Keyose Blog - Personal Health Records

One of my favourite PHR services (outside Keyose ) is patientslikeme.org. I logged in two months ago with a fake profile (remember: “I will never store my medical information in a online database that contains personal indentification” (and your email is one). After testing the tool, I have tried to remove my account and delete all that fake data. And know what? I have not found the way to do this!

My reflection after this incident is: “Your privacy is very important but also your right to remove your data”.

In Keyose you can remove your account easily by clicking on “Remove my record”. All your data will be removed from our database automatically.

We use to visit other personal health records. Sometimes you find good ideas. Sometimes you find bad ones. The last are probably the most useful. As a medical doctor I take special interest in the “privacy policy”of these services.

Today I found a PHR with this sentence in its “privacy policy” document:

We transfer information about you if “PHR Company, LLC”  is acquired by or merged with another company. In this event, “PHR Company, LLC” will notify you before information about you is transferred and becomes subject to a different privacy policy.

Notice that they say “notify” but not “ask for permission”.

So, what does it means?. It really means that your data could be transfered to a third party in case your original PHR is “acquired” by another company… maybe a company you work for…  Like in a mortage, you can be pretty sure about the current conditions but not so sure about the conditions 10 years later.

The BIG question here is: why all those new PHR companies are asking you to provide a name, ZIP code or email? Do they need those data to provide you a service? Or are they planning to monetize that information in the future?

 Confessors will not ask your name. Why do we?

As reported by the Washington Post a new case of stolen laptop has toke place.
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.
… “The shocking part here is we now have personally identifiable information — name and age — linked to clinical data,” said Leslie Harris…

Again and again… there is no 100% secure system. Privacy through anonymity was our leitmotif in keyose. And it will be.

As repoted in ksl.com Thousands of people are being cautioned to keep their eyes on their credit reports tonight. A laptop with names, Social Security numbers and personal health information was stolen from University Health Care in Salt Lake City.

In Keyose we know there is no 100% secure system. As a Doctor I understand that when talking about personal health information breaches a “one between a billion chance” is simply unacceptable.

For that reason, Keyose was designed to be a anonymous personal health record. A anonymous-non identifiable database in a stolen laptop would not be a privacy problem at all.