

Google announces Helpouts - laurenstill
http://venturebeat.com/2013/11/04/google-helpouts/

======
laurenstill
Is there any rhyme/reason to the title change? I'm interested in the
discussion specifically related to how Helpouts will impact telemedicine, and
healthIT culture, particularly as Google moves to federal licensure.

This is a huge game changer for the health innovation community.

And for those who don't think so, Google, Amazon and the like have been
quietly rolling out new BAA to fall in step with fresh HIPAA omnibus
requirements.

Edit: [http://www.emrandhipaa.com/emr-and-
hipaa/2013/06/19/amazon-a...](http://www.emrandhipaa.com/emr-and-
hipaa/2013/06/19/amazon-aws-will-sign-hipaa-business-associate-agreement/)

------
chopin
What does HIPAA compliance in that setup mean? That any physician can discuss
your disease with someone else? I am not a deep expert in HIPAA but I can
hardly believe that this would be compliant, even if the name of the patient
isn't disclosed.

I would be pretty upset if my physician discusses my diseases using Google.

~~~
ubernostrum
(once upon a time I worked at a company that did health claim processing, so I
had the standard course of HIPAA training, though this was about ten years
ago)

I think you may be overestimating what the HIPAA privacy rule does. First of
all, there are some automatic exceptions to the privacy rule, which allow
information to be disclosed without requiring the patient's authorization.

One is an exception for law enforcement; we would occasionally get LEOs
contacting us, and we had people to forward that to, who would make sure that
they came with valid warrants/court orders/etc. to get the information.

The other is the broad "TPO" exception: that's Treatment, Payment and
Operations. Which means your doctor can share information with other medical
personnel, for example, and disclose details to your insurance company, and so
on.

Finally, anyone else can get access so long as the patient has provided a
written authorization to allow it. And generally anyone who's smart is going
to get that authorization up-front.

HIPAA also defines the scope of "Protected Health Information", which is
essentially individually-identifiable information relating to a person's
past/present/future health, health care they have received/are receiving/will
receive, and related payment information.

Now, I don't know offhand what exactly Google intends this service to do, or
what steps they've taken to achieve compliance, but I don't see it as being
particularly difficult to achieve.

 _I would be pretty upset if my physician discusses my diseases using Google._

Your physician likely already uses the internet, the telephone system and
regular old snail mail to transmit/discuss information about patients,
including you. Do you trust any of those more than you trust Google?

------
ck2
A fax machine can be HIPAA compliant, with your personal info just sitting in
the output tray for anyone to take.

(and that is how many doctors transfer your info around)

HIPAA doesn't mean anything in reality, it is just a false sense of security.

~~~
SapphireSun
I think regardless of the actual security HIPAA brings, it's a very good thing
so that interesting services like remote psychotherapy can be performed
without doctors risking themselves from a regulatory perspective.

~~~
ck2
None of that messy actually interacting with a human being in person eh?

~~~
SapphireSun
Well, more like none of that messy traveling, possibly across the country (or
countries) if, say, you're on a trip and want to have a session with a
therapist you've had for years.

For what it's worth, I imagine that there are some people that have particular
social aversions that might benefit from a remote session.

