Is Google Glass HIPAA compliant?

Effective Aug 8, 2013

Published Aug 8, 2013

Last Reviewed Aug 7, 2013

Google Glass is neat, but can it create a medical information privacy issue? Probably, recent reports suggest.

Physicians are getting into Google Glass, a wearable device which allows instant access to the internet, voice-activated commands, and live recording and posting of the user’s experiences, including medical procedures.

Its usefulness is obvious: HealthTechZone quotes a Maine surgeon who used Google Glass while placing a feeding tube in a patient and reports that the device “could allow better intra-operative consultations, surgical mentoring and potentiate remote medical education, in a very simple way.” VentureBeat lists other plausible suggestions for medical use, e.g., “Rather than referring to a medical textbook, physicians can perform a search on the fly with their Google Glass…”

But some observers are weighing the wow factor against the possible liabilities — particularly from a privacy/security perspective.

As a commenter at the KevinMD blog puts it, “Doctors cannot use Google Glass until/unless Google becomes HIPAA compliant, because your patient's data is stored on their servers and on their terms, not yours. Google would need to follow all of the steps in the HIPAA Compliance checklist, and more. This is the same reason you cannot use Google Mail (Gmail) for patient data.”

At Gigaom, Ki Mae Heussner notes that, according to a legal expert, “Under new HIPAA rules, providers’ ‘business associates’ have specific compliance obligations and it’s unlikely that Google wants to sign contracts formalizing that relationship, which means hospitals (if authorities checked) could be considered in violation of the rule…”

What’s even more discouraging is that just last month a security firm discovered “a vulnerability that allows an attacker to create a QR code which, when read by the Google Glass system, can grant them full control of the wearable computing device,” reports the IT Secuity Blog at Securencrypt.

“The relationship with a patient is something sacred,” Jason Mitchell of the Center for Health Information Technology at the American Academy of Family Physicians tells Politico, “and things that occur within that interaction — whether video, audio, all of that — [have] to be protected.”

Medical Practice Compliance Alert and the HIPAA Answer Book provide coverage of HIPAA issues and how to bring medical practices up to speed on them. We haven’t created tips for HIPAA-proofing Google Glass yet, but we’ll probably have them before you get one.

The information contained herein was current as of the publication date. © Copyright DecisionHealth, all rights reserved. Electronic or print redistribution without prior written permission of DecisionHealth is strictly prohibited by federal copyright law.