This is great news! Google protecting ePHI and other sensitive patient medical records is extremely valuable to the healthcare field. It was announced today that Google will be removing medical records data from it’s search engine results.
Google Protecting ePHI
Google has made changes to its personal information policy. Yesterday, it began removing private medical records from its search results. Without receiving requests for removal, Google has now started removing what it labels the “confidential, personal medical records of private people.” The most recent change to Google’s removal policy came in 2015 when the company said it would delete “nude or sexually explicit images that were uploaded or shared without your consent.”
Leaks of medical information can be especially damaging to individuals, emotionally and financially. For example, cybercriminals who use ransomware to extort money from hospitals can gain access to protected health information and hold that data for ransom. Whether or not the ransom is paid, they can release the health data on the Internet, where Google’s search engine can pick it up. By removing it, it lessens the strength and “bargaining” power of the cybercriminals. If they cannot publish your information, there is no reason to pay them.
Traditionally, Google has had a hands-off policy to search results, letting its algorithm do all the work. Reaching into results and removing private medical information is a marked change from that policy. That policy has come under fire from some quarters in recent years with the rise of so-called fake news and blatantly false information. Google reacted by downgrading contested information in its search results. It basically accuses them of picking and choosing, but in this case, I think it’s necessary.
Statement from Google
“To decide if a piece of personal information creates significant risks of identity theft, financial fraud or other specific harms, we ask is it a government-issued identification number?” Google said on its website. “Is it confidential, or is it publicly available information? Can it be used for common financial transactions? Can it be used to obtain more information about an individual that would result in financial harm or identity theft? Is it a personally identifiable nude or sexually explicit photo or video shared without consent?”