can prevent us from getting sick or developing chronic diseases of aging is compelling.]

According to Google Vice President of Search and User Products, Marissa Mayer: “We’re assembling a directory of third-party services that interoperate with Google Health. Right now, this means you’ll be able to automatically import information such as your doctors’ records, your prescription history, and your test results into Google Health... you will be able to interact with services and tools easily ... and start using new wellness tools.”

[In addition to stakeholder partnerships, they are eliciting the cooperation of consumers to voluntarily share their personal health and private lifestyle information. Google is getting you to help them build their database and give permission to pull in data from third parties that have records on you, such as your laboratory results and prescription records, clinic and hospital records, etc. Google has set up partnerships with hospitals, labs, clinics and pharmacies to make self-populating the data into Google Health just a matter of clicking on “upload your records.” Note that you will not be able to keep out select data or change any of it coming from these sources. So, if you don’t want it to be known that you’re on highly active antiretroviral therapy for HIV or antipsychotics, smoke, don’t eat all of your vegies, or drink alcohol, you’re out of luck.]

Today, Google Health announced its partnership with Quest Diagnostics, Inc. With just a click, all of its records can now also be transferred to Google Health. According to Quest’s website, it is the nation’s leading provider of diagnostic testing, information and services to health plans and employers. Quest has partnerships with “pharmaceutical, biotechnology and information technology companies” and provides support to expedite the efforts of these partners. “Quest Diagnostics Employer Solutions provides the most comprehensive pre- and post-employment screening services and health management solutions available.” Its employer wellness program, Blueprint for Wellness, is a health risk assessment and health education service purchased by employers.

Each year, Quest Diagnostics performs personal health testing on more than 150 million people and does more than $660 million in genetic tests. As its “About Us” page says:

With $5.5 billion in annual revenues, Quest Diagnostics offers the broadest access to clinical testing services through its national network of 30-plus regional laboratories, approximately 150 rapid response laboratories and over 2,000 patient service centers. Quest Diagnostics is the leading provider of specialty testing, including gene-based testing, and is the leader in routine medical testing, drugs of abuse testing, and a leader in anatomic pathology testing.... Quest Diagnostics is also the leading provider of risk assessment services to the life insurance industry.

Google Vice President of Search and User Products, Marissa Mayer, emphasized convenience, writing on Google’s blog: “Google Health aims to solve an urgent need that dovetails with our overall mission of organizing patient information and making it accessible and useful. Through our health offering, our users will be empowered to collect, store, and manage their own medical records online.” Portability is an added advantage for snowbirds, she said, as they would have easy access to their health data anywhere they are. “Previously, this would have required carrying paper records back and forth.”

[This ignores the fact, that those with computer access to use Google can easily keep their own information on their own personal key drives and already don’t need to carry paper records. The word “empowered” is more accurately described as convincing people to turn over their records online to Google. Do most consumers believe themselves incapable of managing their bodies and health, and in need of Google to organize and make sense of it? And “For whom is Google making people’s personal health information ‘accessible and useful’”? We can already get copies of our medical records ourselves by simply asking for them.]

“Google Inc. won’t sell ads to support a new Internet service that stores personal medical information,” said Schmidt. “Google intends to profit by increasing traffic to its search site” and “third parties can build direct-to-consumer services” like medication tables or reminders.

[Every analyst has said that ads are inevitable, as advertisers will pay exorbitant amounts to be able to target people with known health issues or needs, such as prescriptions. For now, though, Google doesn’t need to sell ads. Lucrative deals will come through stakeholder partnerships. Information makes effective and convincing marketing: medical and health ‘education’— especially information that’s ‘personalized’ for you about how to manage your health problems, reminders to get your screening tests and fill your prescriptions, make sure you’re following your prescribed diet and taking your medications, and other interactive “wellness tools” to monitor your behavior and help you to their health management. But the really big profit potential for Google’s stakeholders will come from your personal information.]

True to its word, Google Health is accruing partnerships with companies eager to participate in the project and cash in. Yesterday, it announced another new third-party partner: HealthGrades. The company’s CEO, Kerry Hicks, said in a press statement that more Americans use Google to begin their searches and his company’s “goal is to guide Americans to better healthcare...so that they can choose the best possible doctor and hospital.” HealthGrades is a service used by many of the nation’s largest employers and healthplans. It rates healthcare providers based, most notably, on their compliance with performance measures (P4P). Consumers are told they are quality ratings.

