Subscribe if you want to be notified of new blog posts. You will receive an email confirming your subscription.
“In God We Trust” is NOT an Option for Your PHR: 5 Responses to the Google Health Trust Issue
Dear readers,
Thanks for your interest and feedback on my recent posting Connecting the Dots…Google Health Promises to Create AND Dominate Next Generation PHRs.
Despite being over 3,500 words long, this essay has quickly become the #1 most widely read posting on my blog. It continues to generate several hundred views per day and has been linked to by over a dozen other bloggers and news sources.
Reader comments center around two primary themes:
1) Should I trust Google Health’s (GH’s) next generation personal health record (PHR) with my personal health information (PHI)?
2) Can GH really get health care players to adopt and share electronic PHI? Why would/should others share their data with Google?
Today’s blog posting will tackle the trust issue. Reader Paul summarized the concerns here when he wrote:
“…personally i find it bizarre to think patients will entrust Google.”
<
p dir=”ltr”>Please consider 5 points about the trust issue.
I’ll frame the 5 points around GH, but they really apply more broadly to any PHR:
1) You’re right, Google Health is not 100% trustworthy. Nobody is. My point here is to acknowledge the validity of the fears about GH — it’s possible that GH could abuse your PHI (personal health information), lose it, use it to sell you stuff that you don’t want or need, hold you hostage by threatening to print the story of your nose job on the Google home page, or that the next generation of leaders at Google truly are evil people. The possibility of something going wrong is not zero.
2) The trust issue is not unique to GH. Here’s a somewhat rhetorical question: “If you don’t trust Google, who do you trust?” In God we trust is NOT an option.
What do I mean when I say “The trust issue is not unique to GH”? I’m saying issues of trust can be raised about ANYONE whom you might designate to be a custodian of your electronic PHI.
Seems to me that you have 2 options here: 1) Don’t trust anyone with your PHI — accept the status quo; try to keep your PHI locked up in your proverbial “mattress” so that you and only you know where it is (or more accurately you have no clue where it is). 2) Trust “somebody” with your PHI.
If you choose option #2, the issue now shifts. The issue now becomes “What’s the incremental difference in the lack of trust between GH and the “somebody” else that you might choose to trust.
But who is that somebody? Employers, health plans, pharma — they all have baggage on the trust issue. Who doesn’t have baggage on the trust issue?
“But I trust my doctor and my other health care providers” you say . Great, but your doctor and other health care providers have no economic incentive to create a next generation, interoperable, transportable PHR. Show me one that has — you can’t.
Think back about news stories we’ve read about leaks of provider or payer PHI over the past few years — somebody left a laptop containing PHI in the back seat of their car and the laptop was stolen; a hospital’s EHR was hacked by an Internet thief. Trust issues are everywhere and are not unique to GH.
3) If you don’t trust GH, don’t use it. Unlike tethered PHRs, you must “opt-in” to having your PHI collected and stored by GH. If you don’t trust Google, just don’t use GH. End of story.
GH’s success as a business model depends primarily on creating incremental value primarily to patient and physician users. My educated guess is that GH will achieve a tipping point and significant network effects at around 20–30% adoption.
Clearly there will be a hard core base of people who absolutely, positively won’t trust GH under any circumstances, no matter what, rain or shine. This group should not be a barrier to the success or failure of GH’s business model.
4) The benefits of trusting someone with your PHI will outweigh the risks. While there are risks to trusting someone (anyone) with your PHI, there are dramatic benefits. We must move the U.S. health care system to the point where health care information flows appropriately and freely.
The Institute of Medicine has documented that 98,000 people a year die in U.S. hospitals due to preventable medical errors. The lack of HIT (health information technology) in health care is killing people today.
I worry far more about harm to my family and me from lack of HIT creating appropriate information flow than I worry about not trusting someone with my PHI.
5) Is our collective time and energy better spent on preventing inappropriate flow of PHI or in creating free and appropriate flow of PHI. While I’ll pose my point as a question, I think you’ll see where I stand personally on the issue.
