Slashdot Mirror
Google to Begin Storing Patients' Health Records
mytrip writes with news that Google's health record archive is about to be tested with the assistance of the Cleveland Clinic. Thousands of patients (who must approve the transfer of information) will have access to everything from their medical histories to lab results through what Google considers a "logical extension" of their search engine. We discussed the planning of this system last year.
"Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that's also required to use other Google services such as e-mail and personalized search tools. The health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions. Prodded by the criticism, Google last year introduced a new system that purges people's search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department's demand to examine millions of its users' search requests in a court battle two years ago."
Sorry to hear about your problem; even more sorry to hear that it's on the record.
The CB App. What's your 20?
It's Cleveland Clinic, and it's pretty much in every major city. So there are more people affected then just in Cleveland.
When your email is parsed for relavent ads, many just let that go.
But when you associate my email, calendar, documents, health info and who knows what's next, I start to wonder if that might not be too many eggs in one basket?
And if you are like me, your handle/username/login is the same across many sites.
...with the same password that you use to log in to gMail, Google Pages, your Google home page and virtually every other service they offer? Come on. It isn't like Google mandates passwords of any particular strength, or that accounts haven't been hijacked through one means or another.
Cleveland Clinic is one of the top healthcare institutions in the US and the world. Calling it "a clinic in Cleveland" is like calling the New York Times web site "some guy's blog"...
my former employer offered us the option to buy into an online health records system. the selling points were that we could easily be sure that any doctor we saw could have instant access to all of our history, and we could review treatments and billing records.
I chose not to participate, because the provider was new and unknown to me. I don't think I would want to use Google, because they ARE known to me.
I'll just keep asking for copies of records when I visit a doctor, and keep them in my filing cabinet.
There is more to it than that. Recently (thanks to the immigration process) I was in the unexpected position of trying to find my immunization records which are now scattered among several states, doctors, and the military. If you think gathering that information was either fun or easy, you are wrong. Having this information to hand would have been a REAL time and money saver.
The trouble is that I don't want anyone else to have it. We have technology that can go anywhere with us. You can carry a key fob that will hold it all etc. More to the point, you can carry a key fob with better security than a password with you to access, and allow access for updates by those of your choosing.
Yes, Google will make it convenient, but we need to do more about the security of it both in access to it, and what happens to it while stored somewhere other than in our homes. The mobile devices that we carry around, ordinary telephones, and other simple items make 2 part authentication easy (well easier) than you think. We should be using them.
Additionally, we already have rules about sharing health-care information. Lets use those laws, not make more, to ensure the integrity of that privacy.
Anyone here who thinks that their privacy is safe because their health care information is not yet stored by Google is completely mistaken. It's very easy to get your health care information from the current system through human error, and social engineering.
Support NYCountryLawyer RIAA vs People
Can I log in and see everything myself? And can I see the list of everyone who ever accessed my records? If not, it's no good.
Give people their medical records. Digitally signed by the docs that made them so they're authentic if the medical system must. If people would like to store them at Google or host them anywhere else, great. Make a standard for appending and signing that makes some kind of sense, but that is general and will work with any storage system. How is sheets of paper being faxed/mailed between docs the best possible standard? The whole system is jive, adding storing it with Google might make it slightly less jive, actually fixing it would, well, fix it. The whole system is so antiquated it make POTS look like a good standard for sending audio, but so ingrained and unquestioned that it's just there.
You know, it's a real pity that there is no competent organization that can offer this that's in theory not motivated by profits and has the resources, like say... the US government. Everything aside, this kind of information is something that should be likely held by the government, if only people trusted this to not expand into a serious invasion of their privacy. It's a pity that the one organization that's supposed to regulate everything and hold such information (if anyone beyond yourself is) is considered too untrustworthy to do so.
I suppose it all comes back to things being run by human nature, and sooner or later you'll have to make a deal with the devil and give him his due; increased convince (eventually to the point that it will be impossible to function without it) for a decreased amount of privacy. In theory your SSN is only related to taxes; in practice you can't get through life easily without giving it to every Tom, Dick, and Harry.
Security by obscurity might be the only measure of protection we have, but that's not terribly comforting when someone *thinks* you did something wrong, or when someone *gets* your data (though google seems much better at protecting data than most banks and governments).
