Google Bans Personal Medical Records From Its Search Results


Google has updated its acceptable content guidelines to specifically exclude personal medical records from its search results pages. The content type joins a small selection of other banned forms of information which it will actively remove from searches. The company is generally reluctant to interfere with its indexing.

The new policy was spotted by Bloomberg in an updated Google support document. The company’s “Removal Policies” page now lists “confidential, personal medical records of private people” under the “information we may remove” section. Additional kinds of banned material include bank account and credit card numbers and sexually explicit personal images.

For a long time, Google only actively removed financial details and personal identification numbers. It only added the revenge porn guidelines in 2015 after coming under attack from the media and users. This makes the new ban on medical records significant, indicating the company is again relenting on the level of personal information it thinks can live online.

The BBC notes that Google has faced problems around medical search results. There have been incidents where medical data has been accidentally made publicly available, allowing it to be searchable online. This occurs either via data breaches or when healthcare organizations configure their systems in a way that incorrectly enables public access.

These scenarios could expose sensitive medical conditions that an individual would rather keep private. It also opens the door to another level of information scraping, such as the opportunity for health insurers to monitor you on search engines.

In 2015, a high-profile hack of U.S. insurer Anthem led to the theft of medical data on tens of millions of people. In a case more directly linked to search results, an Indian clinic inadvertently uploaded files on 43,000 patients to a public site last year. The data contained the results of blood tests used to check for various conditions, including HIV.

Google’s change in policy seems to be a reflection of the longstanding issues with putting medical information online. Recognizing that few people want their private health data to be publicly available, the company has updated its guidelines, so this kind of information is an explicitly “banned” content type.

Google confirmed to Bloomberg that the addition is effective immediately. The company also said the modification would not impact how ads are displayed against search results. The change is only designed to combat the increase in hospital data breaches as attackers target more high-profile organizations. All too often, this data ends up on the web, putting personal privacy at risk.

[Featured Image by Google]