America is very big on individual rights; culture and society in other countries put much more value on community and collectivism. Do we Americans have our priorities straight?
Are we looking at the PHI issue through the right lens? Is our energy truly best directed to worrying about preventing inappropriate flow of PHI (which I have acknowledged is a legitimate risk) or is our energy better placed on creating free and appropriate flow of PHI? Where will we get the most societal bang for the buck?
I look forward to your comments.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. Feel free to republish this post with attribution.
I am not too concerned about privacy and public exposure risks of the PHR data. If I trust my banks’ systems for transactions, surely a PHR system can be as or more secure.
However, a bigger question may be whether there is “professional trust” of the data
For a clinician to rely on the data to make medical decisions, they will have to trust the sources of the data (even me if I self-report) as well as the technical issues around its security in the system.
How can this level of trust be addressed in a PHR system?
The trust issue could be solved if Google, or indeed any other PHR provider, adopted a custodian/broker model.
Their PHR implementation would need to be a “certifiably secure” personal “lock-box” over which the owner had complete control and to which there was no master key or back door.
By identifying the owner and making access secure and controlled by the owner (URL based user centric identity management), the owner of the PHI could selectively disclose their personal information to interested sellers, and create a reverse commerce model.
The custodian could monetize the relationship by brokering the contact, between the PHI owner (consumer) and provider.
Of all the companies out there Google is probably in the best position to evoke this level of trust. If you think about all of the information that you already entrust with Google it isn’t much of a leap to think of them having more.
If you use the Google applications then they already know your browsing habits, anything you store in your email and your office documents. What’s one more piece of your life? Isn’t Google’s mandate to ‘do no evil’ enough to calm all fears?
Without question Google already has an answer to the Trust issue. It is already being implemented into their platform. You will learn more by going to http://www.y-t-c.com There is a payoff for the consumer secondary to a trusted intermediary with a $1M insurance indemnity for breach of information. Plus, the consumer will be able to generate revenues from post marketing pharmaceutical surveys, and other innovative revenue generators for the consumer. Far better than MacDonalds bingo I assure you.
My name is C.F.SMITH.
[…] he did with Google’s PHR, talking even about trust issues, Vince Kuraitis analyzes Microsoft’s HealthVault and four misconception about it: […]
Hello Vince,
I disagree with your quote “providers have no incentive to offer free PHR.” As a group of dedicated physicians, we have assigned 20 IT members and few physician executives to develop a flexible PHR with built in web diagnosis and treatment. These are design to interface with any CCHIT certified EMR using HL7, CDA, CCD, etc. Our goal is for future disease management and home health. Research has been done in last 2 years, including SWOT analysis. We have not publically announced yet, but hope you will hear more about us in 2008.
Have been reading your quote and admire your analysis and inspiration. We are hoping Google will launch their PHR before ours. We would learn more from the best.
Agree with your A+ assessment of HV 🙂
LCN
Hey Vince, apparently this post is still popular because I stumbled upon it despite it being from 2007. You know on a somewhat related note, here in Los Angeles a lot of people are in an uproar right now over Google’s system being used to manage police records, too. For this and for the medical, I think they may be better off changing the name and making a subsidiary for it. I think by operating under the Google name a lot of people either trust it or distrust it. I am a cosmetic surgeon and my partner is totally against changing our PHR system. I read a couple comments on a plastic surgery forum about patients who also don’t like the idea of their records being stored on servers elsewhere.
Most recently, I’m not sure if you’ve read about how many people inappropriately read Michael Jackson’s death certificate before it was public. While, I can tell you here in Beverly Hills I’ve received comments from those in the public eye about their concern about keeping a lid on their surgical records of their rhinoplasty, breast implants, or whatever other “secret” they have that they want to keep hidden. By storing these patients outside my practice on a server, such as GH, I know many of them won’t like the idea of it, even if it is secure. Because perceived peace of mind is more important than actual reality… at least that’s what I’ve found with patients.
Mike