Google has provided some more information about their beta eHealth product, including this claim regarding privacy and security:
Privacy and Security – Due to the sensitive and personal nature of the data that will be stored in Google Health, we need to conduct our health service with the same privacy, security, and integrity users have come to expect in all our services. Google Health will protect the privacy of your health information by giving you complete control over your data. We won’t sell or share your data without your explicit permission. Our privacy policy and practices have been developed in thoughtful collaboration with experts from the Google Health Advisory Council.
The notion that Google will conduct their health service with “the same privacy, security, and integrity users have come to expect in all our services” causes me some pause. Google currently tracks my search queries in order to place advertising, scans the content of incoming Gmail messages for similar monetization, and, given their vast suite of products and services linked by a common Google Account, has the ability to create detailed dossiers on users online activities. I hope they treat my personal medical data with greater “privacy, security, and integrity” than how they track and monetize my general search activities and e-mail messages.
Google also states “We won’t sell or share your data without your explicit permission.” This is troubling to me as it signals the possibility exists that Google will want to sell or share my data with third parties. We need to learn more about what Google is contemplating here: What plans exist to sell or share my medical data if I do give explicit permission? How will my data be used, and by whom? How will my permission be granted? Will I know who is using the data and how? Can I decide I want to share it with certain parties and not others?
The note mentions the privacy policy for Google Health. A screenshot provided by Google also shows links to the service’s privacy policy. As far as I can tell, however, the actual policy hasn’t been made available, so we can’t evaluate its claims and promises. I urge Google to share this policy ASAP.
A bit more information as been made available via the press. This Cnet article notes that:
“Google won’t sell the data and won’t put ads on the site, but rather hopes to drive traffic to partner sites where there will be ads. In addition, Web searches will not be used to provide services or information to users of Google Health, Google representatives said.”
This provides a bit more clarity, but I still hope to be able to sit down with Google’s people to discuss these issues in more detail, much in the way Microsoft has made itself available on its HealthVault product.
(As an aside, I’m also tracking various conversations and debates over the extent to which HIPAA applies to these platforms – I hope to assemble my thoughts on that soon)
MichaelZimmer.org 
It’s a great idea in principal but I don’t think it will fly. Google could have done a lot more for health care by putting their computing power behind helping to organize primary health care. The truth is most of us don’t need this service. The idea that paid advertisers will flash on the side of my health record (imagine what I’ll see when I’m diagnosed with ED) makes me uneasy even if my records are protected. http://www.waittimes.blogspot.com