Two leading proponents of electronic health records have urged regulators and governments to wake up to Microsoft and Google's growing interest in storing medical information. Dr Kenneth Mandl and Dr Isaac Kohane write in the New England Journal of Medicine that the entry of tech behemoths to the healthcare market will bring " …
""Philosophically and politically, I am skeptical of the concept of paternalism."
Windows phone home?
Microsoft is quite paternal. And I don't trust them to safeguard anyone's data, ever read their EULAs for any of their products. Anything that happens is your fault. So a company that takes no responsibility for their actions is the last entity I would trust my medical records to. Same goes for Google.
Back to the bunker, cheers!
This definitely qualifies in the "No Shit Sherlock" category.
UK Public organisations are bad enough at leaking (accidentally?) sensitive information to the public domain. I can't see regulated, or otherwise, private American organisations being any better.
What baffles me is that people continue to believe the nonsense peddled by the "snake oil salesmen" in industry and government. Do people persist in the belief that it can't/won't happen to them when the evidence to the contry is published daily?
I'm not an unreconstructed ludite - I don't think? However, if you want the world to know about you then social network first but after that it's down to the places that money can be made from - Banks, health, food, energy...
But, then again, if you've nothing to hide you've nothing to fear - so that's alright!
April 18, 2008
I read with great interest your article on electronic personal health records and privacy and thought you would find MyMedicalRecords of interest. MMR has contracts with organizations covering more than 30 million lives to provide our services.
Contrasting MMR to other popular EMR products, MMR is delivering the most user-friendly, convenient and versatile web-based Personal Health Record available today. Using our proprietary patent pending technologies, complete patient information including actual lab test results, radiology reports and images, progress notes and all of a patient’s charts can be uploaded or faxed with annotated voice notes and comments directly into the user’s password-secured account. Users do not need to install any special software or use any special hardware to use our service.
MMR also has integrated other advanced features, such as multilingual translation, a drug interaction database of more than 20,000 medications, calendaring for prescription refills and doctor appointments, and private voicemail for a doctor’s message and other personal uses.
There also is a special “Emergency Log-In” feature that allows a doctor to access a user’s account to view their most important medical information in the event of a medical emergency. To ensure individual privacy, specific data, such as prescriptions, allergies, blood type and copies of actual medical files or images, are pre-selected by the user for inclusion in the online read-only Emergency Folder.
In addition, MMR also includes an online ESafeDeposit Box feature that enables users to securely store any important document in a virtual “lock box” and access them anytime from anywhere using an Internet-connected computer or PDA. These documents can include Advanced Directives, Wills, insurance policies, birth certificates, photos of Family, Pets and Property, and more. MMR is clearly one of the most complete user-friendly Personal Health Records available today (I can provide a detailed comparison with Microsoft's HealthVault, for example)).
Incidentally, MMR has built a two-way data interface to Google Health and our understanding with Google is that MMR will be part of their public launch expected shortly. This will enable users to move information from their Google Health account to their MyMedicalRecords account and vice versa. This will enhance the Google Health user experience by allowing the individual to store documents, images, and other personal information in MMR’s easy-to-use personal health record and will have the benefit of all the additional features MMR has that are not available directly within Google Health.
I would encourage you to visit MMR and set up a complimentary account. Simply go to www.mymedicalrecords.com and sign up using registration code MMRBLOG. I would be interested in your experience and hope that you will include us in any further discussions of Personal Health Records. I could also send you more information by email or snail mail (the latter allows me to send a bit more than I’d want to clog your email with).
Scott S. Smith
Director of Public Relations
11000 Santa Monica Blvd. #430
Los Angeles CA 90067
Ext 123 (Cell: 310/254-4051)
Whats up with the press release? My Medical Records?
Dear Scott Smith...
Just a few questions.
* Do you normally read the posts on this site? If you had you may have noticed a deep skepticism where commercial sites and privacy come together. Posting an invite to sign up to your site (unless it's a delayed april fool, which I seriously considered) was unwise.
