In my blog on May 19, I presented my arguments on why people should stop and think carefully before they decide to put their personal medical records on the newly launched Google Health platform or any other health Web site.
The next day, Matthew Glotzbach, product management director with Google Enterprise, presented his views on why enterprises as well as individuals are shifting to cloud computing for data storage and application processing. Glotzbach discussed this issue during his keynote speech May 20 at the Software & Information Industry Association's Netgain conference in San Francisco.
My question is whether or not Google in particular and the Internet in general can be trusted to safeguard our health records, arguably the most sensitive documents we possess.
Glotzbach said that one of the important reasons why enterprises are moving to cloud computing is that data security in the cloud is far more reliable than the blundering data security efforts of many enterprises and government agencies.
Enterprise data security, he said, is a "big gate with no fence" because the biggest security threats aren't found at the corporate data warehouse. They are at the endpoints of the network on the laptops, hard drives and flash drives of end users. He recited the familiar litany of recent data breaches that made the news, such as reports that the Federal Bureau of Investigation has itself lost 160 laptops in the last 44 months.
Glotzbach noted that more than 2 million laptops are stolen in the U.S. every year, and many of these laptops contain sensitive corporate information, including customer IDs and Social Security numbers. He also quoted a statistic that 68 percent of USB thumb drive owners have reported losing these devices at one time or another and more than 60 percent of these drives had sensitive corporate data on them.
But my concerns about Google Health are even more fundamental than that. Companies such as Google, Microsoft and AccessMyRecords.com want to encourage people to put their health records online. People are being asked to do what few people ever had the ability to do before, digitizing their personal health records and storing them in an online database ready for access at any time.
Health care professionals have certainly recommended that people assemble their health records and medical histories in folders or three-ring binders for reference as needed by the patient or emergency medical personnel. People have long had the ability to digitize and store their medical records on their PCs.
But now individuals have to make the same decision that has confronted enterprises when they consider whether to switch to SAAS (software-as-a-service) applications in which their proprietary data about customers, sales, finances or product specifications must leave their own data centers and move into the cloud.
If enterprises trust their on-demand application service providers to safeguard data that can be worth millions of dollars, why shouldn't individuals?
I would ask whether or not the benefits of having personal medical records online in a central repository are worth the time and effort required to get them online. Then I would ask whether the benefits of having those records online are justified by the decision the patient makes to place them in the custody of a third party's data servers.
To me it seems like an awful lot of trouble and at least a little bit of risk for a modicum of convenience. Will having these records online really make me any healthier? Will the act of storing them in the cloud make me exercise more, lower my cholesterol, watch my blood sugar and control my blood pressure? I don't see why if I wasn't already following my doctor's advice.
Will my doctors make better treatment decisions for me? That hardly seems likely, since they already have their own copies of my records in their files, whether they are paper or electronic.
For myself, I'm content to take my chances with the records scattered about in the files of hospitals, physicians and insurance companies.