My hospital HAL - Google man moots syringe that says no Google VP Jonathan Rosenberg's windy sermon on 'Open' has been widely panned, but his interesting intervention on identity, health records and medical procedures has been little remarked, so far. Which is a pity, considering how close Google's High Command is to the High Command of the party likely to win next year's election, …
...what if it incorrectly mis identifies you and says...
This person is a Jehovas witness and does not want to receive a blood transfussion.
Said patient dies of blood loss.
Would Google be liable or would there be some teeny text that say "We accept no liabilty etc etc..."
Google "Do no evil, accept no responsibility"
Typical medical procedure is to use drugs and item people are very unlikely to be allergic to (Such as using non-latex gloves, non-penicillin antibiotics, etc.), at least until they can get a full medical history. While it may be more expensive, this costs a hell of a lot less than any 'smart-syringe' crap he wants to build.
Problem is not what technology COULD do to help. It's the will to do it that is lacking.
About 10 years ago someone was killed with an injection into the blood that should have gone into the spine. Someone wrote in the BMJ that since lumbar needles are so different, and since medication is made up by the hospital pharmacy, it would be easy to create a separate syringe type. Lumbar drugs are then only dispensed in a lumbar syringe, which only takes a lumbar needle, and no nurse or Dr will ever stick one of these in a vein, as they are so glaringly different. Problem solved.
Except noone actually did it and we still read these stories of needless death every 2 years or so.
I'd still be fine with Google or the big M looking after my data, a damn sight more secure than El Gov! It still annoys the hell out of me when you move and register with the doctors who ask who your last doctor was - I don't bloody know, I don't see my doctor every other week! They really should be able to key in my name/NI/DoB whatever and just have access. Down with paper.
Under HIPAA, if a doctor sees you in the hospital, and then you have a follow up exam in his private office, you have to fill out a permission form so that he can access his records he made while at the hospital.
That is, your medical information is segmented in to silos.
Google and Microsoft see value in creating a cloud of your and presumably everybody's information. Secure? Hardly.
Add to this Google's comments about not being concerned about HIPAA since they are not a medical company. That is, HIPAA will not apply to them.
Of course since they are asking you to provide your information.... if you're dumb enough... you waive your HIPAA rights automatically.
Any hospital or doctor's office which utilizes Google or any external database with my medical information is asking for an automatic lawsuit.
Not that I have anything to hide, just that I believe in my own personal privacy.
But hey! What do I know?
I post with an alias. ;-)
-G
I think its safe to say that the "smart syringe" is a metaphor for "a point-of-care" personal medical information system. Biometrics may be unreliable, but accessing the medical records for the 10 people closely matching the thumprint is a quick fix for privacy issues. But the problem with the NHS Nymphette (sorry, NPfIT) is the BOFH, end of story.
... if you don't keep medical records of everybody who is entitled to use the NHS (i.e. all British Citizens) you don't get your national database by the back door, do you. Of course the point isn't to prevent the tiny number of out-of-area medical treatment / unavailable-medical-notes / rare allergy conditions. It's for a much grander purpose.
That your child will be in danger if you don't let that Google Smart Syringe have access to all your personal data.
He wanted to try to justify all the data Google keeps needlessly, in a way that made it sound like you want your child to die if you disagree.
Hence the kid in hospital metaphor, yet somehow Google keeping my web searches against my wishes to improve it's advertising and for it's own research DOESN'T quite involve my dying child in hospital. So perhaps such a scenario, just confirms to me that Google does not take my privacy seriously.
And so I'll give their Android product a miss thank you, because it may decide to grab all my data one day.... to save my child's life naturally, and not because it suits Google and they've forgotten what made them successful, no sir, definitely the child's life thing.
OK the syringe idea is barking mad but having your medical records available on-line seems like a great idea. I have had cause to be regularly checked up over the last few years in a fairly high tech hospital. When I first started going the XRay's were physical things and we had to wait for ages while the consultant dug out the right ones. More recently the consultant simply pulled up the images onto the screen built into his desk top and we could both look together. Any further notes (such as my allergy to the chemicals they use during CT) are also quickly available.
I would find it quite comforting to think that if I were on holiday in another part of the country, or even another part of Europe, or the world, a Doctor could bring up my details.