HealthGrades has a database on 700,000 doctors, nearly every practicing doctor in the country, as well as hospitals, nursing home and home-health agency.

[This partnership will enable HealthGrades to reach vastly more consumers and steer them to providers complying with government and insurer-mandated guidelines... and away from those who don’t. Doctors’ livelihoods and professional reputations are increasingly depending on their following performance measures, whether they are best for their patients or evidence-based; or else, they will have no patients referred to them. But according to Dr. Richard L. Reece, M.D., while insurers and government officials and health system executives are pushing with great vigor the idea that performance measures are about quality, medical professionals resist because clinical outcomes and cost savings have proven negative, modest or not worth the expense. Nor can clinical care being provided to individual patients be judged by third parties.]

As Beaudoin reported, Schmidt said Google Health has no “monetization path” at this time.... but “didn't rule out future possibilities, such as using depersonalized data for research and clinical studies.”

[A very important plan to let slip, given Google’s investment partners. Read on.]

Associated Press reported that Schmidt reassured the public about the security of their private health information, saying: “Google Health would be at least as secure as current systems.”

[That is not a reassuring euphemism, given Google’s history of protecting the security of its data. It’s also not reassuring, given the regularity of reports of lost, missing or stolen electronic medical data. Just today, a health insurance company in California reported that the personal information, including social security numbers, on 103,000 doctors had been accidentally posted on the internet. Most critical to realize is that Google is not a health care provider, payer or entity bound by HIPAA or federal privacy regulations and no matter what it promises now, it can change its mind and do whatever it wants with personal health information.]

Pam Dixon, executive director of the nonprofit World Privacy Forum, explained that once your private information is outside federal privacy protections, as limited as those are, you have no protection at all: “Your physician has taken a Hippocratic Oath, and they are bound to have your best interests in mind. A publicly traded company is supposed to have shareholders in mind first,” she told AP.

Dixon said even the issue of consenting online to the release of information is muddy. “I think we've all consented to things online we haven't meant to simply by failing to check or uncheck a box.”

In a press conference following the keynote address yesterday, Schmidt said Google was willing and interested in working with regional health information networks and health information exchanges. “Their goals are our goals," he said. “[F]rom our perspective, the more, the merrier.” Google Health could serve as the repository for patient data that partners within a network or exchange could access, he said.

[Google is clearly laying the groundwork to share your health information with its third party partners.]

According to Google Vice President of Search and User Products, Marissa Mayer: “We won’t sell or share your data without your explicit permission. Our privacy policy and practices have been developed in thoughtful collaboration with experts from the Google Health Advisory Council.”

[First, as we know, they can change their minds about their privacy statement and you may never know or be able to do anything about it. But, Google has let its third party corporate and government stakeholders, via its Advisory Council, write their own policies and practices. This is not at all inspiring to those familiar with the government agencies and organizations on Google’s Health Advisory Council, all actively promoting electronic health records and anxious to share and use them. Electronic records are absolutely fundamental for their new national managed healthcare delivery system these very same public-private partnerships have been working for years to build.]


Google’s team

One member of Google’s Health Advisory Council hasn’t been discussed and may not be familiar to JFS readers — FasterCures. An introduction may help better understand Google’s interests.

FasterCures calls itself an “action tank” towards “aggressive efforts” to identify and implement global solutions to deadly diseases. It was created “under the auspices of the Milken Institute,” whose chairman, Michael Milken, is also on the Board of Directors of Faster Cures. The two organizations share similar member partners.

Milken Institute is a Santa Monica think tank that released a report this past October, “Unhealthy America: The Economic Burden of Chronic Disease.” It claimed that chronic health conditions cost the country more than $1 trillion a year and could reach $6 trillion by 2050 if people don’t change their lifestyles. They arrived at this figure with considerable creativity, counting every health indice separately and including calculations for lost or reduced productivity. “Curbing obesity alone by close to 15 million cases could translate to a savings of $60 billion by 2023 and improve the country's productivity by $254 billion,” the report said.

Last April, Milken hosted a global conference called “Shaping the Future,” where Hala Moddelmog, of Susan G. Komen for the Cure, claimed that “60 percent to 70 percent of all chronic diseases are preventable through behavioral changes.” Ross DeVol of Milken Institute asserted that cancer, heart disease, stroke and diabetes are all highly preventable. The conference speakers lamented the lack of a “single massive campaign targeting obesity.” The solution, advanced by WebMD, was to expand use of the internet in preventive health initiatives and to adopt electronic medical records to improve efficiency and “increase quality of life.” The Milken conference also supported raising the intensity of the war on obesity; changing patent laws so that prevention drugs can be tested; and encouraging the sharing of data for research.

