Keyose Blog - Personal Health Records

Even the banking electronic systems, argued to be the most secure ones and used as an example of people’s trust, are not 100% secure. As can be read in New York Times: Federal prosecutors have charged 11 people with stealing more than 41 million credit and debit card numbers, cracking what officials said on Tuesday appeared to be the largest hacking and identity theft ring ever exposed. What is the value of your personal health information? Just think about…

A interesting research of the Connecting for Health Initiative reveals that there is a great interest in Personal Health Records as Keyose. However, privacy is the main concern (obviously) and prevents people from using these kind of services despite their potential benefits.

- Four in 5 U.S. adults believe that online PHRs would be beneficial in managing their health and health care.
- Nearly half the public expresses some interest in using one.
- Yet less than 3 percent of the general adult population has an electronic PHR today.
- Among those not interested, concern for privacy is the most frequently cited reason why.

As a family doctor privacy is also my main concern. And that is the main goal of Keyose.com: protecting the patient’s privacy by providing a totally anonymous personal health record system!

An interesting post in The Health Care Blog:

And while Google trotted out some great enterprise partners last week for its announcement, I didn’t hear any consumer voices or testimonials on how Google Health will fulfill an unmet need. To me, PHRs and electronic medical records remain an industry-driven vision, not a consumer-driven one — focused on efficiency and reducing costs. It seems we’ve lost sight of whether the consumer really desires and is willing to participate in these services. What are the circumstances for using a PHR and do the benefits outweigh the perceived risks?

Currently the PHRs are answering the IT and health-care industries questions. Will the patients start to ask their own questions? That is Web 2.0 all about!

One of my favourite PHR services (outside Keyose ) is patientslikeme.org. I logged in two months ago with a fake profile (remember: “I will never store my medical information in a online database that contains personal indentification” (and your email is one). After testing the tool, I have tried to remove my account and delete all that fake data. And know what? I have not found the way to do this!

My reflection after this incident is: “Your privacy is very important but also your right to remove your data”.

In Keyose you can remove your account easily by clicking on “Remove my record”. All your data will be removed from our database automatically.

Any activity or service needs funding to keep running. Personal Health Records are not exception. The question here is who will pay for my PHR. The answer is you.

You could pay in three different ways: by paying directly to the PHR service you choose, by paying someone who will decide which PHR you will have access to and also by paying with your health data (very valuable data from a marketing perspective).

The last one is seem by some people as the perfect solution. You do not need money to access to the service. But you have to be conscious that you are paying in fact. You pay with your health data. If you do not care  third parties having access to your personal data and trading with it (now or in the future) this is a good solution for you.

The second limits your consumer freedom, as someone else (your insurance or your government) will make the decision for you. Of course you are paying the sevice with your money or taxes. But will be a PHR not direclty chose by you. If you do not like the service, you cannot change to other PHR easily. This drives to a monopolistic marketplace where innovation is restrained.

The first is the most common for other services in our societies. You select the service more convenient for you and you pay for it.

In the next month Keyose will release a new version of our PHR service. New functionalities will be available for free and others (extra ones) will be available for premium users. By this “freemium” model we hope to be self-sustainable. Our vision is to be a anonymous personal health record.Our compromise is to provide a PHR where nobody trades with your health data.

Keep alert, the official release is coming soon!

We use to visit other personal health records. Sometimes you find good ideas. Sometimes you find bad ones. The last are probably the most useful. As a medical doctor I take special interest in the “privacy policy”of these services.

Today I found a PHR with this sentence in its “privacy policy” document:

We transfer information about you if “PHR Company, LLC”  is acquired by or merged with another company. In this event, “PHR Company, LLC” will notify you before information about you is transferred and becomes subject to a different privacy policy.

Notice that they say “notify” but not “ask for permission”.

So, what does it means?. It really means that your data could be transfered to a third party in case your original PHR is “acquired” by another company… maybe a company you work for…  Like in a mortage, you can be pretty sure about the current conditions but not so sure about the conditions 10 years later.

The BIG question here is: why all those new PHR companies are asking you to provide a name, ZIP code or email? Do they need those data to provide you a service? Or are they planning to monetize that information in the future?

 Confessors will not ask your name. Why do we?

Although privacy concerns are not still solved in the Personal Health Record universe the big ones of the IT industry are planning the next step: Personal Genome Projects.
The funded by google company 23andme offers the first Personal Genome Service online.
The idea is simple and apparently useful: you order a kit that is mailed to your home. You spit on a tube and send back the kit to the laboratory by mail.
Then you can access to the genomic code of that spit. That includes information about your genetic diseases, risk of having cancer, diabetes or multiple sclerosis.

Sounds great… right?

But wait a minute. What if a unauthorized person get access to the 23andme database? He will have a lot of information about many people. Ok, they can use strong encrypting algorithms but we know there is no 100% secure system. Maybe providing a anonymous service as Keyose this problem could be nearly totally prevented.

But this is not the only problem. Not at all!. What if I just take some of the spit of my new partner or my employee and send it to 23andme pretending to by my own spit? Then I could access to the genomic information of a third person without his/her permission. That sounds not really funny!

Maybe a enthusiastic biologist cannot foresee these kind of issues but for an active family physician like me the personal genomic information is not so “cool”. Some information stored online could be useful for healthcare. But more information than needed starts to become more dangerous than beneficial.

As reported in the spaniard newspaper El País, “Downloading music or movies from the job’s computer through a P2P software can have terrible and unexpected effects, produced by someone that could only want to get in its MP3 a song from David Bisbal [popular singer in Spain]. This kind of error has produced that 11.300 clinical records, 4.000 related with abortions, were exposed to any internet user. The computer illiteracy of a gynecological clinic’ worker could be the reason to allow the access to these files by eMule (the most popular peer to peer software), and so on giving access to the data stored in a folder of the hard disk to millions of people. It is not known who was guilty, or the reasons of the breach, but the Spaniard Data Protection Agency (AEPD) has sanctioned the Lasaitasuna clinical center in Bilbao with 150.000 euros.”
What could be the consequences of this kind of breach in a totally anonymous clinical records database?

The most important professional medical journal in the world (New England Journal of Medicine) talks about Personal Health Records in its last number.

Most physicians in the United States have paper medical records — the sort that doctors have kept for generations. A minority have electronic records that provide, at a minimum, tools for writing progress notes and prescriptions, ordering laboratory and imaging tests, and viewing test results (see line graph).¹ Yet electronic health data are poised for an online transformation that is being catalyzed by Dossia (a nonprofit consortium of major employers), Google Health, Microsoft HealthVault, and other Web services [as Keyose] that are seeking expanded roles in the $2.1 trillion U.S. health care system.

There are several concerns about privacy not only within patients but also within doctors. Keyose is the only anonymous Personal Health Record. Not only for USA, but for the worldwide (spanish and catalan versions available, and italian and german versions on development).

One of the founders of Keyose was interviewed by MarketIntellNow. Here is the transcription of the interview.

(more…)