• Home
  • Management


  • Category:
  • Document type:
    Case Study
  • Level:
    High School
  • Page:
  • Words:

6Should Google Organize your Medical Records?


Should Google Organize your Medical Records?

Management Information System

Should Google Organize your Medical Records?

1. The concepts in the chapter illustrated in this case study are accountability, responsibility and liability. Under accountability, Google must ensure that it has mechanisms in place to determine who takes responsible action or is responsible in the event of any security breach or misuse of the information stored in the Google Health. As the developer of the application, Google must ultimately be accountable for privacy or security breaches. Responsibility means that Google must assume responsibility for ensuring the data collected and stored by Google Health is secure and that there is no privacy breach, unauthorized access to or misuse of the medical information. Google must reassure its users that its privacy controls are sufficient to protect them from risks such as medical identity theft. For liability, as indicated in the case study, the federal and state governments must pass legislation to improve the protection of personal medical records. Given the high incidence of security breaches and privacy violations of electronic medical records, these laws should hold Google liable for such (Laudon and Laudon: Mc Donald, 2009).

The various stake holders in this case include Google executives and those of other electronic storage providers such as Microsoft, health care consumers or patients, current and future employers of health care consumers (patients), doctors and other medical practitioners, health insurance companies and medical related businesses such as pharmaceutical or medical supplies companies (Laudon and Laudon 2009).

2. America’s current medical recordkeeping system is paper-based which makes it costly and inefficient as it is difficult to communicate and access medical records. Such systems also make analysis, transfer (for instance through digitization by scanning) and sharing of medical information time consuming and expensive. Paper based data also occupies a lot of physical space which is limited. Electronic health records (EHR) will make it easier for doctors and health professionals to access, analyze, transfer and share medical information when a patient changes doctors in a more efficient and timely manner. Features such as the patient’s health profile which includes medications, allergies or even prescription refills and reminders for doctor visits will ease processes such as diagnosis, improve emergency services and reduce the waiting time for patients (McCarthy and Mary 2010). Applications such as Google health can accept and display information from and on multiple technologies in use which makes accessibility easier and streamlines recordkeeping.

3. Various managerial, organizational and technological factors are critical to the creation and development of EHRs. Under management, EHRs have the potential to dramatically lower the costs associated with maintaining medical data. However, this may in turn imply increased short run costs associated with implementing the data collection systems and training personnel to use them. Managers also have the task of ensuring the information collected is confidential or secure, does not violate patient privacy, is not used to profile patients, leaves them vulnerable to advertisers or is used to deny a patient their rights such as benefits or procedures (McGuire et al 2008). At the organization level, EHRs have the potential to make data more accessible and organized. However, this implies that the data may be vulnerable to unscrupulous people or organizations that may take advantage of the relative ease of analyzing this data and profiling consumers using methods such as cookies. Therefore, the federal and state governments in conjunction with private and non-profit medical service providers must pass and enforce legislation to avoid privacy violations and uphold protection of consumer data (McDonald 2009). Technologically, applications such as Google Health must blend in with existing technologies to make it relevant. Such applications should co-opt and be used from as many existing devices as possible. These applications must be created with universally available software and scripts to make their implementation and use easier and more efficient. Elaborate security measures must also be put in place to make the data safe from hacking or other privacy breaches unique to electronic data unlike paper based data which is only accessible physically.

4. The most obvious pros of EHRs are that they improve the efficiency of access, sharing, transfer and analysis of medical records. EHRs stored in digital format also have the potential to drastically reduce the costs associated with purchase and maintenance of stationery as is the case with paper based records. They also consume less physical space. Once in practice, they would also reduce the tendency to commit errors in procedures such as administering medicine, writing prescriptions and scheduling appointments, and making emergency procedures more accurate as the information on issues such as allergies and medical history would be available (Baron 2010: Mc Carthy and Mary 2010). The cons of EHRs include the high cost of initial implementation. This may include computerization and digitization of existing records to update or integrate patient records prior to implementation and the training of medical personnel and patients to use these systems effectively (Shilton 2011). In the current legal climate, such records are also vulnerable to medical identity theft and privacy violations through security breaches. Confidential medical and personal information may be made accessible to unscrupulous advertisers or organizations that may profile patients and flood them with unwanted adverts or malicious software. These records may also be use to deny patients (such as HIV positive patients) employment opportunities or potential health benefits (McCarthy and Mary 2010).

5. People should not trust Google with their medical records. Google is one of the world’s largest and most profitable organizations built on a strong reputation for its ability to collect and organize data through applications such as its search engine, Gmail (email), Google Earth (geographical maps) and Google Books. Google’s success is motivated by its corporate strategy to use such information for advertising purposes such as Gmail’s targeted advertisements. While Google Health has unlimited potential to improve the health system, Google is motivated by profitability and the potential to benefit from America’s largest GDP sector through advertising. The information collected by Google Health is sensitive and can have disastrous implications for patients in cases of privacy violations such as in Patricia Galvin’s case (Laudon and Laudon 2009). Further sensitive information such as HIV status can also have adverse effects for patients’ social and economic livelihoods if publicly available. In the current legal framework, Google’s security assurances are not sufficiently reassuring as it cannot reveal its security practices which are left to its discretion.

6. Some of the features to be included in an electronic medical recordkeeping system include a secure biometric ID system with a unique username and password. While a biometric system may be expensive, it would restrict access at both remotely and on site and reduce the likelihood of medical identity theft or privacy breaches. The system will also include firewalls with limited log-in periods and automated log-outs which ensure that the information is only available on a need-to-know basis (Iachello and Hong 2007). The website will also be encrypted to limit the possibility of data theft and will include multiple physical back-ups to provide users with assurance in case of any accident or massive security breach (Iachello and Hong 2007). Additional features may include mobile e-health centers or mobile vehicular stations to facilitate its applicability in rural areas or from remote sites with limited connectivity. To aid implementation, I would also include a Clinic Decision Support System (CDSS) which would help in data analysis and decision making within hospitals by on hand nurses. Finally, I would integrate the system within an Enterprise Resource System which would link it with other hospital or health center functions such as finance, supply chain management and human resource (Iachello and Hong 2007). Features to avoid would include sending unencrypted information over the website or open access and sharing of information. It would not be possible to share information unless sender and recipient are both logged in. I would also avoid pricing the system which would make it inaccessible to people without credit cards or children. The system should also not be complex but user-friendly.


Baron R. (2010). Meaningful use of health information technology is managing information. Journal of American Medical Association 304(1): 89–90.

Google Health. Retrieved August 15, 2011 from <www.googlehealth.com>

Laudon. K. & Laudon, J. (2011). Management Information Systems. London: Prentice Hall.

Iachello, G., Hong, J. (2007). End-user privacy in human-computer interaction. Foundations and Trends in Human-Computer Interaction 1(1): 1-137.

McCarthy, W. & Mary, L. (2010). Paging Dr. Google: Personal Health Records and Patient Privacy. William and Mary Law Review 51 (1) :2244-2268.

McDonald, C. (2009). Protecting patients in health information exchange: A defense of the HIPAA privacy rule. Health Affairs 28(2): 447-449.

McGuire, A. et al (2008). Confidentiality, privacy, and security of genetic and genomic test information in electronic health records: points to consider. Genetics in Medicine 10 (7): 495-499

Shilton, Katie (2011). Four Billion Little Brothers. ACM Queue 7(7). Retrieved on August15, 2011 from <
http://escholarship.org/uc/item/2xr2r802;jsessionid=3CF4A261BE2386EF35E7E1F2DA 46E410#page-4>