Privacy and Google Glass: Where’s the Line?

CMIO 2.0 (14)Google. Is there ever a moment when we don’t use a Google service? Whether we are searching for a new recipe to locating directions when lost to sharing documents and pictures with friends and family, Google is there for us.

So what can Google do for us when it comes to health care?
Google’s initial launch into the Healthcare world, Google Health – a patient portal, did not succeed as customers did not want to aggregate data, but the company is making headlines by using Google Glass. My fellow blogger, Lauren Still, wrote about Google Fit, so I thought I would expand on that and add my two cents about Google Glass. The thought of Google Glass brings about mixed reviews of excitement and anxiety, depending upon whom you are talking to.

Almost one year ago, Google Glass was introduced to 8,000 early adopters, which included medical professionals. Within the following month, Dr. Rafael Grossman, a trauma surgeon from Eastern Maine Medical Center, used Glass to tape himself inserting a gastric feeding tube in a patient with two other students watching the procedure concurrently from another room. Dr. Anil Shah, from the University of Chicago, used Glass to review radiology images during a rhinoplasty procedure.

Over the next year, dozens of operations and Google Glass stories were published within the United States or as partners in international surgeries. On the other side of the pond, Dr. Shafi Ahmed, at the NHS, streamed a cancer removal surgical procedure online, which was watched by 13,000 surgical students from 115 countries. The students asked questions to the surgeon during the procedure, which were then answered in real time. Dr. Pedro Guillén, in Madrid, streamed a surgical procedure to doctors located at 300 universities and hospitals in five continents.

More and more, flirting with the use of Google Glass in other departments besides the operating room is increasing.

This sounds like science fiction turned reality and a wonderful technology advance for the medical sciences.  However, these new methods are not without criticism. Google Glass is not the first product to take pictures or record videos. Just take a look at the online Spy store for all the Spy equipment one would ever want.  However, Google Glass is a game changer when it comes to conversations about privacy by bringing the subject in front of your face, literally.

EPIC is a non-profit organization who currently tracks risks to privacy by Google Glass and other “wearable” electronic devices. One of the risks included “Going to a doctor’s or psychologist’s office.” So what exactly does this mean?

When we work with patient data in any form, whether it is ours or someone else’s, we normally fill out a HIPAA-related form that states we will only access patient information as expected in the situation. How does this get applied to Google Glass, other Google services, or other similar services?

With Google Glass, information captured is stored on its cloud servers. It can then by analyzed by Google for data mining or other purposes.  Where does Google Glass fall into this category? If Google Glass is used in an operating room with procedures, is the recording of that information also uploaded to the cloud? Or is that kept a part of the patient record on the hospital servers only? If uploaded to Google, is Google then considered the owner of the patient data as the majority of hospitals are often considered owners of patient data?

In March of this year, NHS reported a breach of patient data when it was determined that the entire NHS hospital patient database was uploaded to a Google Server for “data analytics” via Google’s BigQuery service. The public is unaware of whether the information that was uploaded to Google is contained only to Google, or if other groups, such as insurance or pharmacy companies, may have accessed it.

So what has Google and those who have partnered to use Google Glass in the hospital done to help maintain privacy and adherence to the law?  At UCSF, Dr. Pierre Theodore received clearance from a local institutional review board (IRB) to use Glass in the operating room. Dr. Paul Porter and his research team worked with Pristine, a healthcare communications company to refashion the device and ensure that Glass will comply with patient privacy laws, making it the first HIPAA compliant Glass. Google also has chosen to be cautious by allowing limited access to those early adopters to explore options and risks before moving forward.

But what exactly are we talking about? We discussed some advantages and disadvantages with Google Glass, but in reality, there are so many applications and services out there that fall into this category—advancing progress when technologies partner with medical sciences. The privacy law seriously lags behind when technology takes off and is considered overdue in this regard. We are getting to a point in which we cannot always be certain if our collected healthcare data is safe with those who we allowed to access it, or whether it has been sold to third parties. With HIPAA in place, there is an expectation of anonymity with our healthcare data, but this issue goes beyond HIPAA. A great example of this was when Target knew that a girl was pregnant before the family knew.

With some data collectors, it is possible with the right set of values that individuals can be re-identified, and these new apps and company-generated health data are not covered by HIPAA or HITECH. Big data tracks everything these days, and healthcare is just one of the next targets.

So what do companies do with this type of data? We don’t always know. ONC’s Chief Privacy Officer Joy Pritts stated “We are encouraging people to move their information potentially out of the HIPAA-covered bubble and out into the hands of others who may not be subjected to HIPAA,” Pritts explained.

We discussed earlier that these new applications may not be covered by HIPAA, but the common user does not necessarily realize this, and this needs to be better explained. The public needs to start thinking about this because when we choose to share our data with an app or any other medium, we should know how our data is being used and whether our information is being shared or disclosed with others.

This is no longer limited to patient-doctor relationships or patient-hospital relationships. It is basic patient autonomy to know who has the right to collect our personal data, what rights we have regarding the data, and which laws protect or do not protect us. And, finally, who should decide how to tread in the gray areas.

We need to act now as now is the time for us to decide how patient healthcare should be treated when it comes to individuals, healthcare, businesses, and the law.

The following two tabs change content below.

Deepika Patel

PACS Regional Coordinator
Deepika Patel, MBA, is a certified radiologic technologist who has extensive experience as a clinical systems analyst, working directly with all clinical departments, interdisciplinary teams, and private practices. She also previously worked as a PACS administrator team lead and is CPHIMS certified. "The views and opinions expressed in this blog are Deepika's and are subject to change. They are not necessarily representative of the views and opinions of my current and past employers and/or other organizations that she works with."

, , ,