June 11, 2008
What Could Possibly Go Wrong?
I was listening to Leo LaPorte's podcast the other day and he brought up Google Health on his show. I hadn't heard of it before and after listening to his description all I could think was...
"No! Bad idea!" (Leo agrees with that sentiment btw)
Then today I saw this article in the USA Today and once again I thought... REALLY BAD IDEA! Of course this means I had to blog about it. (UPDATE: no I won't link something I don't want you to use - it's easy enough to find it if you really want to)
So, what does Google Health do?
It's time to go through this point by point:
First of all, if you have a doctor - they have your records and they should be somewhat organized. Maybe they aren't, but there's nothing at all to keep you from putting something together on paper that you can carry with you to the doctor(s) if you need to (or finding a better doctor). And personally I don't want to carry a laptop to a doctor appointment. Oh yes, they have pc's in all offices now, but do you want to log in to a private web page on a computer you know nothing about??? If so, you deserve to lose all your information.
Secondly, your data will be on a web server, not hosted by you but hosted by a large company. You know nothing about the people who work there, nothing about the manner in which they handle the information entrusted to them, nothing about what they will do with it in the future. Why would you trust that what they say today will apply if the going gets tough. If Google ever has it's feet to the fire - information protection will be the first thing over the side. It happened in China - it's happened with other large Web hosts too. It can and will happen again.
Third if you need google to keep your doctors up to date, you are not paying attention to what type of care you are getting. You also are not communicating with your doctor - so stop right there... don't hit up google, hit up the local Community College for a course in communications - you obviously need it.
Last of all, how will they keep you informed about health care issues? From the Google Health Privacy Policy:
Basically what they are telling you is that they are going to scan your medical records and keep track of what links you click within Google Health. This is (of course) for advertising purposes, just think of all the lovely ads you'll have popping up at you. But it could also be misused by someone unscrupulous - just as the email scan they currently have in place could be misused.
Now, what assurance does Google give you that your information is safe? Is their site HIPAA (Health Insurance Portability and Accountability Act) compliant? No - of course it's not. If they claimed HIPAA compliance they could be in deep legal doo-doo with the first account break in.
No, they use the US Safe Harbor privacy principles. Now doesn't a department of commerce directive make you feel all warm and fuzzy about how your data is protected? I suppose I shouldn't point out that this leaves them plenty of wiggle room for whatever they want to disclose when they want to disclose it. (and it won't be to the US Government, Google has stood up to them staunchly - knowing all the time there would be no penalty for this... but watch out if it's Al Qaeda, or China, or some other not so nice bully) You will note that they say they "follow" this directive. Not that they MUST FOLLOW this directive. Huge huge difference - it's in those little technicalities folks. Really.
But the one hugely enormous elephant in the room that no one wants to acknowledge... all this private data is protected only by a username and password. Period. And that my dears should scare the crap out of you. Username and password are the least secure of any method of storing data. They don't even claim to encrypt the data!!! (encryption would mean they couldn't scan it to bring you all those lovely ads and to keep up on your current health status)
So those 2 little pieces of information are all that stand between your information and all the people on the internet who would just love to grab your life and wring it out. That's on the outside.
What stands in the way of an insider at Google grabbing the data? We don't know, we do know that if it's not encrypted - the ability is always there for the data to be taken or doctored. That's just the way computers work.
Considering the relative ease with which people have had their email accounts hacked, their ad accounts hacked, and whatever else google provides that's supposed to be private. I foresee many people losing their medical information to unscrupulous people - either in their own families (can you say divorce court), via something like a public wireless access point, a trojan horse keystroke logger embedded in that email you shouldn't have opened, etc, etc, etc.
In the end, it's all about convenience. I know there will be thousands, maybe millions, of people will think this is the best thing since sliced bread. They'll jump all over it and fill up their files. Then they'll get hacked and have their data stolen.
Wow how convenient.
No thanks, I'll take old fashioned, slow and tortuous paper and pen. I might have to wait a while longer for medical test results, but I'll rest easier. If you want to go for it and make your life conveniently hi-tech... don't say you weren't warned.
BTW - I could be like this about many things but choose not to - this however is scary enough to make me write a dissertation. My apologies on the length and if you read to the bottom - you earn a gold medal. Heh.
"No! Bad idea!" (Leo agrees with that sentiment btw)
Then today I saw this article in the USA Today and once again I thought... REALLY BAD IDEA! Of course this means I had to blog about it. (UPDATE: no I won't link something I don't want you to use - it's easy enough to find it if you really want to)
So, what does Google Health do?
- Organize your health information all in one place
- Gather your medical records from doctors, hospitals, and pharmacies
- Keep your doctors up-to-date about your health
- Be more informed about important health issues
It's time to go through this point by point:
First of all, if you have a doctor - they have your records and they should be somewhat organized. Maybe they aren't, but there's nothing at all to keep you from putting something together on paper that you can carry with you to the doctor(s) if you need to (or finding a better doctor). And personally I don't want to carry a laptop to a doctor appointment. Oh yes, they have pc's in all offices now, but do you want to log in to a private web page on a computer you know nothing about??? If so, you deserve to lose all your information.
Secondly, your data will be on a web server, not hosted by you but hosted by a large company. You know nothing about the people who work there, nothing about the manner in which they handle the information entrusted to them, nothing about what they will do with it in the future. Why would you trust that what they say today will apply if the going gets tough. If Google ever has it's feet to the fire - information protection will be the first thing over the side. It happened in China - it's happened with other large Web hosts too. It can and will happen again.
Third if you need google to keep your doctors up to date, you are not paying attention to what type of care you are getting. You also are not communicating with your doctor - so stop right there... don't hit up google, hit up the local Community College for a course in communications - you obviously need it.
