When Microsoft announced Microsoft Health Vault, for storing and retrieiving sensitive personal health records over the public Internet, I commented with “Microsoft is first out of the gate announcing Health Vault, an online personal health information database of Google proportions.” Now that Google has regained its composure in the health database area, it is testing a Google version of Health Vault in collaboration with the Cleveland Clinic.
Reportedly, this new sensitive medical data will be yet another aspect of the standard Google account. The same Google account that they use for tracking analytics, advertising spend (for those who advertise), ad consumption (for those who click ads), online video watching (for those who use YouTube), email (for those on GMail), saving whatever you search for on the Internet for practically forever, and so much more (“so much more” referring to DoubleClick data, library data being archived by Google, news wires, government records, etc).
Yes, the very same Google accounts which have been compromised by security holes in the very recent past (remember when we learned that others could read our GMail accounts?) will now be used to store and access your sensitive medical records. Hey, it works for YouTube, so why not your genetic screening test results?
This is under test with the Cleveland Clinic. Tests, of course, of how well it can make money for Google and the Cleveland Clinic. Oh sure the testing involves some safety issues, but the kind like “did any patients get hurt by errors?” (because that would create liability), and “did anything get seriously, obviously mucked up?” (ecause that would be ambrasssing). I doubt very much it is a test of real security or feasibility of exposing the records to International hackers via the Internet… youknow the people who sit back in their repaired Aeron chairs over in the-regions-recently-bombed-to-hell and try just about anything possible to access social security numbers, bank account data, or sensitive information that can be sold for currency.
Our commercial deployers of technology still insist on trying to promise security, while ignoring the obvious, known problems (storing encryption keys on local hardware(PDF)) and trying to convince us they are more innovative than everyone else (not).
If Google wants to test the feasibility of this Google Health Vault, they should put up billboards around the world saying “Solve this puzzle and get a job at Google”, and then challenge the worlds “brightest minds” to find a way in to that sensitive health data. Go ahead, Google. I triple dog dare ya!