Privacy & Security
Google to remove medical records data from search results to combat leaks
Private medical data will be removed, taking away a tool cybercriminals could use to extort hospitals, patients.
Google has made changes to its personal information policy, including one big one for the healthcare industry: The search giant on Wednesday began removing private medical records from its search results.
Without receiving requests for removal, Google has now started removing what it labels the “confidential, personal medical records of private people.” The most recent change to Google’s removal policy came in 2015 when the company said it would delete “nude or sexually explicit images that were uploaded or shared without your consent.”
[Also: Outsourced cybersecurity staff, one way healthcare is getting around the talent shortage]
Leaks of medical information can be especially damaging to individuals, emotionally and financially. For example, cybercriminals who use ransomware to extort money from hospitals can gain access to protected health information and hold that data for ransom. Whether or not the ransom is paid, they can release the health data on the Internet, where Google’s search engine can pick it up.
Google traditionally has had a hands-off policy to search results, letting its algorithm do all the work. Reaching into results and removing private medical information is a marked change from that policy. That policy has come under fire from some quarters in recent years with the rise of so-called fake news and blatantly false information. Google reacted by downgrading contested information in its search results.
[Also: You were warned: Ransomware experts saw this coming]
With regard to pulling information such as medical data from search results, Google has a firm set of criteria.
“To decide if a piece of personal information creates significant risks of identity theft, financial fraud or other specific harms, we ask is it a government-issued identification number?” Google said on its website. “Is it confidential, or is it publicly available information? Can it be used for common financial transactions? Can it be used to obtain more information about an individual that would result in financial harm or identity theft? Is it a personally identifiable nude or sexually explicit photo or video shared without consent?”
Email the writer: email@example.com
Like Healthcare IT News on Facebook and LinkedIn