FasterCures drafted an “Acceleration Agenda” to achieve change in key areas. Its report, “Think Research: Using Electronic Medical Records to Bridge Patient Care and Research,” forms the foundation of its agenda to push for the adoption and implementation of electronic medical records (EMRs).* It also reveals that what they are actually interested in is building a genetic database:

The creation and development of databases and database technologies — that is, methods for storing, retrieving, sharing, and analyzing clinical and biomedical data — is the next essential step in the Human Genome Project.

EMR systems could speed data acquisition and searching, allow mass computing and sampling, and provide the research community access to a broader and more diverse patient population. As physicians record new actions, outcomes, and demographics in EMRs, researchers will have access to more in-depth and clean data.

Among the key potential benefits of EMRs that it highlighted was the enhanced monitoring of the population to “detect patterns of health and illness” and speed the identification of potential targets for participants for clinical trials. Among the innovators it spotlighted was Mayo Clinic’s “growing bank of genomics data,” which links to its tissue and serum repositories, surgical index, and pathology records. Potentially, it could be linked with other systems, the report said. And “one unified, crossreferencing system” would allow “immediate access to millions of records.” Another database the report featured was the Partners HealthCare Research Patient Data Registry, a data repository of information on two million Massachusetts General Hospital and Brigham and Women’s Hospital patients accumulated since the 1980s. “The RPDR stores 500 million diagnoses, medications, procedures, reports and laboratory values with demographic and encounter information.” It can be accessed to elicit correlations and trends between population characteristics and genetic information with various conditions.

Last April, FasterCures announced the launch of its BioBankCentral — “a web-based portal dedicated to advancing the use of human biological materials.” According to its press release, “BioBank Central will assist researchers who require biological materials for their studies, encourage the donation of tissue and blood by patients, and inform the public about the critical role of biobanks (or biorepositories) in enabling modern biomedical research...With an Internet search engine, you can find the answers to all sorts of things in less than a second.” It promises to accelerate the process for researchers who want tissue, blood or DNA for research. FasterCures said:

Human biospecimens can provide a bridge between emerging molecular information and clinical information...Specifically, human biospecimens can be used to identify and validate drug targets; identify disease mechanisms; develop screening tests for “biomarkers” associated with certain sub-types of a disease; group patients based on their genetic characteristics...


Google’s genome project

Google’s interests in creating a vast genetic database go far beyond this member of its Advisory Council. As Google VP, Marissa Mayer said: “We have some genetic partners where we’ve already been making investments.” Who might those partners be?

Last May, Google invested $3.9 million in 23andMe, Inc., a genetic start-up company working on proprietary web-based software to make use of genetic information and DNA analysis technologies. Its co-founder and member of the Board of Directors is Anne Wojcicki — wife of Google’s co-founder and President of Google technology, who also owns 35% of Google’s Class B common stock.

Google collaborated with Genentech, whose CEO Arthur Levinson also sits on Google’s Board of Directors, and other venture capital firms to the total tune of at least $10 millon in investments in 23andMe. As 23andMe investor and board member, Esther Dyson said on Charlie Rose, they want you to turn over not just your medical records and lifestyle information, but your personal genetic information, too, and entrust it all with Google. She dismissed privacy concerns, saying “Like it or not, it’s gonna happen.”

On 23andMe’s website, it encourages the public to send in a saliva sample using its home-kit and, through its interactive web tools, it promises to tell you about yourself. Just today, Quackwatch posted the testimonies given to the U.S. Senate when it examined the science behind home DNA tests. An investigation by members of the U.S. Government Accountability Office included submitting DNA samples to four websites offering genetic testing. “Experts who reviewed the test reports concluded that they made predictions that were medically unproven, ambiguous, and provided no meaningful information for consumers.” But the ultimate goals for 23andMe go far beyond amusement.

John Lauerman said in Bloomberg this morning that Google has also backed George Church, a Harvard geneticist, with an unspecified donation in his quest on the “largest human genome sequencing project in the world.” Google spokesman, Andrew Pederson, said they began supporting Church last year. As Bloomberg reports:

By matching genetic data from each person with his or her health history, Church would build a database that would link DNA variations and disease ... Church also said he'll explore other human traits under genetic control. Participants will give facial and body measurements, tell researchers what time they get up in the morning, and detail other behaviors, he said....

