Google’s director of public policy, Pablo Chavez, and Google attorney Michael Yang were intensely questioned for two hours by members of the House Energy and Commerce committee in a closed-door meeting on February 2. After the meeting, a number of Representatives expressed their dissatisfaction with Google on a number of privacy issues. Representative Mary Bono Mack is concerned, in particular, that Google may be sharing personal health information inappropriately, in direct violation of HIPAA.
“[S]ay you do a Google search for cervical cancer and you forget to sign out,” Bono Mack explained to USA Today. “Are you being tracked across all of the other products, and if so, that’s a violation of HIPPA. We’ve gone to great lengths in our society to protect people’s medical information. That question was raised.”
Bono Mack’s concern is that Google will remember the “cervical cancer” search even after the user moves on to another Google service, such as Gmail or YouTube.
But does HIPAA even apply to Google? The Health & Human Services website says that the law applies to “covered entities,” such as health care providers, health plans, and health care clearinghouses. Google certainly doesn’t fall under the health care provider or health plan categories, but could it be considered a clearinghouse? In his article on Search Engine Land, Matt McGee weighs in with a tentative “no.”
“When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.”
Even though Bono Mack insists that the Congressional hearings about online privacy will continue and will involve Google, McGee is of the opinion that the HIPAA angle won’t gain much traction.