Note: The Google Health Data API was officially deprecated on June 24, 2011 and has been discontinued as of January 2, 2012.
Last modified: September 2, 2010 (view archived version)
The Google Health APIs enable institutions to send access and copy health information from users’ Google Health profiles after permission has been granted. Google takes the privacy of its users’ data very seriously, and all institutions wishing to connect to Google Health must abide by the policies outlined below, as well as applicable law.
If your institution desires to retrieve health information from a Google Health profile, in addition to meeting the above conditions you must:
An institution retrieving health information from a Google Health profile must not:
Please note that if you are subject to the Health Insurance Portability and Accountability Act (HIPAA), either as a covered entity or a business associate, your institution must comply with all of the HIPAA requirements, and the requirements of HIPAA rather than requirements of this section ("Data Use Policy") will apply to your institution. If permitted by law, you must notify us if your organization becomes the subject of a HIPAA criminal investigation or has been assessed a civil penalty under HIPAA.
If your institution desires to send or retrieve health information from a Google Health profile, you must:
An institution sending or retrieving data to a Google Health profile must not:
During the account creation process, you must clearly inform the user if any of the user's data will be used for targeted advertising or research purposes.
The landing page (the target of the "Link to Profile" button) must:
Your service must also have a clearly visible link called "Unlink from Google Health" that allows users to unlink your website from their Google Health profiles. You must also allow users to re-link registered accounts to their Google Health profiles. If your institution reads from Google Health profiles, it must either automatically retrieve the latest data from the profiles upon login, or allow the user to initiate another read to retrieve any updates to the Google Health profile.
You must allow Google to actively test your integration by providing at least two test accounts prior to launch, and must maintain them as long as the integration is live. Test accounts must be pre-populated with a variety of data, and have regular updates of synthetic data. Specific data attributes may be requested by the Google Health Team.
If your entity is covered by HIPAA or is a business associate of a HIPAA-covered entity, you must comply with the HIPAA security rule. For other entities, you must use generally adopted industry web security standards for controlling access to your servers and user accounts. We suggest reviewing the HIPAA security rule for a good list of issues to consider when designing your security infrastructure. While not all the items in the rule will apply to all companies, most of the items they discuss are good security principles for any web service that holds user data. In addition, (whether you are covered by HIPAA or not) you must comply with all technical specifications provided in the Google Health API documentation, and you must notify Google if you experience a breach or misuse of information which includes any data from Google Health, including any breach in connection with transmission of data to Google Health.
Google Health gives integrated institutions the opportunity to provide notices to users. To ensure a positive user experience, you must abide by these guidelines:
* Definition of promotional: Promotional materials are any materials that promote a product or service - such as encouraging the user to purchase or "ask their doctor" about a specific item. This includes coupons and sale announcements, as well as drug advertisements.
Any proposed integration with Google Health must first be reviewed and approved by the Google Health team per all policies described in this document. You will also be required to agree to the Terms of Service.
Online pharmacies will be permitted to integrate with Google Health only after completing Google's online pharmacy qualification process. The requirements are the same as those of online pharmacies utilizing Google AdWords.
By listing yourself as a Google Health integrated service, Google does not endorse or otherwise affiliate itself with your website or institution. You may not display the Google Health logo or descriptive web copy in a way that implies such an endorsement. Your website or institution should only display the Google Health logo or descriptive web copy to emphasize a technical integration.
In describing your service, refrain from using the words "joint developer".
If you've successfully integrated with Google Health and remain in good standing, please display the Google Health logo on your service. This logo informs prospective users that you are integrated with Google Health. You may not alter the size, shape, color, or any other aspect of the Google Health logo provided by Google. Any use of the Google Health product name, logo, or associated imagery not explicitly authorized in this section is strictly prohibited.
The logo must:
The following are the areas on your service where you can use the Google Health Logo:
Treat the phrase “Google Health” as you would a logo, following these simple guidelines: Review Google's Trademark Guidelines for information on using Google's trademarks.
Trademarks are important business assets that decrease in value when used incorrectly. When creating your integrated service, keep in mind that you are fully responsible for your service's content and for adhering to our Terms and Conditions, which prohibit intellectual property infringement.
For more information on branding and trademarks, see Google's Corporate Branding Guidelines.
You may not capture or reproduce Google Health screenshots and list them on your service without written approval from Google.
You may not reproduce the Google Health logo or describe the service and use the Google trademark name in any sales materials or marketing collateral without written permission from Google first. Any inclusion of the Google Health logo in your marketing materials must be approved in advance in writing by Google. This includes online and offline advertising and collateral, such as case studies, client and referral lists, sales presentations, print, broadcast, outdoor or online ads, product demos, signage, and trade show booths.
Google Health will occasionally highlight certain integrations in our own online and offline marketing materials. Integrations that are promoted in this way will not receive any form of preferential treatment in the actual Google Health listings or our search results.
Google generally does not issue releases to announce integrations. Any institution wishing to issue a press release that refers to Google or Google Health by name must get prior approval in writing from Google's health team staff and public relations department.
For more information on promotions, see Google's Corporate Branding Guidelines.
Please note that we reserve the right to disapprove any listing for any reason and to modify or amend our policies at any time. If we amend this policy, you have 90 days to bring yourself into compliance with the new policy.
September 2, 2010