By pairing medical histories with genetic data on the Web, Church is also confronting ethical boundaries. It's possible that subjects' identities can be deduced from their health information, scientists said. “He's explicitly going after medical histories, and there's very mixed feelings about this,” said Kevin McKernan, one of the developers of Applied Biosystems' SOLiD sequencer. “I think it's helpful and needed. We need to understand some of these issues that could scare everyone out of the field.”

“The convergence of biotechnology, the web, and big business is, in fact, quite alarming,” said Jesse Reynolds, MS, Project Director on Biotechnology in the Public Interest at the Center for Genetics and Society, a nonprofit information and public affairs organization based in Oakland, California. “This data will be a goldmine, but only the corporations will get a cut,” he said. Only genetic companies will benefit from patents and drugs, for example, while the public will lose their genetic privacy.

The ethics of these renewed efforts to link behaviors and physical characteristics with genetic information, and the potential abuses of this information, are frightening. Of greatest concern is what can happen when personal genetic information is divulged. Government, employers, insurance salespersons, banks, and everybody else will be able to read what diseases you are genetically predisposed to and make decisions affecting you, leaving you without any recourse and vulnerable to the whims of corporations that have their own interests in mind, not yours. It is doubtful businesses will acknowledge how little is actually known about the implications of genes. How many companies will admit that a gene may be merely a tendency to develop a disease. What happens when the results are inaccurate?


Should you trust Google?

According to advocates of Google Health, Americans can trust Google to keep their personal information about their bodies, health, lifestyles and even their genes private. Schmidt promises “Google Health would be at least as secure as current systems.”

How many people know that Google has the worst privacy practices, and record for privacy protection, of the world’s top internet-based companies? Google was found by an international, independent investigation, to not just be a “substantial threat” to privacy, but the only company evaluated to actually be “hostile to privacy.”

Privacy International, a nonprofit human rights research and campaign organization founded in 1990 with members in 40 countries, just conducted a six-month investigation into the privacy practices of 23 top internet companies (Amazon, AOL, Apple, BBC, Bebo, eBay, Facebook, Friendster, Google, Hi5, Last.fm, LinkedIn, LiveJournal, Microsoft, Myspace, Orkut, Reunion.com, Skype, Wikipedia, Windows Live Space, Xanga, Yahoo! and YouTube).

Privacy International has been concerned about internet privacy, especially with the increasing disclosure of personal information by consumers to web-based companies that capture and process data to a significant extent and new technologies that permit the collection of increasingly detailed information. Their legal experts poured over company privacy statements and “became alarmed.” In fact, they said:

“We as specialists in this field, cannot fully understand the full range of surveillance practices of some companies [which] leaves us greatly concerned about the ability of consumers to make informed decisions in the marketplace.”

The investigation they initiated included consultations with experts around the world. They evaluated:

· the backgrounds of corporations’ leadership and self-regulatory mechanisms

· the types of information sites collects, with and without consent; the collection of unnecessary information; whether companies collect and mine other information, such as viewing habits and references; if they collect and track users’ movements through their IP addresses and profile people’s habits and interests

· the storage of personal information after it’s no longer needed

· openness and transparency of privacy policies, which often disclose little about a company’s true practices. “Some companies also cover up or refuse to engage publicly about privacy concerns,” they said. “[M]any of the privacy policies seem to have been written with the same goal: to say very little but in as complex a way as possible.”

· how companies respond when privacy problems occur, their responsiveness and sincerity; if they allow access to customers to use or correct their personal information

· ethical compass of each company and how it has dealt with ethical challenges such as warrants from law enforcement agencies

· customers’ control over their own information, if customers are allowed to delete their accounts and control who has access to their personal information

· the creation of profiles on customers based on resources customers access and read

· privacy enhancing and protective technologies invested in and adopted by companies to protect people

· companies that “use blunt instruments to collect personal information without consent” were highlighted, as were those that used technologies to delve deeper into personal profiles. “While many companies use cookies (in a variety of ways) a number of companies go well beyond this practice into using 'web beacons' or 'pixel tags' to even identify whether users are reading their emails.”

Google ranked dead last. In its interim report, made available this past September, Privacy International wrote:

[T]hroughout our research we have found numerous deficiencies and hostilities in Google's approach to privacy that go well beyond those of other organizations. While a number of companies share some of these negative elements, none comes close to achieving status as an endemic threat to privacy. This is in part due to the diversity and specificity of Google's product range and the ability of the company to share extracted data between these tools, and in part it is due to Google's market dominance and the sheer size of its user base. Google's status in the ranking is also due to its aggressive use of invasive or potentially invasive technologies and techniques....

