Future Now
The IFTF Blog
Google Health and Trust
Yesterday, I wrote about Google's likely foray into creating personal health records (PHRs). In his December 2006 speech, Google veep Adam Bosworth described one possible solution--a personal health URL . . .
. . . an online meeting place where [people's] caregivers -- with express permission from the ill person -- can come together, pass on notes to each other, review each other's notes, look at the medical data, and suggest courses of action.
Bosworth has not spent a lot of time addressing how Google Health will deal with security and privacy issues when it comes to PHRs (which he more recently has taken to calling PHWs--personal health and wellness data), but he has had a few things to say.
In a recent speech to the American Medical Association of Informatics, he commented on Google's experience with authentication and trust. Google's solution is known as Account Authentication Proxy for Web-Based Applications, or Auth/Sub. (For more information, see code.google.com/apis/accounts/AuthForWebApps.html.)
It is Google's vision that . . . [its] safe systems for trust and authentication and controlled access will dovetail with the consumer needs for discovery about everything in their health arena.
Sounds good, but will Google protect us from itself? As some critics have pointed out, Google may have a conflict of interest when it stores your PHW.
For fun, let's suppose that Google did store your health info. Let's also say you have high blood pressure. Finally, let's say that a company like Lipitor has an AdWords account. In a scenario like this, there's a very significant conflict and possibly even HIPAA violations as visible hints of your medical condition (in the form of Lipitor text ads) are now following you around the Internet.
See "Why Google will never store your personal health information".
Earlier this month, London-based Privacy International issued a report on the privacy practices of 23 major Internet companies. Google's privacy practices are the worst among the Internet's top destinations, according to the watchdog group, which is seeking to intensify the recent focus on how the online search leader handles personal information about its users. Google was assigned the lowest possible grade. The category is reserved for companies with "comprehensive consumer surveillance and entrenched hostility to privacy."
Google is constantly mining information that it stores. Try using a few key words in your gmail account and watch as related ads start popping up. Who's to say Google won't mine our personal health URLs? Only Google know the answer to that question. I am curious to find out.