backtop

Print E-mail del.icio.us 12 comment(s) - last by mal1.. on May 22 at 12:22 PM
Google Health may have more potential issues than security for users and medical providers

For the multitudes of people with chronic health conditions or who take lots of medication -- especially the elderly -- keeping track of health records and what doctors say is exceedingly difficult.

Google launched its latest service aimed at exactly this group of people called Google Health. The Google Health service aims to provide users with one location for their health records from participating pharmacies, hospitals and more. Users can also add information to their health records themselves.

The issue for many with Google Health is that the service has lots of risk and potential security issues. One big problem for privacy and security advocates is that people who are already Google users can opt into Google Health with their one universal login used for Gmail, Google Calendars, and other Google services.

The problem with this is that there is no security limits imposed on passwords. Someone could be using a very easy password for hackers to discover. The issue then would be that while it might not be a big deal for someone to access emails from mom, getting a hold of your personal medical history with the same universal login could pose a huge problem.

As DailyTech reported before, Google Health is not a HIPAA covered entity. This means that it does not have to follow the same safety and security practices that other institutions like a pharmacy, doctor or hospital has to.

In defense of the security of Google Health, Google says that many of the things that it does to protect people’s health records are better than what HIPAA requires. All of this is for naught if a users password is something like their name and birth date when a hacker comes knocking.

ArsTechnica reports that the service itself is easy to use and that entering custom data is easy to do. Importation of medical records is also said to be easy to accomplish assuming your healthcare providers are among the small cadre of supported providers including Beth Israel Deaconess Medical Center, Cleveland Clinic, Longs Drug Stores, and Walgreens Pharmacy along with a few others.

Importing information in this instance is reported to be as easy as logging into accounts with the providers and checking a box allowing Google to access the information.

Aside from privacy concerns and ease of use, for many the issue with Google Health and similar services is usefulness. How many people will actually be willing to take the time to enter all of this information? A few users will find the service to be great. For most it will be a daunting task with limited usefulness outside of personal satisfaction. Healthcare providers will be hard pressed to take a patient at their word that medical information is accurate.

Many remain skeptical as to whether medical professionals will trust information that comes from a patient without being able to verify the accuracy of the information with the original health records. This is the single biggest problem with Google Health for many.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Bosco!
By homebredcorgi on 5/20/2008 3:30:08 PM , Rating: 2
Are we still stuck in that world of simple passwords? Is it still 1995? Maybe I'm being naive, but I think the days of most people using 'sex', 'chair' or 'Bosco' (if you're George Costanza) are gone. Both of my parents have passwords that are at least six characters and use numbers and/or special characters. Yes, they probably only have two or three of them, but for the most part they are relatively strong. I'm willing to bet the majority of internet users have decent passwords that can't be "easily guessed by hackers."




RE: Bosco!
By pauldovi on 5/20/2008 3:36:11 PM , Rating: 5
You must be sheltered from the majority of society. They really are that dumb.


RE: Bosco!
By MRwizard on 5/20/2008 7:58:37 PM , Rating: 2
I disagree with you completely! i spent the last 2 years doing desktop support and the amount of times i was able to crack the users password in 2 or 3 goes was phenomenal! its actually amazing how many people will use there name or the company they work at.
and the most common password i came across (which is a hell of a lot) was the password: pass or even password
some idiots even use 123456 as a "secure" password.
in my opinion i think we had maybe 1 in 100 that actually used a "secure" password(and by that i mean eg."d3ad12",not very secure in my opinion). and that's not an exaggeration. Our company had to send out regular emails reminding people of these things


RE: Bosco!
By daftrok on 5/20/2008 10:06:34 PM , Rating: 2
I remember the days when "qwerty" was enough...I should change that password...


RE: Bosco!
By jhb116 on 5/20/2008 11:24:39 PM , Rating: 2
1, 2, 3, 4.... That's the combination of my luggage....


Did you forget?
By pauldovi on 5/20/2008 3:20:04 PM , Rating: 2
People are concerned if a hacker gets in? Do people forget that Google is an advertising company! I would be concerned that they would be selling my medical information for very lucrative targeted ads.




RE: Did you forget?
By BarkHumbug on 5/21/2008 5:17:05 AM , Rating: 2
Not to mention when they'll hand over your ass completely to your government.

http://www.dailytech.com/Google+Assists+Arrest+of+...


RE: Did you forget?
By Integral9 on 5/21/2008 8:41:39 AM , Rating: 2
India is a different country with different laws and more than likely, it's India's laws requiring Google to do that and not indicative of care-free handling of data.
http://www.theregister.co.uk/2006/02/20/google_ref...


RE: Did you forget?
By mal1 on 5/22/2008 12:22:34 PM , Rating: 2
Is is indicative of compliance with oppressive governments.

quote:
Google on Friday rejected US government demands that it give up search information claiming that its customers' privacy, as well as its own business secrets , should be protected.


Maybe I just have a jaded view on Google but it looks to me like they're concerned with their trade secrets, not protecting their users.


Why not just use fake names?
By Lord 666 on 5/20/2008 7:42:33 PM , Rating: 2
I am being ignorant in saying that when signing up or adding to an existing account, why not change your unique identifiers to something generic? Who cares what meds you are on, what procedures, or what health issues you have had if your name is Lab Rat20 born on 01/01/1970?




RE: Why not just use fake names?
By jon1003 on 5/20/2008 7:57:51 PM , Rating: 2
Because the hacker can just go to gmail since it's one login and those emails have plenty of info to find out exactly who you are, not to mention the other info from all the other google services like Docs and Calendar.


Problems with user enter information
By MykC on 5/20/2008 3:17:50 PM , Rating: 2
The article states the the biggest problem for google health is the accuracy of user entered information. One way around this is to any information as user entered versus information that came from a professional source.




"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein




Most Popular ArticlesSun Makes History: First Spotless Month in a Century
September 1, 2008, 8:11 AM
Arctic Sees Massive Gain in Ice Coverage
September 3, 2008, 2:44 PM
Sony to Launch PSP-3000 on October 16 in Japan
September 2, 2008, 8:38 AM
Russia Tests New Nuclear Missile
August 31, 2008, 10:30 AM
Google to Release New "Chrome" Internet Browser
September 1, 2008, 10:16 PM
botimage
Copyright 2008 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki