Keyose Blog - Personal Health Records

Any activity or service needs funding to keep running. Personal Health Records are not exception. The question here is who will pay for my PHR. The answer is you.

You could pay in three different ways: by paying directly to the PHR service you choose, by paying someone who will decide which PHR you will have access to and also by paying with your health data (very valuable data from a marketing perspective).

The last one is seem by some people as the perfect solution. You do not need money to access to the service. But you have to be conscious that you are paying in fact. You pay with your health data. If you do not care  third parties having access to your personal data and trading with it (now or in the future) this is a good solution for you.

The second limits your consumer freedom, as someone else (your insurance or your government) will make the decision for you. Of course you are paying the sevice with your money or taxes. But will be a PHR not direclty chose by you. If you do not like the service, you cannot change to other PHR easily. This drives to a monopolistic marketplace where innovation is restrained.

The first is the most common for other services in our societies. You select the service more convenient for you and you pay for it.

In the next month Keyose will release a new version of our PHR service. New functionalities will be available for free and others (extra ones) will be available for premium users. By this “freemium” model we hope to be self-sustainable. Our vision is to be a anonymous personal health record.Our compromise is to provide a PHR where nobody trades with your health data.

Keep alert, the official release is coming soon!

We use to visit other personal health records. Sometimes you find good ideas. Sometimes you find bad ones. The last are probably the most useful. As a medical doctor I take special interest in the “privacy policy”of these services.

Today I found a PHR with this sentence in its “privacy policy” document:

We transfer information about you if “PHR Company, LLC”  is acquired by or merged with another company. In this event, “PHR Company, LLC” will notify you before information about you is transferred and becomes subject to a different privacy policy.

Notice that they say “notify” but not “ask for permission”.

So, what does it means?. It really means that your data could be transfered to a third party in case your original PHR is “acquired” by another company… maybe a company you work for…  Like in a mortage, you can be pretty sure about the current conditions but not so sure about the conditions 10 years later.

The BIG question here is: why all those new PHR companies are asking you to provide a name, ZIP code or email? Do they need those data to provide you a service? Or are they planning to monetize that information in the future?

 Confessors will not ask your name. Why do we?

Although privacy concerns are not still solved in the Personal Health Record universe the big ones of the IT industry are planning the next step: Personal Genome Projects.
The funded by google company 23andme offers the first Personal Genome Service online.
The idea is simple and apparently useful: you order a kit that is mailed to your home. You spit on a tube and send back the kit to the laboratory by mail.
Then you can access to the genomic code of that spit. That includes information about your genetic diseases, risk of having cancer, diabetes or multiple sclerosis.

Sounds great… right?

But wait a minute. What if a unauthorized person get access to the 23andme database? He will have a lot of information about many people. Ok, they can use strong encrypting algorithms but we know there is no 100% secure system. Maybe providing a anonymous service as Keyose this problem could be nearly totally prevented.

But this is not the only problem. Not at all!. What if I just take some of the spit of my new partner or my employee and send it to 23andme pretending to by my own spit? Then I could access to the genomic information of a third person without his/her permission. That sounds not really funny!

Maybe a enthusiastic biologist cannot foresee these kind of issues but for an active family physician like me the personal genomic information is not so “cool”. Some information stored online could be useful for healthcare. But more information than needed starts to become more dangerous than beneficial.

As reported in the spaniard newspaper El País, “Downloading music or movies from the job’s computer through a P2P software can have terrible and unexpected effects, produced by someone that could only want to get in its MP3 a song from David Bisbal [popular singer in Spain]. This kind of error has produced that 11.300 clinical records, 4.000 related with abortions, were exposed to any internet user. The computer illiteracy of a gynecological clinic’ worker could be the reason to allow the access to these files by eMule (the most popular peer to peer software), and so on giving access to the data stored in a folder of the hard disk to millions of people. It is not known who was guilty, or the reasons of the breach, but the Spaniard Data Protection Agency (AEPD) has sanctioned the Lasaitasuna clinical center in Bilbao with 150.000 euros.”
What could be the consequences of this kind of breach in a totally anonymous clinical records database?

The most important professional medical journal in the world (New England Journal of Medicine) talks about Personal Health Records in its last number.

Most physicians in the United States have paper medical records — the sort that doctors have kept for generations. A minority have electronic records that provide, at a minimum, tools for writing progress notes and prescriptions, ordering laboratory and imaging tests, and viewing test results (see line graph).¹ Yet electronic health data are poised for an online transformation that is being catalyzed by Dossia (a nonprofit consortium of major employers), Google Health, Microsoft HealthVault, and other Web services [as Keyose] that are seeking expanded roles in the $2.1 trillion U.S. health care system.

There are several concerns about privacy not only within patients but also within doctors. Keyose is the only anonymous Personal Health Record. Not only for USA, but for the worldwide (spanish and catalan versions available, and italian and german versions on development).

A medical doctor from the south of Spain has had a good idea: to access the Keyose personal health record with a iPhone (or other mobile devices). The simple design of Keyose makes this mobile access easy and convenient. With Keyose your doctors or paramedics can access your medical information no matter where you are.

One of the founders of Keyose was interviewed by MarketIntellNow. Here is the transcription of the interview.

More…

Most people trust in the privacy of the medical records stored by the hospital. But as Britney Spears and Farrah Fawcett have learnt there is no 100% secure system even within your trusted hospital.

The med center fired more than a dozen employees and disciplined others, including six physicians, for unauthorized looks at Britney Spears’s medical records, the Los Angeles Times reported last month. Today, the paper reports a similar breach of privacy for Farrah Fawcett.

The Anonymous Personal Health Record could be a interesting tool for celebrities and for people with mental disorders.

As you can read in Keyose’s FAQ: Think about your health record at the hospital. You have no control over who accesses your data. It can be seen by doctors, nurses or clerks. Keyose offers you a better control over your health data; you can rest assured about that.

As reported by the Washington Post a new case of stolen laptop has toke place.
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.
… “The shocking part here is we now have personally identifiable information — name and age — linked to clinical data,” said Leslie Harris…

Again and again… there is no 100% secure system. Privacy through anonymity was our leitmotif in keyose. And it will be.

As repoted in ksl.com Thousands of people are being cautioned to keep their eyes on their credit reports tonight. A laptop with names, Social Security numbers and personal health information was stolen from University Health Care in Salt Lake City.

In Keyose we know there is no 100% secure system. As a Doctor I understand that when talking about personal health information breaches a “one between a billion chance” is simply unacceptable.

For that reason, Keyose was designed to be a anonymous personal health record. A anonymous-non identifiable database in a stolen laptop would not be a privacy problem at all.