undefined | Better HN

0 pointsaltgoogler6y ago0 comments

> You place more faith in HIPAA than I do. HIPAA does not protect privacy to the degree that most people assume.

That's correct. People would be surprised at the number of HIPAA violations that happen everyday. It is, however, among the strongest and most well-enforced data privacy laws (in the US).

> True, but that doesn't mean that Google is the right entity to do this. In my opinion, they're the wrong entity, because Google is not exactly trustworthy.

You're certainly right to be concerned. I don't share your opinion about Google per se, but this is important data for our society. I'd argue that OpSec at a large provider--let's say Microsoft--is more sophisticated than a start-up. So how does an organization decide who is the "right" entity to deal with?

> But they're Google. What this sort of thing means for me is that I need to start asking medical providers if they're participating in this sort of thing with Google (or other companies that I consider bad actors), so I know which ones to avoid using.

If this is important to you, I would strongly encourage it. Our health industry is better when consumers are better informed, and can make informed decisions. Personally, it's more important to me to be able to actually know how much a procedure is going to cost rather than who owns the AI stack behind their clinical decision support system.

0 comments

JohnFen6y ago

> So how does an organization decide who is the "right" entity to deal with?

Practically speaking, that's up to the company -- but the company needs to make sure that their clients are informed and are able to withdraw their data if they're concerned.

The larger part of what's wrong with this particular deal is that it was done in secret. Patients and doctors were not informed of this until after data has begun to be transferred. They should have been, and patients should have been given the option to remove their data from the dataset and find another health care provider if they wish.

> Personally, it's more important to me to be able to actually know how much a procedure is going to cost rather than who owns the AI stack behind their clinical decision support system.

I agree that knowing costs is very important, but we're miles away from that being a thing that is possible. In the meantime, I think it's important not to backslide in other areas such as this one.

I'd also say that my concern isn't really about who owns the stack, or the cloud. That sort of battle was lost years ago. My concern is the ability of Google to access that information.

j / k navigate · click thread line to collapse