News Blog

Personal data for more than 6,000 UCSF patients was exposed online for more than three months last year, according to the San Francisco Chronicle.

The news is troubling on multiple levels. First off, it poses the risk that sensitive health information could be used against those patients by employers, health insurers, and others. It also could have allowed fraudsters to use the data to commit medical identity theft and get medical treatment and drugs without paying.

Also, while it's unclear exactly how the data breach happened, it's fairly clear that it arose after the hospital shared the data with a third party, Target America, hired to go through the patient database and find people to solicit donations from.

And finally, it took the hospital nearly six months to notify the 6,313 affected patients about the privacy invasion.

"The breach is a symptom, but the real ethics challenge is the extent to which health care institutions are tracking patients and their families for nonmedical reasons--for fundraising, marketing, advertising," Dr. Arthur Caplan, chairman of the department of medical ethics at the University of Pennsylvania School of Medicine, told the newspaper.

About a decade ago, wireless heart monitors hooked to patients at Baylor University Medical Center in Dallas went on the fritz, causing much scrambling among the building's engineering team.

The culprit, as it turned out, was interference from a nearby broadcast television station, which was testing its digital signal on the same channel where some of the medical devices operated, as detailed in the journal Biomedical Instrumentation & Technology a few years ago. The Federal Communications Commission ultimately cordoned off spectrum just for that purpose, although migrating there was largely voluntary.

Now, hospital administrators and medical device manufacturers fear similar problems could happen again if federal regulators don't place limits on requests by Google, Microsoft, and other high-tech companies to free up spectrum "white spaces" between television channels.

Those companies and consumer advocacy groups have been agitating in recent years for unlicensed use of those unused pockets because their signals can propagate long distances and penetrate walls, making them uniquely disposed to gigabits-per-second mobile broadband service--"Wi-Fi on steroids" or "Wi-Fi 2.0," as Google telecommunications counsel Rick Whitt has taken to calling it.

The medical community, however, wants to ensure those plans don't imperil the safety of its patients.

"If a new white space application that's operating thousands of times more powerfully came online, either in the hospital or outside the hospital, it could very well directly interfere with the telemetry system and prevent patient monitoring," Tim Kottak, engineering general manager for GE Healthcare's systems and wireless division, said in a telephone interview with CNET News.com this week. "The whole system could be taken out, just like what happened at Baylor."

Since the late 1980s, medical telemetry devices, as they're known, have been used in virtually every hospital throughout the United States to keep tabs on patients' vital signs, such as their heart rate and blood oxygen levels, Kottak said.

A patient wears GE Healthcare's Apex Pro, a wireless medical telemetry device. Telemetry devices continuously measure a variety of vital signs and transmit data to a central location.

(Credit: GE Health Care)

It works like this: The patient wears a small transmitter that's connected to a wireless network within the hospital, which consists of an antenna system and receivers. Through that system, doctors and nurses can generally check on the patient from anywhere in the hospital, without needing to be bedside, and the patient is meanwhile free to walk around to visit labs, get X-rays, and work on recovery without being tethered to equipment.

Unlike the National Association of Broadcasters, which has been the loudest opponent of the high-tech industry's white spaces plans, the medical industry isn't asking for a ban on all unlicensed TV white spaces uses by portable mobile devices. (General Electric, of course, also owns NBC Universal, a major broadcasting entity, but Kottak said his division isn't speaking for NBC in this matter.)

Rather, GE and others are seeking a compromise of sorts, in which certain channels would be off-limits, and device operators would be required to alert hospitals and other medical centers before deploying them nearby.

After the Baylor incident, FCC decided to set aside channel 37 of the broadcast TV band as a protected area for exclusive use by medical telemetry devices. But the FCC also allowed hospitals to continue operating existing devices on other TV white spaces, with the understanding that they would move be best served by moving to channel 37 eventually. It's operators of those older systems, which can cost millions of dollars to upgrade, that could face the rudest awakening if new gadgets come online without their knowledge, the medical industry says.

GE, for its part, would like to see the FCC continue to block off not only channel 37 but also adjacent channels 36 and 38, in an effort to create a greater buffer for its devices. It also wants the FCC to require new white spaces users to refrain from releasing new devices that use another popular location for medical telemetry devices--channels 33 to 35--for one year after any rules are developed so that hospitals have ample time to leave that spectrum. In addition, it's asking for the FCC to limit the power output of the new devices to reduce interference potential.

The American Society for Healthcare Engineering, a division of the American Hospital Association, has also weighed in, asking the Federal Communications Commission to require that anyone operating devices in the unused TV channels notify hospitals, nursing homes and other health facilities within range of the signals beforehand.

"With adequate advance notice, health care facilities operating these legacy systems can take steps either to identify the source of any interference and address it or to replace equipment that can no longer serve its intended purpose with newer, protected (channel 37) installations," Dale Woodin, deputy executive director of the American Society for Healthcare Engineering, wrote in a filing with the FCC.

Their recommendations may not be far off from reality. Google, for its part, has already embraced at least some of those suggestions, proposing in a recent filing with the FCC that unlicensed white spaces be prohibited from operating in a "safe harbor" between channels 36 and 38, specifically citing concerns over medical telemetry devices.

