Is there any rhyme/reason to the title change? I'm interested in the discussion specifically related to how Helpouts will impact telemedicine, and healthIT culture, particularly as Google moves to federal licensure.
This is a huge game changer for the health innovation community.
And for those who don't think so, Google, Amazon and the like have been quietly rolling out new BAA to fall in step with fresh HIPAA omnibus requirements.
What does HIPAA compliance in that setup mean? That any physician can discuss your disease with someone else? I am not a deep expert in HIPAA but I can hardly believe that this would be compliant, even if the name of the patient isn't disclosed.
I would be pretty upset if my physician discusses my diseases using Google.
(once upon a time I worked at a company that did health claim processing, so I had the standard course of HIPAA training, though this was about ten years ago)
I think you may be overestimating what the HIPAA privacy rule does. First of all, there are some automatic exceptions to the privacy rule, which allow information to be disclosed without requiring the patient's authorization.
One is an exception for law enforcement; we would occasionally get LEOs contacting us, and we had people to forward that to, who would make sure that they came with valid warrants/court orders/etc. to get the information.
The other is the broad "TPO" exception: that's Treatment, Payment and Operations. Which means your doctor can share information with other medical personnel, for example, and disclose details to your insurance company, and so on.
Finally, anyone else can get access so long as the patient has provided a written authorization to allow it. And generally anyone who's smart is going to get that authorization up-front.
HIPAA also defines the scope of "Protected Health Information", which is essentially individually-identifiable information relating to a person's past/present/future health, health care they have received/are receiving/will receive, and related payment information.
Now, I don't know offhand what exactly Google intends this service to do, or what steps they've taken to achieve compliance, but I don't see it as being particularly difficult to achieve.
I would be pretty upset if my physician discusses my diseases using Google.
Your physician likely already uses the internet, the telephone system and regular old snail mail to transmit/discuss information about patients, including you. Do you trust any of those more than you trust Google?
I think the HIPAA comment is likely referring to users being able to talk to healthcare professionals. I very much doubt that line was talking about surgeons, etc. asking for advice.
HIPAA means a little more than that. I spent years as a pharmacy technician and can attest to all the shredding, blacking out of names, etc. Disclosing PHI (Personal Health Information) without a reasonable need for it was a very serious offense. HIPAA also forces providers to give you access to all of the PHI related to you that they maintain. Obviously HIPAA doesn't solve patient privacy entirely, as in your fax tray example, but I like to think it does help.
I think regardless of the actual security HIPAA brings, it's a very good thing so that interesting services like remote psychotherapy can be performed without doctors risking themselves from a regulatory perspective.
Well, more like none of that messy traveling, possibly across the country (or countries) if, say, you're on a trip and want to have a session with a therapist you've had for years.
For what it's worth, I imagine that there are some people that have particular social aversions that might benefit from a remote session.
This is a huge game changer for the health innovation community.
And for those who don't think so, Google, Amazon and the like have been quietly rolling out new BAA to fall in step with fresh HIPAA omnibus requirements.
Edit: http://www.emrandhipaa.com/emr-and-hipaa/2013/06/19/amazon-a...