Google's increasing ability to deep-drill into the minutiae of a user's life and lifestyle choices must in our view be coupled with well defined and mature user controls and an equally mature privacy outlook. Neither of these elements has been demonstrated. Rather, we have witnessed an attitude to privacy within Google that at its most blatant is hostile, and at its most benign is ambivalent.

This material [on the merger between Google and Doubleclick], submitted by the Electronic Privacy Information Center (EPIC) and coupled with a submission to the FTC from the New York State Consumer Protection Board, provided additional weight for our assessment that Google has created the most onerous privacy environment on the Internet. The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third-parties, as well as public disclosure as evidence in litigation or through data breaches. The EPIC submission set out a detailed analysis of Google's existing data practices, most of which fell well short of the standard that consumers might expect. During the course of our research the Article 29 Working Group of European privacy regulators also expressed concern at the scale of Google's activities.

Privacy International reported that Google “does not believe it collects sensitive information” needing protection and it readily shares information ‘with consent’ to its business partners. Their summary list of specific privacy failures and Google’s “track history of ignoring privacy concerns” is alarming. Among the concerns Privacy International found in its investigation:

· Google retains a large quantity of information about users, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure, and without an opportunity to delete or withdraw personal data even if the user wishes to terminate the service.

· Google maintains records of all search strings and the associated IP-addresses and time stamps for at least 18 to 24 months and doesn’t allow an expungement option.

· Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information.

· Google collects all search results entered through Google Toolbar and identifies all users with a unique cookie that allows Google to track the user's web movement; yet the company does not disclose how long the information is retained, nor does it offer users a data expungement option.

· Google fails to follow generally accepted privacy practices such as the OECD Privacy Guidelines and elements of EU data protection law. As detailed in the EPIC complaint, Google also fails to adopted additional privacy provisions for specific Google services.

· Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.

· Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.

Which would you find more credible: privacy assurances from Google Health or the evidence of Google’s actual past performance in protecting peoples’ privacy?

Before you click “upload” to give your private health information to Google, or any third party online, pause to consider if you want the entire world to know it; if you really need a giant corporation with government and financial interests to monitor your body, behaviors and genome, and manage your health, and what they might really want or need with your information.

Google Health can only be described as Orwellian — amassing a vast database of your most private information, including what you eat, your lifestyle, where you live and work, your finances, your shopping habits and interests, your health records and your genetic material — all under the control of a giant corporation with powerful government-industry partners.

In 1949, when George Orwell first published his book, 1984, he described a society where the government watched every movement of its citizens to control them. “Big Brother has become a common term for ubiquitous or overreaching authority, and Newspeak is a word we apply to the dehumanizing babble of bureaucracies and computer programs, wrote Walter Cronkite in the forward for the 1984 reprint of the book. 1984 was a warning, wrote Cronkite:

[A] warning about the future of human freedom in a world where political organization and technology can manufacture power in dimensions that would stunned the imaginations of earlier ages.... It was a novelistic essay on power, how it is acquired and maintained, how those who seek it or seek to keep it tend to sacrifice anything and everything in its name.

1984 is an anguished lament and a warning that vibrates powerfully when we may not be strong enough nor wise enough nor moral enough to cope with the kind of power we have learned to amass....

And we hear echoes of that warning chord in the constant demand for greater security and comfort, for less risk in our societies. We recognize, however dimly, that greater efficiency, ease, and security may come at a substantial price in freedom, that “law and order" can be a doublethink version of oppression, that individual liberties surrendered for whatever good reason are freedoms lost.


© 2008 Sandy Szwarc


* Readers who’ve not been following the agenda to create electronic medical records and health information will find Appendix F startling — ten pages (small type) listing the vast network of interlinking organizations, all with interests in electronic records:

A. Standards and Standards-Setting Organizations
B. Federal Government Health Information Technology Agencies and Initiatives
C. Large Private-Sector Electronic Medical Record Systems
D. Organizations Involved in Health Information Technology
E. Resources for Choosing an Electronic Medical Record
F. Journals, News and Information Sources, and Trade Publications
G. Information on State Initiatives
H. Personal Health Record Organizations and Initiatives
I. Open Source Groups and Initiatives
J. Security and Privacy
K. Information on Databases and SQL
L. Clinical Research Databases and Related Sites
M. Online Forums, Listservs, and Discussion Boards
N. Health Information Technical Glossaries
O. Others