Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Jodeo

macrumors 6502
Original poster
Sep 12, 2003
257
136
Middle Tennessee
I avoid Google products. Aside from YouTube and Waze I'm pretty much able to avoid their stuff because of how bad they are with privacy.

A healthcare provider now requires a family member to do telehealth using Chrome. Their system doesn't play well with Safari; indeed, we weren't even able to connect from their laptop (but could with mine - both running identical OS and Safari versions, etc.). Anyway...

As much info as Google collects, is there any credible indication that they don't collect data, including audio (transcriptions) or videos from HIPPA-defined electronic communications?
 
The short answer is that Chrome does not have the ability to transcribe your video calls and collect data on it, even if you're using a Google service like Google Meets. The idea that Google or Facebook are listening into our conversations through microphones (or in this case tapping into video calls) is a myth that's been fairly well debunked.

So no, whatever your family member discusses with their doctor on their telehealth call will not be tracked by Google. The idea that our phones are listening in on us for data collection has been debunked many times. Google can see that your family member went to the website, they can see your family member participated in a video call, but they cannot listen in on what the call was about. (If your family member turns around and uses Google to search for something discussed in the conversation that is fair game).

There are a few things you can do for added security:

  • Try signing in with a Chromium-based browser that's not Chrome, such as Edge, Brave, Vivaldi, or Chromium itself.
  • If you do have to use Chrome itself do not sign into the browser or the Google page with a Google ID. Any data collected by Chrome will exist as an isolated bubble if Chrome is used strictly for the telehealth calls and won't be associated to a main profile.
  • Access the telehealth website using Incognito Mode.
 
The idea that Google or Facebook are listening into our conversations through microphones (or in this case tapping into video calls) is a myth that's been fairly well debunked.

First, thanks for that bradman83.

I'm more comfortable allowing Chrome for audio/video for now. We use MS Teams at work and it's ability to transcribe conversations isn't horrible (sometimes hilarious).

In ~10 years we'll be discussing how Siri's not getting the right therapy from his or her AI practitioner...

Now, about that myth... :mad:
 
First, thanks for that bradman83.

I'm more comfortable allowing Chrome for audio/video for now.
I recommend you avoid Chrome and follow Brad’s advice to try a Chromium-based browser. If this doesn’t work, please contact the healthcare provider and let them know you have a problem with Google products.
 
I avoid Google products. Aside from YouTube and Waze I'm pretty much able to avoid their stuff because of how bad they are with privacy.

A healthcare provider now requires a family member to do telehealth using Chrome. Their system doesn't play well with Safari; indeed, we weren't even able to connect from their laptop (but could with mine - both running identical OS and Safari versions, etc.). Anyway...

As much info as Google collects, is there any credible indication that they don't collect data, including audio (transcriptions) or videos from HIPPA-defined electronic communications?

That's an interesting requirement and not one I've seen. Are they intentionally partnering with Google or are they using software that just happens to only work with Chrome?

Note that HIPAA does not protect all health information. It puts rules and controles and such around health care "providers" (and other "covered entities", etc) for using, disclosing, and protecting Protected Health Information (PHI). It places responsibility for privacy on the provider and its vendors (in the form of Business Associate Agreements [BAA] that the provider is required to have with vendors who will handle its PHI). Google as typically accessed is not subject to HIPAA and can use and disclose health information like any other information it collects. However, Google as contracted by a provider to handle PHI would then be subject:


However, a browser isn't "HIPAA" compliant. A browser can be unsuitable for use in an environment subject to HIPAA but there are no HIPAA compliant browsers because compliance is something that a provider achieves with regards to all their processes and technology*.

In this case I am suspicious this provider is meeting HIPAA requirements. Not that you can't workaround the default behavior of standard Chrome as others have mentioned but I would be surprised if a software vendor handling PHI created a service that only works with Chrome but is otherwise compliant with HIPAA. Similiarly, I am suspicious of a provider that contracts with such a vendor. All could be kosher here but it would prompt me to look into this provider and their vendor to see if they have any idea what they doing.

Last, note the some states impose greater privacy protection requirements than the federal standards and providers dealing with substance abuse are subject to even greater protection. I only bring these up in that I would run as far away as possible from any substance abuse provider who doesn't understand their responsibilities under the (even stricter) laws related to substance abuse (the data portion of which is known as "42 CFR Part 2"...). Maybe they are great at what they do but in my experience where there's smoke there's fire.

*FYI there is also no official HIPAA certification for providers either -- a provider can decide they meet their requirements under HIPAA and be done with it but there is no requirement for an external organization to certify (putting aside hospitals and the like that will have to show some effort to be compliant as part of more general accreditation or licensing processes). They can undergo audit by an external organization but that is purely up to them. The enforcement mechanism is that failing to meet their responsbilities under HIPAA could subject them to regulatory and/or legal actions.
 
I would stick with Brave as an alternative.

Almost all Chromium-based browsers are tied, in one way or another, to a company or entity that benefits from your info (for example: Edge = Microsoft, Vivaldi = pretty much anyone with a dollar to buy your info, etc.)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.