I wanted to say something about Google Health.
I have been watching for some time the various schemes to centralize healthcare records, from Hillary Clinton and Bill Frist's unlikely alliance a couple of years ago to Washington State's efforts (my wife is on the Governor's HISPC Advisory Board, so I have gotten to watch some of the sausage-making close up) and in general I think that it is not only a good idea in theory but that there is a certain practical inevitablity to it.
Still, when prominent health organizations start considering placing PHI in the hands of the world's largest search engine company, I am a little less enthusiastic. For starters there is no accountibilty at this point. Google is certainly not a covered entity and for all of their massive and admirable ability to keep, sort and provide information to millions of users across the globe they, like any other company who does business internationally are susceptable to the whims of the governments of the countries where they do business.
Is my PHI a matter of national security? Of course not, and mine is especially boring; I have enjoyed good health for decades and have suffered from none of the things that might be of concern to anyone. But different countries have different privacy standards, different countries have different legal systems, and I have at least the expectation of privacy, as flimsy as that might be.
As far as I am concerned, the song goes like this: "Not covered by HIPAA? Then you don't get my PHI." Period.