On the plus side it might be nice to see spam for drugs that you can actually use, compared to everyone getting offers to increase penis size with drugs to keep it up for hours.
I am not an expert. If I am misled in something, please correct me.
This is a very big step up from what you now have. I worked for some time in the client-server programming department of a health care organization with 20,000+ employees, on projects ranging from inventory management to patient records to corporate salaries. This company did much better than most, and I can tell you that your privacy is not terribly secure.
When you're dealing with a situation which requires thousands of people (doctors and nurses) immediate access to your records, from anywhere in the organization (spannint numerous states), even if you ruled out network security, system security, etc., the possibilities for social engineering are absolutely ENORMOUS. And more than that, with that many employees, it's simply a given that some of them will misuse their power. Just within my friends who work for the company, I know of a very good number of times when information of others was accessed, used, or disseminated for personal use or amusement. Never anything nefarious, but still, not only unethical, but against the law as well.
Google has a much better idea of how to warehouse data, manage access to it, and audit usage and access than any of the individual health care companies out there. They may not be perfect, but they'll probably do a whole lot better than what we/you have now.
Oh, you're not stuck, you're just unable to let go of the onion rings.
That was just an example of why it would be useful. There are many things that fall under health care that people don't want anyone to know about:
Abortion
Substance abuse
Domestic violence counseling
Prescriptions for drugs associated with a disease that has a bad stigma
And those are just a few examples of what people would want protected. I'm pretty sure that you would not want people to know that you are seeing a doctor about impotence? right? Perhaps you don't really want people to know that you are color blind or deaf in one ear. Maybe you are embarrassed if people know you have herpes.
Perhaps you don't want people finding out that your kids have been treated for sexual abuse (the record probably won't say it wasn't you that committed the abuse).
There are way more things that you don't want people to know than things you do. Hardly anyone goes to the doctor for something good.
But, if you want to tell the world that you have warts on your 1 inch penis, go ahead... we won't stop you.
Support NYCountryLawyer RIAA vs People
He's getting rather old, but he's a good mouse.
I was in the unexpected position of trying to find my immunization records which are now scattered among several states, doctors, and the military. If you think gathering that information was either fun or easy, you are wrong. Having this information to hand would have been a REAL time and money saver.
Meanwhile, we in stone-age Europe usually receive little booklets at our birth and whenever a doctor immunizes us, he enters a stamp plus some info there. Same as with voting machines, really: not everything is in need for a fragile high-tech solution.
"When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
Fortunately, this sort of activity could become illegal in the United States.(PIPEDA [privcom.gov]), so I for one won't ever have to welcome your google overlords.
Ah, quant, you have lost you perspective all because I called you out on one of your statements a couple of weeks ago. I thought you were above insults as well as being an asshole. I guess I was wrong. BTW, I am working late because I have a project due and am beat, so the English is not quite as nice. But this is /., not an English class.
Many of the Health data systems are built on Windows and built poorly. The security that everybody thinks is there, really is not. 25-15 years ago, I worked at various medical facilities including Metpath/corning, BlueCross/Blueshield (just at time of going private), and IBM/Kaiser (worked on the system that was in there for over a decade). I am aware of a at least a few of the systems that currently exists. From talking to a few others that still work in the industry, I know that security STILL is not taken as serious as it should be. Hippa has made changes, but from what I understand more of trying to control who sees what, and not as much on the computer. The health system is NOT just your patient info. Most of the systems contain your insurance and ultimately has loads of information on your checking and/or CC (assuming that you are not visiting a money only doc). All somebody has to do is hack these systems to obtain information. They then build up a DB and use it to attack in one clean shot, or chose the option of quietly and methodically taking the money.
I prefer the "u" in honour as it seems to be missing these days.
It it didn't scan your email, how would it check for viruses, or even allow you to search your email, so clearly it does. Your problem might be that Google then uses that scan to provide the before mentioned services, as well as targetted advertising, which consists of nothing more than picking out keywords.
Are these records going to be freely available? One has to wonder regardlessly if employers might use it as a basis for hiring an employee. Maybe I'm paranoid, but this was really my first thought, and Its not to far from the present anyway. Employers use peoples' facebooks and myspaces as a guideline right now.