Google to Store Patient Health Data
News article here, covered on Slashdot here.
Google, with the cooperation of the Cleveland Clinic, is beginning a project to record medical history and other health-related data for patients. The stated goal is to provide patients with a way to access and manage their own health data, as well as to work towards a “more efficient and effective national health care system.”
While a common database of this information could indeed be useful for patients and healthcare providers, it raises some privacy and security issues.A person’s medical record is private information, and therefore should not be available to anyone. Google has stated that ensuring the privacy of the information in the database is a priority, but in any large system, security vulnerabilities are almost a certainty. Storing private information in more places creates a greater probability that the information will be compromised somehow. Google has already had occasional problems with the privacy of information in systems like GMail – will they be able to avoid similar mistakes in constructing their medical database?
In addition to the potential that Google’s database might be compromised by outside individuals, there is the question of whether a single company (Google) should have such unprecedented amounts of information pertaining to private individuals. Google’s profit comes mainly from advertising, and such a tremendous amount of personal information gives them great power over consumers and advertisers alike.
The patients in this trial are volunteers, but considering today’s trends towards more and more central storage of personal data and Google’s own goal of managing the world’s information, it may only be a matter of time before entry into this or a similar system is standard practice.
Comment by davidjsh
February 25, 2008 @ 11:04 pm
One thing that I find interesting is that the article states that “Google views its expansion into health records management as a logical extension because its search engine already processes millions of requests from people trying to find about more information about an injury, illness or recommended treatment.” Thus it’s not really about the ease of passing information from one clinic to the next with the patient but rather furthering the customization of your search. With the customized searches come the customized ads. Unless the option is given to exclude your medical data from the customization of search results, this could cause some people problems as it may indirectly reveal information about their medical history.
The other question that I have is the following: who is authorized to manipulate the information? Typically, I don’t really get access to my medical records. It is the doctor who makes changes to them and verifies their authenticity. Yet if the records are stored online, am I now placed in charge of them, in order that I may authorize whatever clinic that I visit? If so, then I will definitely be getting some benefits from that disability status I have suddenly acquired! David’s clinic certified my condition, so it’s legitimate. On the other hand, if authorization need not pass through me, then how can I verify that rouge employees at random clinics won’t modify my records without my consent. I guess that I had better make sure that I’m on best behavior for every visit!
Comment by Slava Chernyak
February 26, 2008 @ 12:27 am
Of course such a system if implemented naively is extremely volatile for all of the reasons already mentioned. However, there are some simple steps that can be taken, similar to what is done in some banks’ lock boxes. If the medical information is encrypted using a public-key scheme, then the data can be added to Google’s repository of patient info by any health care provider, but only be readable by the patient since the patient is the only one with a private key. Thus google has no potentially dangerous knowledge to lose or exploit.
Comment by dschen
March 2, 2008 @ 11:42 pm
While it is a little sketchy that google is going to make the records available to the patients, securing the patients medical data is much better achieved via electronic medical records. There are many companies that supply electronic medical records to health care providers now, which don’t really have any major problems. In my opinion, paper records are much less secure, someone just needs to break into an office and take the folder with your name on it. With EMRs the data is likely encrypted and stored in a secure data facility which is likely better protected than a doctor’s office.
Comment by Acai Fruit Berry
March 19, 2008 @ 2:28 pm
I think Google should not have the right to store any patient’s medical record online where it is very vulnerable to theft.
Comment by doctor alex
April 1, 2008 @ 11:17 am
However, there are some simple steps that can be taken, similar to what is done in some banks’ lock boxes. If the medical information is encrypted using a public-key scheme, then the data can be added to Google’s repository of patient info by any health care provider, but only be readable by the patient since the patient is the only one with a private key. Thus google has no potentially dangerous knowledge to lose or exploit.
Comment by ericman1080
May 9, 2008 @ 7:47 am
In addition to the potential that Google’s database might be compromised by outside individuals, there is the question of whether a single company (Google) should have such unprecedented amounts of information pertaining to private individuals.
———
this is true, i know a guy that his record got out cause of google crap. they have breach in security.
Comment by Symptoms Search
June 26, 2008 @ 5:54 pm
The recent comments are correct, Google has too many security problems as will any system if they start recording patient information.