Keyose Blog - Personal Health Records

As a physicians led project, in Keyose our main compromise is with the confidentiality of your data.  We must follow the Geneve declaration of the World Medical Association that says: “I will respect the secrets that are confided in me, even after the patient has died.”

Although some capital venture has suggested us to monetize the information we store in our database (by selling aggregated data to third parties, as other PHR projects are probably planning to do) we have rejected that possibility, as incompatible with our total commitment with patients (we like to say patients and not just users).

We have updated our Privacy policy to state clearly our position:

Keyose will never provide third parties with any data, individualized or aggregated without the consent of each individual user. Each potential data transfer to third parties will require a new informed consent signature.

In the future Keyose could generate aggregated statistics based in data provided by users that had signed a specific informed consent. This statistics could be useful to allow Keyose users to compare their clinical advances with the rest of users. Also, this aggregated statistics could be provided to the general public and biomedical researchers for public interest, again after the sign of a specific informed consent for that purpose. However Keyose will never charge for or monetize these aggregated statistics.

One of my favourite PHR services (outside Keyose ) is patientslikeme.org. I logged in two months ago with a fake profile (remember: “I will never store my medical information in a online database that contains personal indentification” (and your email is one). After testing the tool, I have tried to remove my account and delete all that fake data. And know what? I have not found the way to do this!

My reflection after this incident is: “Your privacy is very important but also your right to remove your data”.

In Keyose you can remove your account easily by clicking on “Remove my record”. All your data will be removed from our database automatically.

We use to visit other personal health records. Sometimes you find good ideas. Sometimes you find bad ones. The last are probably the most useful. As a medical doctor I take special interest in the “privacy policy”of these services.

Today I found a PHR with this sentence in its “privacy policy” document:

We transfer information about you if “PHR Company, LLC”  is acquired by or merged with another company. In this event, “PHR Company, LLC” will notify you before information about you is transferred and becomes subject to a different privacy policy.

Notice that they say “notify” but not “ask for permission”.

So, what does it means?. It really means that your data could be transfered to a third party in case your original PHR is “acquired” by another company… maybe a company you work for…  Like in a mortage, you can be pretty sure about the current conditions but not so sure about the conditions 10 years later.

The BIG question here is: why all those new PHR companies are asking you to provide a name, ZIP code or email? Do they need those data to provide you a service? Or are they planning to monetize that information in the future?

 Confessors will not ask your name. Why do we?

As reported by the Washington Post a new case of stolen laptop has toke place.
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.
… “The shocking part here is we now have personally identifiable information — name and age — linked to clinical data,” said Leslie Harris…

Again and again… there is no 100% secure system. Privacy through anonymity was our leitmotif in keyose. And it will be.

As repoted in ksl.com Thousands of people are being cautioned to keep their eyes on their credit reports tonight. A laptop with names, Social Security numbers and personal health information was stolen from University Health Care in Salt Lake City.

In Keyose we know there is no 100% secure system. As a Doctor I understand that when talking about personal health information breaches a “one between a billion chance” is simply unacceptable.

For that reason, Keyose was designed to be a anonymous personal health record. A anonymous-non identifiable database in a stolen laptop would not be a privacy problem at all.

I am a medical doctor. I see patients every day. Including the Emergency Room where I work.

Because of that, I deeply understand, not only theoretically but as part of my daily experience that patient-physician relationship is the key for the quality of health-care.

A patient must trust his doctor. If there is no confidence, we lost a lot (patients and docs).

Saying that, privacy of data becomes a real importante issue. A patient that talks about his sexual activities, extramatrimonial affairs, fears, weakness, mental health… should be sure that the doctor will not reveal that information to third parties.

During thousands years physician have follow this hippocrates oath sencente: What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.

So at the moment I designed the keyose service, I have a very clear idea: privacy must be the priority number one!

Storing thousands of personal health records electronically has a big risk. What if someone unauthorized (a cracker for instance) access to the database? No matter how much money or effort you invest in the security of a system. There is no 100% secure system in the world. And the health information of thousand of people is very attractive to so many people (government, insurers, bank, private companies, criminals devoted to extortion…).

There are many companies entering the business of eHealth. Google Health, Microsoft HealthVault are just the two most known examples. As a medical doctor I am really concerned about the privacy of data. 90% of UK physicians and German doctors think like me.

Keyose was designed in such a way that no personal information is stored. We do not need your name, email or identity. And more importantly: We do not want it.

I would never put my personal, my patients or my relatives health information in a online database that contains the identity of the patients. You can trust me!

Dr. Julio Bonis