Are Google Voice Conversations Private?
 

This evening a medical professional asked me if she could use Google Voice for calling her patients. She uses a landline now, and was thinking about dropping it and switching to GV.

I did a little research (using queries like privacy "google voice" site:google.com) and found nothing useful.

I did find a 3-year-old posting which suggested that Google is capable of data-mining GV phone calls, like they do GMail, in order to better target advertising. This would certainly not be appropriate for physician - patient conversations...one can envision ads appearing in your GMail account the next day for baby accessories or funeral homes.

Does anyone have any updated information on the privacy, or lack, for phone calls over Google Voice?

I'm no IT expert, and it's not answering your precise query, but I believe that Skype calls are very secure (as long as one uses bona fide skype, not, e.g. the version available in China), and far more so than standard telephony.

If GV uses similar technology, than it should be fine.

tb

Google Voice is capable of transcribing audio conversations into text. It's one of the really neat features of the Google Voice voicemail to be able to read your voicemails on an Android phone instead of listen to them. I would guess they are able to data mine it just like your Gmail or web searches to customize ads. Google Voice is a completely free service where you get your own phone number so I don't think you'd have any expectation of privacy. Skype or even Magic Jack are probably a better option, albeit ones that aren't totally free. You can set Skype up to show another number on the caller ID for outbound calls if that would work for her (and those calls would be free.) I can't imagine a landline with unlimited local calls would be that expensive though, especially for a business...

The only truly secure communications are those that are encrypted end-to-end, between devices that you 100% trust. Landlines, Google Voice, and all other services that run though servers you don't control are all subject to eavesdropping.

Unless you happen to be a government agency such as military or an intelligence agency, privacy cannot be assured.

A medical professional is going a little over the top to worry about privacy on this issue.

Someone whose name is on a a special list created by "unknown" people in the White House should be worried and so should their friends and wives. Enemy combatants and their friends should also worry.

But a doctor, medical professional?...Either they are stupid about tech or have a god complex.

As a lawyer, I can tell you we are not exactly stupid about tech. We have bored ethicists with too much time on their hands handing down really silly opinions about what our duty to protect client confidentiality includes. They tell us we have to use encryption, fretted big time when cell phones were analog, but have not once told us that we have to increase the quality of our locks on our brick and mortar offices or that it is unethical to put a client file in a car trunk which any punk with a screwdriver can break into in 20 seconds or less.

Doctors are hearing about the quality of encryption needed to store medical records in the cloud, etc. Probably half of us secretly want to tell the ethicists to stick their ethics opinion where the sun doesn't shine, but we face sanctions for not adhering to these opinions.

Google Voice is probably equally as secure as a landline. Skype offers some encryption but, again, if the conversation terminates at a landline then the encryption isn't end to end.

I think you're worrying too much. Use whatever you want to call the person.

I would comb through the term of service if you're worried. It's a free service, and google does do a lot of data mining. Very possible they keep those transcripts the provide somewhere on their servers. I personally don't care because I use google voice for personal reasons here and there and none of the info is sensitive but if you're in that situation look through it and see who owns the data and what can be done with it, should be in TOS.

Google's privacy policy and TOS can be found at http://www.google.com/policies, but I don't see an answer to the question of whether Google mines voice conversations over Google Voice.

This would not be important for most personal conversations, but it is important in certain fields like attorney-client, doctor-patient, creditor-debtor, etc.

Um, no, there is this thing called HIPPA that is causing medical professionals to go to extremes to protect patient information lest they run afoul of the Feds.

Does Google have a healthy reserve of money? Yes.

Can you hire an attorney and sue Google if they are monitoring your Google Voice conversations for any reason? Yes.

Will you win? Yes.

Will your attorney make money? Yes.

Will you make money? Probably no.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3)

I am curious why they feel the need to use Google voice - period. The only thing I can come up with is international calls. Otherwise, the cost of a landline + cell is so miniscule in the scheme of things.

How can the attorney/doctor/creditor know exactly what kind of phone service the client/patient/debtor uses? Probably reason enough for Google not to mine phone calls.

There is a serious issue here for both lawyer-client and physician-patient privileges. Although some professionals may scoff at the ethics governing these privileges, some court decisions turn on whether the privilege could be invoked or has been waived by some action that, without thinking, might seem harmless. In 2007, our Supreme Court in Virginia held that a client had no reasonable expectation of privacy when using an employer's computer to generate a document used in seeking advice from his attorney that would later be introduced into evidence at a trial for tortious interference with business relations arising from the client employee's departure from the employer's business to start a competing business and allowed the introduction of the document into evidence over an objection of attorney-client privilege.

I suspect that the use of Google Voice here doesn't violate a physician-patient privilege, but I think the physician might want to consult an attorney practicing in her state, her state's medical board, or the HR or legal departments at the hospitals where she has privileges to be sure. Unlike a landline telephone service, where users may expect that a subpoena must be issued to monitor the content (rather than the simple occurrence) of a call, a Google Voice user agrees to terms and conditions that allow Google to use any data (potentially including voice data from calls) to tailor advertisements to its users. That distinction might be enough to convince the right court that any privilege was waived, exposing the physician and perhaps any hospital associated with the waived communication to liability in an action by the patient.

And that right there could potentially be an issue, depending on who is calling whom & who uses the computer that was used for GV.

Post 9/11, I've assumed there is no more privacy.....