* Why should I pay for a site that may not always be up, may be inaccessible to me when it is, may be hacked, may be opened by decree of the US government, whose primary purpose is about making money and NOT AND NEVER WILL BE about my health, and whose backup and data management policies are not spelt out, fully and transparently - why shouldn't I put all my stuff on a USB keyring and carry it around? What do I gain by giving you my most intimate data?
* what do I make of the technical competence a site that uses scripting to excess (you've got both prototype.js and scriptaculous.js, as well as others) and whose home page has no shortage of validation errors; here you go, Mr. Smith:
I don't do web pages but even I know not to use uppercase tags for xhtml, and certainly that tags should nest etc. etc. etc. In fact, though I don't do web pages but I know a damn site more than the person who hacked together this mess.
Mr Smith, this is pitiful.
And on a less technical note, why on your home page are all the stock pictures of smiling families and caring doctors with cute kids etc. all white people?
I got as far as "...user-friendly, convenient and versatile web-based Personal Health Record available today. Using our proprietary patent pending technologies..." and assumed it was a piss-take.
I refer you to http://www.theregister.co.uk/2008/04/15/google_spreadsheet_bug/
Google have a long history of allowing access to everything from a single cookie which is quite often insecure. Their patient records service will most likely be the same. What makes you think anyone who knows about googles insecurities will want any part of your site if you are linking into their service?
"When you enroll, you receive a special sticker that you can put on the back of your driver's license or other identification. We recommend that you write down your User ID and Emergency Password on this sticker."
So, your medical records can be accessed by anyone who happens to steal your wallet? What a great idea.
You also claim that having data in two datacenters is a security feature, when in reality it allows hackers or others two points of attack.
Finally, you point out on your site that the site is not covered by HIPAA. In case you have trouble reading, this article is about two doctors calling for sites like yours to be covered by HIPAA and other relevant laws.
Couldn't help it (just a few questions):-
Failed validation, 504 Errors
This page is not Valid XHTML 1.0 Transitional!
Then again, web pages I have made many years ago will also fail. But I am not bothered - it's a hobby for me. Mr Smith and his colleagues should be bothered.
I'm planning to not be ill, ever.
Sorry but I haven't seen such a poorly written site in a long time. This was cobbled together from spare parts somewhere. This is what I do for a living and I sould NEVER be paid for this trash.
Sorry guys - just had to say it...
Can anyone say 'silo'?
"...proprietary patent pending technologies..."
Which means, once you sign up, your information is stuck in there forever.
- Lack of 24 hr /7 day direct contact customer service implies a bunch of amatures
- Lack of guarantee to follow HIPPA regulations implies a bunch of amatures
- "attorney that specializes in HIPAA" = ready to litigate anytime (this being the U S of A)
- "proprietary patent pending technologies" = snake oil
- "504 Errors" implies a lack of technical expertise
- lack of Canadian logo means they already know their site doesn't meet Canadian healthcare standards (pitiful as those may already be)
there you have it..........
Paris, because she doesn't need an IT angle and these folks seem to lack a decent one...
Come on mymedicalrecords.com, we're waiting
Mr Smith, I understand you asked someone to respond to my posting. It's all gone quiet from your end. I should say, it's gone all corporate.
You can either take a kicking here and learn from it, improving this product and prevent future mistakes (probably expensive ones as you're handling medical data), or you can ignore valid criticism by pretending it doesn't exist. And lack of technical expertise #will# come back to bite you badly, sooner or later.
My thought is that you're just a unified company only at the front; that you're really just a collection of outsourced components behind the scenes - in the same way that you bought your website off the peg (and it shows), you probably have outsourced your data management (let's complete that sentence: "... to a third party whose primary purpose is about making money and NOT AND NEVER WILL BE about your data").
Please tell us we're wrong, that you are trying to sort things out.
LOL, soon this page will turn up in mmr-related searches.
Talk about unintended consequencies. Next - libel suit vs. Reg in proper US style?
Life is good.
Shame on you, foo_bar_baz, for taking this tack.
So how do we prevent other sites from linking to this story - in large numbers - and thus derailing such a promising startup?