Skip to content

Google’s Microsoft Health Vault

When Microsoft announced Microsoft Health Vault, for storing and retrieiving sensitive personal health records over the public Internet, I commented with “Microsoft is first out of the gate announcing Health Vault, an online personal health information database of Google proportions.” Now that Google has regained its composure in the health database area, it is testing a Google version of Health Vault in collaboration with the Cleveland Clinic.

Reportedly, this new sensitive medical data will be yet another aspect of the standard Google account. The same Google account that they use for tracking analytics, advertising spend (for those who advertise), ad consumption (for those who click ads), online video watching (for those who use YouTube), email (for those on GMail), saving whatever you search for on the Internet for practically forever, and so much more (“so much more” referring to DoubleClick data, library data being archived by Google, news wires, government records, etc).

Yes, the very same Google accounts which have been compromised by security holes in the very recent past (remember when we learned that others could read our GMail accounts?) will now be used to store and access your sensitive medical records. Hey, it works for YouTube, so why not your genetic screening test results?

This is under test with the Cleveland Clinic. Tests, of course, of how well it can make money for Google and the Cleveland Clinic. Oh sure the testing involves some safety issues, but the kind like “did any patients get hurt by errors?” (because that would create liability), and “did anything get seriously, obviously mucked up?” (ecause that would be ambrasssing). I doubt very much it is a test of real security or feasibility of exposing the records to International hackers via the Internet… youknow the people who sit back in their repaired Aeron chairs over in the-regions-recently-bombed-to-hell and try just about anything possible to access social security numbers, bank account data, or sensitive information that can be sold for currency.

Our commercial deployers of technology still insist on trying to promise security, while ignoring the obvious, known problems (storing encryption keys on local hardware(PDF)) and trying to convince us they are more innovative than everyone else (not).

If Google wants to test the feasibility of this Google Health Vault, they should put up billboards around the world saying “Solve this puzzle and get a job at Google”, and then challenge the worlds “brightest minds” to find a way in to that sensitive health data. Go ahead, Google. I triple dog dare ya!


  1. Dr Bonis wrote:

    People is really sensible to the confidentiality of their medical data. It is critical information.

    The danger with Google Health and HealthVault is that somebody in the future crack their security systems.

    Also the fact about a private company getting data about your health must concern us.

    There is an alternative,, designed by physicians, its philosophy is based on total anonymous users. A smart mechanism allows the store of clinical record without asking you any personal data (not even your email).

    Confidentiality is in such a way assured.

    @Dr. Bonis: I didn’t go inside your application, but I can suggest you find a way for the health industry can make a reasonable fortune from your database or it will not succeed in the US. Yes that’s a cynical view, but the bottom line is that in this country at least, the establishment is for profit, and anything such as you describe, if it cannot be monetized for the participants it impacts, will not get supported (at best). We have this problem with biometrics as well. The “right way” to use biometrics creates an authentication system where “you don’t know who I am, but you know for certain I am who I was when you enrolled me in the program“. But our society will not accept such a system unless businesses can also know who you are, in order to make money. Find a way for them to make money while preserving privacy, and you’ve got a solution. john

    Friday, February 22, 2008 at 7:36 pm | Permalink
  2. Colin wrote:

    Keyose is a neat idea but it’s basically adding another layer to a Doctor’s already busy schedule. Google/MS have the right idea of making it painless to connect the systems together. Putting most of the effort (and reward) in the hands of the patients.

    The security is an issue, but google is not storing any financial or contact info (though you may have info in your gmail), so really it’s probably less so than your typical credit card transaction or bank transaction online.

    Friday, May 23, 2008 at 1:17 pm | Permalink
  3. Raju Mathai wrote:

    Is there a membership fee for PHR with USB port?

    Friday, June 13, 2008 at 8:50 am | Permalink