After the fall AAP meeting, I wrote about the inherent dangers of Microsoft's new Health portal. It should be no surprise that Google has gotten into the act - there are hundreds of millions of dollars in ad revenue at stake here, and that's without selling the amalgamated data.
Apparently, Google's effort might represent a greater threat to medical privacy, as their security track record is actually worse than Microsoft's! The bottom line is quite scary: because Google isn't a "covered entity" they are immune from HIPAA scrutiny!
Slashdot has assembled a quick response, but their primary references are this one and this one. I think a quick read of any of these references will tell you enough to keep your data out of there for a while. You don't even need to read their agreement terms, like this:
When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services.
Back to the 99051s in a bit.