Last of all, how will they keep you informed about health care issues? From the Google Health Privacy Policy:
- Google's servers automatically record log information about your use of Google Health (such as number of sign-ins and number of times a link was clicked). This information is temporarily stored in association with your Google Account for two weeks, at which point it is aggregated with other data and is no longer associated with your account. The log information will be used to operate and improve the service and will not be correlated with your use of other Google services.
- Google will use aggregate data to publish trend statistics and associations. For example, Google might publish trend data similar to what is published in Google Trends. None of this data can be used to personally identify an individual.
- Certain features of Google Health can be used in conjunction with other Google products, and those features may share information to provide a better user experience and to improve the quality of our services. For example, Google Health can help you save your doctors’ contact information into your Google Contact List.
Basically what they are telling you is that they are going to scan your medical records and keep track of what links you click within Google Health. This is (of course) for advertising purposes, just think of all the lovely ads you'll have popping up at you. But it could also be misused by someone unscrupulous - just as the email scan they currently have in place could be misused.
Now, what assurance does Google give you that your information is safe? Is their site HIPAA (Health Insurance Portability and Accountability Act) compliant? No - of course it's not. If they claimed HIPAA compliance they could be in deep legal doo-doo with the first account break in.
No, they use the US Safe Harbor privacy principles. Now doesn't a department of commerce directive make you feel all warm and fuzzy about how your data is protected? I suppose I shouldn't point out that this leaves them plenty of wiggle room for whatever they want to disclose when they want to disclose it. (and it won't be to the US Government, Google has stood up to them staunchly - knowing all the time there would be no penalty for this... but watch out if it's Al Qaeda, or China, or some other not so nice bully) You will note that they say they "follow" this directive. Not that they MUST FOLLOW this directive. Huge huge difference - it's in those little technicalities folks. Really.
But the one hugely enormous elephant in the room that no one wants to acknowledge... all this private data is protected only by a username and password. Period. And that my dears should scare the crap out of you. Username and password are the least secure of any method of storing data. They don't even claim to encrypt the data!!! (encryption would mean they couldn't scan it to bring you all those lovely ads and to keep up on your current health status)
So those 2 little pieces of information are all that stand between your information and all the people on the internet who would just love to grab your life and wring it out. That's on the outside.
What stands in the way of an insider at Google grabbing the data? We don't know, we do know that if it's not encrypted - the ability is always there for the data to be taken or doctored. That's just the way computers work.
Considering the relative ease with which people have had their email accounts hacked, their ad accounts hacked, and whatever else google provides that's supposed to be private. I foresee many people losing their medical information to unscrupulous people - either in their own families (can you say divorce court), via something like a public wireless access point, a trojan horse keystroke logger embedded in that email you shouldn't have opened, etc, etc, etc.
In the end, it's all about convenience. I know there will be thousands, maybe millions, of people will think this is the best thing since sliced bread. They'll jump all over it and fill up their files. Then they'll get hacked and have their data stolen.
Wow how convenient.
No thanks, I'll take old fashioned, slow and tortuous paper and pen. I might have to wait a while longer for medical test results, but I'll rest easier. If you want to go for it and make your life conveniently hi-tech... don't say you weren't warned.
BTW - I could be like this about many things but choose not to - this however is scary enough to make me write a dissertation. My apologies on the length and if you read to the bottom - you earn a gold medal. Heh.
Posted by: Teresa in
Medical
at
09:56 PM
| Comments (7)
| Add Comment
Post contains 1262 words, total size 8 kb.
1
Waiting for my gold medal. Anyone who relies on Google to organize their life (I just use Gmail + the Reader) is...nuts.
Posted by: Erica at June 12, 2008 05:18 AM (OQDyt)
2
Oh damn...now I have to go find one. I figured no one would actually read the silly thing. 
Posted by: Teresa at June 12, 2008 08:21 AM (mMa3+)
3
There is a guy, a former case worker, who just joined our Board at work- we were discussing this very topic. Putting all your info in one spot. Hackers, et al, yeah, not a good idea.
But you can't tell the masses that. Individuals are smart. Groups are dumb.
Posted by: Rave at June 12, 2008 08:38 AM (n62+a)
4
I'm with you; what an incredibly stupid move. I still don't trust Gmail, fer cripes sake... I sure wouldn't trust my medical records to that company.
Posted by: pam at June 12, 2008 10:18 AM (l6NIn)
5
Rave - some people value convenience over just about anything. If they have to make any effort at all or wait longer than 30 seconds it about kills them. They don't think about the larger picture.
Pam - you're right.
Pam - you're right.
Posted by: Teresa at June 12, 2008 10:41 AM (mMa3+)
6
Your point about if you need google to keep track of your doctors that means your not paying attention to your health
BINGO
It amazes me the number of people who just blindly do what there doctors tell them to do. Actually it just scares the bloody hell out of me.
One needs to be an active participate with their doctor, if there doctor doesn't like that then it's time to find a new doctor. I refuse to see a doctor that thinks they should be the only one participating in my health, have actually gotten up and walked out of a doctors office because they wouldn't listen.
Posted by: quality weenie at June 12, 2008 11:05 AM (uHRYR)
7
2 seperate points, thats why 2 seperate posts.
While I don't have a binder with my medical information in it (love and trust my doctor, don't need one at the moment) my puppers do.
I have (in a 3 ring binder) every copy of the reports I get from the vet when we bring them in. So if am emergency pops up I can grab the binder, the pupper and go. That way the ER vet has all their medical information at their finger tips.
Posted by: quality weenie at June 12, 2008 11:07 AM (uHRYR)
26kb generated in 0.039 seconds; 71 queries returned 153 records.
Powered by Minx 1.1.4-pink.
Powered by Minx 1.1.4-pink.
