Google has made changes to its personal information policy, including a big one for the healthcare industry, as the search giant begins the process of removing private medical records from its search results.

Without receiving requests for removal, Google has now started editing out what it labels the “confidential, personal medical records of private people.”

The most recent change to Google’s removal policy came in 2015 when the company said it would delete “nude or sexually explicit images that were uploaded or shared without your consent.”

Leaks of medical information can be especially damaging to individuals, emotionally and financially. Cybercriminals who use ransomware to extort money from hospitals can gain access to protected health information and hold that data for ransom. Whether or not the ransom is paid, they can release the health data on the Internet, where Google’s search engine can pick it up.

Google has traditionally had a hands-off approach to its search results, letting the algorithm do all the work. Reaching into results and removing private medical information is a marked change from policy and Google has instituted a firm set of criteria.

“To decide if a piece of personal information creates significant risks of identity theft, financial fraud or other specific harms, we ask is it a government-issued identification number?” Google said on its website.

“Is it confidential, or is it publicly available information? Can it be used for common financial transactions? Can it be used to obtain more information about an individual that would result in financial harm or identity theft? Is it a personally identifiable nude or sexually explicit photo or video shared without consent?”



White papers