Google on Thursday announced it will remove "confidential, personal medical records of private people" from search results on a case-by-case basis to help crack down on identity theft.
Google's search removal policies
According to Bloomberg Technology, Google previously only removed webpages that had personally identifying financial data, such as credit card numbers, and webpages that violated copyright laws. The most recent change to that policy, according to Healthcare IT News, occurred in 2015, when the company said it would also begin removing "nude or sexually explicit images that were uploaded or shared without ... consent."
Google also has adjusted its search ranking algorithm to downgrade fake news in its search results, Bloomberg reports.
Decision follows health information security incidents
According to Becker's Health IT & CIO Review, the announcement comes after several security incidents involving health care data demonstrated how medical information can be posted online.
For instance, a pathology lab in Indiana in December 2016 accidentally shared more than 43,000 patient records online—including sensitive data, such as names and HIV test results—which according to Bloomberg were indexed by the search engine. In addition, cybercriminals can use ransomware to access patients' medical data, which if posted online could appear in Google's search results, Healthcare IT News reports. Cybercriminals often threaten to post the information online unless a hospital or health system pays the demanded ransom.
To decide whether a piece of personal information—such as medical data—should be removed from search results, Google said it would assess whether the data "creates significant risks of identity theft, financial fraud, or other specific harms" by asking the five questions:
- "Is it a government-issued identification number?";
- "Is it confidential, or is it publicly available information?";
- "Can it be used for common financial transactions?";
- "Can it be used to obtain more information about an individual that would result in financial harm or identity theft?"; and
- "Is it a personally identifiable nude or sexually explicit photo or video shared without consent?"
According to Google, the policy will be applied on a case-by-case basis. The company added, "If we believe that a removal request is being used to try and remove other, non-personal information from search results, we will deny the request" (Cohen, Becker's Health IT & CIO Review, 6/23; Siwicki, Healthcare IT News, 6/23; Bergen, Bloomberg Technology, 6/23; Google support page, accessed 6/27).
Why the EHR life cycle is just like raising a child
A successful EHR system requires budget, resources, and planning—not only before it goes live, but after as well.
In fact, the process of implementing, deploying, maintaining, and optimizing an EHR system is similar to that of raising a child—each stage of the process requiring a unique subset of people to ensure its success. Learn more about the seven stages of the EHR life cycle in this infographic.