Comments on: Google Health http://www.mckeay.net/2008/05/22/google-health/ The views of one man on security, privacy and anything else that catches his attention Sat, 20 Mar 2010 10:00:28 +0000 http://wordpress.org/?v=abc hourly 1 By: Dr Bonis http://www.mckeay.net/2008/05/22/google-health/comment-page-1/#comment-1997 Dr Bonis Tue, 27 May 2008 22:18:35 +0000 http://www.mckeay.net/2008/05/22/google-health/#comment-1997 Hi everyone, I am a family physician. As a doctor and biomedical informatics expert I am really concerned about the new privacy threats that Personal Health Records will put into the arena. There's no doubt (from my point of view as a Emergency Room doctor) that having access to your main diseases, treatments and some well selected medical information (but not ALL your medical information) can be useful for your healthcare. But are the privacy risks higher than the potential benefits? I like the quote of Eric S. Raymond when he says: "Often, the most striking and innovative solutions come from realizing that your concept of the problem was wrong." As a lover of hacking culture I try to apply this principle in my own area of knowledge (medicine and medical informatics). So I realized that the security of a system depends on two factors: the effort needed to breach the system and the potential value of the information inside the system. You can increase the "security" of your system by making harder to breach it or by decreasing the value of the information inside. So I decided to build the first TOTALLY ANONYMOUS Personal Health Record system. No email, no name, no identity needed to access to the service. Its name is keyose and can be found in: http://www.keyose.com/ Please take a look on it. Any comments will be of great value. Dr Julio Bonis Hi everyone,

I am a family physician. As a doctor and biomedical informatics expert I am really concerned about the new privacy threats that Personal Health Records will put into the arena.

There’s no doubt (from my point of view as a Emergency Room doctor) that having access to your main diseases, treatments and some well selected medical information (but not ALL your medical information) can be useful for your healthcare.

But are the privacy risks higher than the potential benefits?

I like the quote of Eric S. Raymond when he says: “Often, the most striking and innovative solutions come from realizing that your concept of the problem was wrong.”

As a lover of hacking culture I try to apply this principle in my own area of knowledge (medicine and medical informatics).

So I realized that the security of a system depends on two factors: the effort needed to breach the system and the potential value of the information inside the system.

You can increase the “security” of your system by making harder to breach it or by decreasing the value of the information inside.

So I decided to build the first TOTALLY ANONYMOUS Personal Health Record system. No email, no name, no identity needed to access to the service.

Its name is keyose and can be found in: http://www.keyose.com/

Please take a look on it. Any comments will be of great value.

Dr Julio Bonis

]]> By: Jim http://www.mckeay.net/2008/05/22/google-health/comment-page-1/#comment-1996 Jim Tue, 27 May 2008 15:51:56 +0000 http://www.mckeay.net/2008/05/22/google-health/#comment-1996 There are a couple of vectors here that I want to approach... 1) Anyone who feels that by putting their medical information in Google's hand is doing the right thing to help their doctors and medical professionals needs to have some additional medical help. 2) Google saying that they are outside of HIPAA and don't have to be judged by those standards is wrong. The underlying guidance of HIPAA (and PCI for that matter) is the protection of data (medical and/or financial) and as such that data should be handled in accordance with whatever guidelines are in place to protect it... and while I am sure that Google has every intention to ensure that this data is not misappropriated... they are after all a commercial enterprise with the end goal of making money for their shareholders and financiers and will continue to do that as much as they can. Just a couple of inital thoughts... There are a couple of vectors here that I want to approach…

1) Anyone who feels that by putting their medical information in Google’s hand is doing the right thing to help their doctors and medical professionals needs to have some additional medical help.

2) Google saying that they are outside of HIPAA and don’t have to be judged by those standards is wrong. The underlying guidance of HIPAA (and PCI for that matter) is the protection of data (medical and/or financial) and as such that data should be handled in accordance with whatever guidelines are in place to protect it… and while I am sure that Google has every intention to ensure that this data is not misappropriated… they are after all a commercial enterprise with the end goal of making money for their shareholders and financiers and will continue to do that as much as they can.

Just a couple of inital thoughts…

]]> By: Pierce http://www.mckeay.net/2008/05/22/google-health/comment-page-1/#comment-1993 Pierce Sun, 25 May 2008 09:09:27 +0000 http://www.mckeay.net/2008/05/22/google-health/#comment-1993 Wow, I have never heard of Google Health! Thanks for this post, I will look deep into this. Wow, I have never heard of Google Health! Thanks for this post, I will look deep into this.

]]>