Keyose Blog - Personal Health Records

As reported in the spaniard newspaper El País, “Downloading music or movies from the job’s computer through a P2P software can have terrible and unexpected effects, produced by someone that could only want to get in its MP3 a song from David Bisbal [popular singer in Spain]. This kind of error has produced that 11.300 clinical records, 4.000 related with abortions, were exposed to any internet user. The computer illiteracy of a gynecological clinic’ worker could be the reason to allow the access to these files by eMule (the most popular peer to peer software), and so on giving access to the data stored in a folder of the hard disk to millions of people. It is not known who was guilty, or the reasons of the breach, but the Spaniard Data Protection Agency (AEPD) has sanctioned the Lasaitasuna clinical center in Bilbao with 150.000 euros.”
What could be the consequences of this kind of breach in a totally anonymous clinical records database?

Most people trust in the privacy of the medical records stored by the hospital. But as Britney Spears and Farrah Fawcett have learnt there is no 100% secure system even within your trusted hospital.

The med center fired more than a dozen employees and disciplined others, including six physicians, for unauthorized looks at Britney Spears’s medical records, the Los Angeles Times reported last month. Today, the paper reports a similar breach of privacy for Farrah Fawcett.

The Anonymous Personal Health Record could be a interesting tool for celebrities and for people with mental disorders.

As you can read in Keyose’s FAQ: Think about your health record at the hospital. You have no control over who accesses your data. It can be seen by doctors, nurses or clerks. Keyose offers you a better control over your health data; you can rest assured about that.

I read an interesting post from Gunther Eysenbach (a widely recognized academic on medical informatics) where he reminds his concerns about privacy and the presence of google ads in a online Personal Health Record.

“I see one particular privacy threat which I haven’t seen discussed anywhere. The privacy threat is created whenever a personal health record (or any other sort of dynamic, private information) is combined with Google Ads, because Google Ads are created by third parties, and Google Ads are keyword/context triggered. Any combination of Google Ads with any sort of personal health information spells a privacy disaster.
Why? Imagine I am a bad guy who wants to compile a database of people with the condition “Amyotrophic Lateral Sclerosis”. It is now a matter of five minutes to set up an ad at Google AdWords which is triggered by the keyword “Amyotrophic Lateral Sclerosis”. Google AdWords also lets me define a target site, so I could define health.google.com or any other online PHR site such as myPHRsite.com as the sole target site where the ad (context-triggered) should appear. Now, whenever a user on that site would review his personal health record with integrated Google Ads, my ad would be triggered only if the word “Amyotrophic Lateral Sclerosis” shows up in my record. The consumer of course does not know this and if the ad is something innocuous such as “Click here to receive a free gift basket” he might click on the ad and - bingo - all I (as the bad guy) have to do is to link to a questionnaire pretending to send a gift to the consumer, asking for his/her personal information - name, address etc. Thus, I have a list of people who have the keyword “Amyotrophic Lateral Sclerosis” showing up in their Personal Health Record.
Yes, it is that simple. ”

The first priority of Keyose is privacy and we agree with Eysenbach about the threath. In that sense we have decided to never include Adwords or Adsense advertising in Keyose service. We will never put our personal, our patients or our relatives health information in a service that provided AdSense in their website. You can trust us!