Microsoft is first out of the gate announcing Health Vault, an online personal health information database of Google proportions. We can expect everyone to go after that gold mine, because such a database represents the single most profitable social media endeavor imaginable. Google will eventually build a health database. Yahoo! will probably try and add “your medical records” to MyYahoo! some day. This is scary, scary stuff, but it’s almost inevitable. People are willing to give away just about everything these days for a free email account, so I guess I can’t blame Microsoft for going after the Holy Grail of online databases with the Health Vault initiative.
Health Vault : Can it be Secure?
In a word, no. As everyone in technology already knows, whatever is connected to the Internet will be exposed to prying eyes. The credit card companies know this, the hackers know this, the information brokers and their customers know this, and the government (including the military) knows this. They have security systems in place specifically because they know nothing is secure on the web. Those security systems involve watching the hackers as they penetrate and look around, and tricking the hackers with fake servers full of fake data (honeypots). Millions and millions of social security records have been compromised every year for the past few years. In addition to this more obvious fact (that health Vault won’t be secure), this health Vault is from Microsoft – arguably not a prime example of companies doing well with software security (based on our experiences with Windows and other Microsoft products’ security).
Health Vault and Privacy
This one is easy. What people don’t know, won’t hurt them. Privacy is to be “user-managed” with Health Vault. That’s the short story – it’s left up to YOU what you expose via your privacy settings. The longer story is unknown, but it seems pretty obvious that this approach is an excellent way to get as much access as possible to people’s data before they know what they are giving away, or how they can change their own privacy “controls”.
Hint to the hackers: where there is trust, there is an exploit. As soon as there is a “privacy control” it becomes a target (like a lock becomes the target once placed on a door). If someone resets your “privacy controls” without your knowledge, how soon will you notice?
Health Vault: Why is it so Valuable?
You will hear about the obvious benefits of a centralized health database because that makes for good press and is supported by marketing dollars. You will hear about the crazy conspiracy stuff because it makes for good press. You won’t hear about the real deal, some of which I know from my back ground as a biomedical engineer and clinical researcher. The real deal is that personalized medicine is the most promising advance in health care coming down the pipe, and personalized medicine is based on genetics and intimidate knowledge of individual data like health history and medical records. Some day soon we will be able to do a genetic screen in minutes, and determine accurate probabilities of your future health. We can already check on many disease states using hair and saliva samples, or possibly skin flakes you might leave behind at the coffee shop, hair salon, or hotel bathroom. Without a court order or any permission, someone can follow you, pick up a that frappucino straw you threw in the trash and test it for various diseases. What can they do with such knowledge about you?
They can set your medical insurance rates, for one thing. They can deny you a job if they see you will get real expensive in the benefits department before the expected retirement age. They can run your DNA against a centralized paternity database, just to see if maybe somewhere in the past you perhaps unknowingly fathered a child that is now 16 years old and in need of college funds or 30 years old an recently un-incarcerated for sociopathy. Think about the potential of a Web 2.0 Social Media community site for adopted or otherwise fatherless/motherless individuals… tell your story, speak of your memories, and try to connect with your “real” family. Monetized via a paternity database… “send in your hair sample and we’ll check across 200 million medical records… all voluntarily submitted”. I bet that would be wildly successful. Or how about affinity groups like “people likely to get ALS before they are 35″ or “Preparing for Alzheimer’s” or even better a Mensa-like “Perfect People – Meet other genetically Perfect People Here” monetized via the mandatory DNA screen and Health Vault database inspection.
They can craft custom medications designed to work for YOU specifically, based on your own health profile. What would the profit margins be on such personalized medicines? I guess another way to ask that would be, how much would YOU pay for a medicine that could save YOUR life? Exactly.
Health Vault: Why should you care?
Well you may know enough not to participate in Heaqlth Vault, but who among us has not felt the pressures of social change involving risky technologies like unencrypted email? The vast majority of Internet email is still today sent around the world in clear text, stored all over the place, and yet nobody seems to care. Have you ever been asked for your credit card information and decided it was better to call it in? And after you placed your order by phone, did you get an email confirmation that showed most or all of your name, address, phone number, and credit card information? Sent over that Internet, in clear text (readable form), accessible to many, many otherwise unprivileged eyes and likely stored in multiple locations outside of your control.
Back office people send stuff by clear text (unencrypted email) all the time, in violation of policies and procedures and probably privacy and credit card laws, but nobody cares because it keeps commerce moving. The more momentum “the system” has the harder it is to resist participating. The more people accept Health Vault, the more health systems will require it, perhaps even using it via back office operations without your overt knowledge. If you have ever worked in IT or IS, I know you believe me. If you have ever been without a drivers license, how did you manage to “show ID” as you seem to have to all the time these days? I imagine the line for “people not in Health Vault” would be quite a bit longer than the line for “regular people”.
Health Vault. Should be good some day, but right now, I think this is pretty scary stuff.