An attorney/doctor/creditor can't be held liable for their client/patient/debtor using an insecure form of communication. The original poster asked about a medical professional using a form of communication that raises privacy concerns. A medical professional could certainly be held liable in that scenario.

The question this person needs to ask is - would her patients be comfortable with the contents of their conversation sitting on Google servers for 3 years and being used to customize ads? Google says they store this information anonymously (i.e., don't know which account the info is tied to) but it still raises concerns in this type of situation. Heck, I have a gmail account and don't like searching for medical info on google because I don't want them knowing certain details about me (even if it's just to customize ads...)

No privacy period for any electronic communication via voice or data, ip,etc. Do your research you can even use Google. Qwest or Mountain Bell was about the only BOC(Bell Operating Company) that objected to unfettered access by our Government. You guys who talk about I must have security because I am doctor,attorney, etc make the "spook" tech people laugh at you That includes HIPPA and any Attorney Bar ethic rules security rules. Do a little research. Remember Carnivore Surveillance project by the FBI? Do you really think they shut it down? Or did they make way better^

My IT person who rides herd on security says that as long as you have a password/pin on your local devices, you are in compliance, including google voice. Nothing is 100% secure except maybe this one particular blackberry in DC.

Everyone must be worried about the loss of privacy of telephone records. But surprisingly, many, including some government agencies, don't seem to have any concerns at all.

"They" made some special ones not just Obama but a few other special people.

http://politicalhumor.about.com/od/f...ting-Obama.htm

There is no privacy at all, probably no one hear your conversation because they don't care but not because they can't

Ok, conspiracy theoriests please retreat.

Back to the OP's question...


Whether this meets the high bar HIPPA sets is - as was pointed out earlier - something s/he should ask an attorney about.

Known fact: VoIP services are not routinely secured (encrypted).

So anyone with access to the packet stream can listen it - whether it's right in the Dr's office or at some service provider's location. It's approximately equivalent to somebody clipping a lineman's buttset onto the jacks in the telco closet and listening it.

There is also a Federal law, CALEA, that requires phone-type companies to provide interception facilities to be used by law enforcement. So it is already technically possible that his/her HIPPA conversations are already intercepted.

Further your Doctor friend has no way of knowing whether I've forwarded my phone to some insecure service. So if s/he routinely uses the telephone for these type of calls, I don't think it's that much LESS secure, but I also don't think we should fool ourselves that it is all that secure.

Anyone knows how encrypted phone works?

Yes, this link might be helpful.

The medical person in question, after seeing some of these replies, has decided to stick with the landline. Thank you to everyone, conspiracy theorists and otherwise, who replied.

To me, the biggest red flag was the idea that private conversation topics might spill over into the targeted ads seen next to GMail. I could envision this scenario:

Doctor on phone to patient: Mrs. Jones, I'm afraid that the lab results show that you have mega-hemo-musculo-chromomatotic-angleitis.

The patient then opens her GMail account and sees ads like:Etc.

"Everyone"? I am certainly not bothered at all, as I have nothing to hide.

Lawyer talk
 

I believe having read a bunch of stuff on this that he has 5 or 6 people that he can communicate with on his Berry and that's it.

HIPPA paranoia is probably good
 

on the other hand, VPN with google voice might be ok.
http://bobthephoneguy.blogspot.com/2...-voip-vpn.html

The NIST guidelines are 4 years out of date.
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890048

And finally the HITECH provisions to HIPPA allow states AG to sue, and this type of suit is NOT covered by malpractice insurance, so the sky is the limit.
http://healthblawg.visibli.com/8d9f3...916%26A%3D3869

I personally doubt that Google monitors/records voice conversations. IANAL, but some states have "all party consent" rules (sometimes called eavesdropping or wiretapping laws) where all parties to a conversation must agree to information being recorded. Even if the GV user agrees to terms that allow monitoring, the person on the other end might not agree to those terms.

Many doctors don't give out confidential information over the phone at all.

It is kind of funny seeing all this concern over IT privacy while other forms of privacy aren't taken nearly as seriously but are probably more important (as one of the previous posters mentioned-documents face up in passenger seats of parked cars, "attorney eyes only" documents being read by attorneys on airplanes, etc...)

Also, just FYI it's HIPAA, not HIPPA ;)

I 2nd jetsfan92588's sentiments... IANAL, and while I am generally more paranoid than average when it comes to this stuff, I do think google would be making a big mistake if they were, in fact, recording conversations (as opposed to recording voicemail messages which are transcribed). Reason being those all-party consent laws in many states. Again, not talking about federal wiretapping, just private industry here.

Analog lines are really easy to tap with analog equipment, and I could be sitting outside your house or in your building's phone closet, or who knows where else.
VoIP type lines I'm sure have their own weaknesses as far as packet sniffing and reassembling, or even software intentionally recording calls. Both are insecure, have laws surrounding the issues, and could probably apply HIPAA standards for phone use to either if analog vs digital/voip isn't specified in the document.

The fact that the medical professional is concerned at all about GV privacy should be enough to clear them of any wrong doing "if" someone were to data-mine their conversations. The probability of this occurring with GV is slim to none, though that's a different story with voicemails. GV has a direct connection that isn't recorded when two people are talking, but is recorded and transcribed when a voicemail is left. So as long as the clients aren't leaving voicemails containing PT info on the dr's GV then they should be good.