Brian Peters, a spokesman for the Wireless Innovation Alliance, which is pushing for the unlicensed white-space use, said discussions with GE are "ongoing" and voiced confidence that they can reach an agreeable solution that allows for unlicensed use of mobile broadband devices. The Wireless Innovation Alliance's members include companies like Google, Microsoft, Dell and HP, and consumer advocacy groups like Public Knowledge, U.S. Public Interest Research Group, and Free Press.

"We are also fully confident that the FCC engineers can write the rules necessary to prevent interference to medical devices," Peters said in an e-mail interview. "The FCC is the expert agency, and they've been managing medical device spectrum issues for years."

Even if the medical devices industry reaches an agreement with the high-tech companies, however, the broader white spaces debate is likely to continue. The National Association of Broadcasters hasn't budged from its position that allowing unlicensed devices on TV bands is "a guaranteed recipe for producing interference and should not be allowed under any circumstances." It also claims more than 70 members of Congress share its concerns, although that opposition is far from universal.

The FCC is currently retesting early-stage equipment designed to "sniff" for broadcast signals to ensure new devices don't operate there and cause interference. But it's not expected to issue any rules for the white spaces for another several months. Even then, the spectrum won't be available for use until at least February 2009, when over-the-air broadcasters are required to vacate that band as part of the congressionally mandated shift to all-digital television.

Update at 12:19 PM PT: This story was updated to reflect the World Privacy Forum's position on PHRs in general.

Google is set to announce on Thursday that it will be using the Cleveland Clinic hospital in Cleveland, Ohio as the pilot site for its new personal health records initiative.

The Cole Eye Institute (foreground) and the taller Crile Building, which is the flagship facility of the Cleveland Clinic.

(Credit: Cleveland Clinic)

Between 1,500 and 10,000 patients at the Cleveland, Ohio, facility will participate in the project's test run, volunteering to have their medical records transferred to their Google accounts. The hospital already keeps electronic records for over 100,000 patients in an internal system called MyChart, but when those personal health records, or PHRs, are shared with Google, patients will be able to use them outside of the Cleveland Clinic. Included in the data will be prescription information, medical histories, and details about conditions and allergies.

"Patients are more proactively managing their own healthcare information," Dr. C. Martin Harris, the Cleveland Clinic's chief information officer, said in a statement. "At Cleveland Clinic, we strive to participate in and help to advance the national dialogue around a more efficient and effective national healthcare system."

"We believe patients should be able to easily access and manage their own health information," Marissa Mayer, Google's vice president of search projects and user experience, said in the same statement. "We chose Cleveland Clinic as one of the first partners to pilot our new health offering because as a provider, they already empower their patients by giving them online tools that help them manage their medical records online and coordinate care with their doctors." Additionally, Cleveland Clinic president and CEO Delos M. Cosgrove is a member of Google's Health Advisory Council.

Google isn't the only tech titan looking to change the healthcare industry. AOL founder Steve Case has launched a new company, Revolution Health; InterActiveCorp has invested in several health-related start-ups; and Microsoft has been working on a medical record service.

But all these "health 2.0" initiatives will inevitably raise privacy concerns, and critics of such projects have already begun to make themselves heard. The World Privacy Forum, which has highlighted concerns about medical identity theft in the past, has already issued a report voicing concerns about third-party PHR systems that aren't covered by the Health Insurance Portability and Accountability Act (HIPPA), which has been in effect since 1996 and requires individuals to be notified when a party other than a patient's doctor wants to access confidential medical data.

Not only is security an issue, the nonprofit has said, so is the likelilhood that marketers and other corporate entities will be able to exploit otherwise confidential data. The World Privacy Forum has not taken a specific stance on Google's new project or on others like Microsoft's.

Google is of particular concern to some privacy advocates because the company already has so much data about its users.

"While PHRs may have some laudable goals," the report by privacy consultant Robert Gellman read, "they are also a tempting target for companies or others that want to evade whatever privacy protections remain in the health care system in order to make a profit."

First AOL, next a revolution.

AOL co-founder Steve Case announced Wednesday his online health and wellness company, Revolution Health Group, has acquired HealthTalk, pushing his company into the ranks of the second-largest health information site on the Net.

The deal is designed to bolster Revolution's offerings beyond the health and wellness category and into the area of supplying content on chronic conditions. The acquisition marks yet more activity in the online health care arena, which has seen not only mergers but also the birth of medical and health-related search engines, according to American Medical News. There's also been a surge in the number of Web sites relating to health, well-being and care, such as Caring.com.

HealthTalk's site covers a range of chronic illnesses, from rheumatoid arthritis to Alzheimer's to cancers to colitis. The multimedia site, which includes original content with medical experts and interactive programming, draws more than 1 million unique visitors per month. The site is accessed by more than 500,000 members, who receive targeted health information.

Financial terms of the deal were not disclosed.

Revolution Health Group, with its latest acquisition, reaches more than 12 million unique visitors a month, putting it behind only the WebMD Health Network, which generates 40.8 million unique visitors per month.

HealthTalk will operate as a site within the Revolution Health Network, which includes CarePages.com and RevolutionHealth.com. The Revolution Network is also affiliated with drugstore.com and SparkPeople.com.