However one teeny little issue, security. So long as I am able to give consent it should be a requirement, no a necessity, that consent is given before any records can be opened. And in the situations where I cannot give consent (unconscious or physical/mental conditions that prevent it) then only by very limited individuals such as those in A&E and when this situation arises I should be able to be alerted (via SMS, EMail or even by popping a letter in the post) to the fact.
Of course people have genuine concerns that their insurer might hear about something they would rather they did not hear about or even that some member of staff is running a side line in checking out your medical background for a fee. These situations need to be prevented in as much as it is possible to do so and any system needs to be designed to anticipate that this might happen with sufficient controls so that auditing who has had access to an individuals records is as much part of the system as the data itself.
So, what is to stop someone at a hospital somewhere clicking the 'patient has given consent' button to get free access to all of your medical records?
The problem with the security model you give is that there is no authentication of you, the patient, at any point. Short of everyone going around with a RFID chip in their arm, or carrying an ID card around with them 24/7, this is not technically possible.
The only alternative I can think of would be the use of biometrics, and this fails for a number of reasons, for example:
- people in hospital are likely to be injured or seriously ill in some way, is it a good idea to wheel them up to an 'ID terminal' to take their 'biometric signature' before actually treating them in any way?
- current biometrics such as iris scans, etc. have appreciable false positive and false negative rates. Scale these up to the entire population, and the proportionate risk of misidentification scales up.
- performing biometric scans are quite likely to be impossible in many situations. Using the example of the iris scan again, in an eye hospital the very conditions the patients are presenting with are going to prevent the biometric being taken.
Unfortunately, for any such medical database to provide the services being touted, there exists the necessity for a large number of users to have access to the system, in an equally large number of locations. Short of having military-style security (which is unlikely to work anyway) in all hospitals, GP surgeries, drop-in centres etc., etc. this is always going to have security holes.
So, you claim, "I would find it quite comforting to think that if I were on holiday in another part of the country, or even another part of Europe, or the world, a Doctor could bring up my details."
My counter-claim, is that I find it deeply disturbing that an another part of the country, or even another part of Europe, or the world, a doctor, a nurse, a hospital database administrator, a random member of the public passing an unsecured terminal, or even a politician or civil servant could bring up personal, private, potentially embarrassing details about me from an all-encompassing system without my consent.
Ah, but you forget, everyone who goes into hospital or sees their doctor will automatically have their DNA taken and placed on the National Regist... erm, I mean "their health records" and hospital staff will then be equipped with DNA scanners so they can check they're treating the right person (or, at least, someone who shares the same DNA fingerprint)
And, of course, that data will never be abused by, say, checking someone's DNA with the Police Database to see if someone who comes into hospital is wanted for a crime (or, at least, whose DNA matches someone who is wanted for a crime...)
Do you think google would apply their standard terms and conditions? Isn't it notorious for including something along the lines of "anything you do using our system becomes our property, we can do what we like with it"
Now imagine that applying to humans.
I'm off to build a super-duper tinfoil hat, that I can wear over my entire body... just nowhere near the BOfH this week :)
However wild an idea the smart syringe is, hospitals could do with something to prevent avoidable errors. In the UK something like 10% of people admitted to hospital suffer harm from errors, a large number of which are some combination of wrong drug/wrong patient/wrong dose.
Simple systems can prevent most errors (and I mean maybe 99% or more). Full access to patients' medical histories is not usually required: a simple identity confirmation is usually enough (unknown IDs are rare and insignificant). The US Veterans' Administration use a barcoding system where drugs, patients and staff are barcoded and all three are scanned at the point of drug administration. A fairly simple check of who and what drug and what dose manages to eliminate the vast majority of wrong dose/drug/patient errors.
Given how many errors their system prevented, the shocking thing is how few other hospital groups have adopted anything similar.
The idea of easy-to-hand medical records is definitely not a bad one. People travel, people move, and medical records are cumbersome to move around.
Obviously, having it all in a huge, honking database is a security risk.
Compromise: have a National Insurance card w/ a chip (Flexable NAND?) storing your records. Encrypted with 128/256 AES, not contactless, with a (in the UK) gov't owned proprietary interface so that only "reputable" (okay, here's where it falls apart) companies will make the reader/writer for sale to hospitals/clinics.
With this, your information is always at hand (it can have allergy info printed on the card) but also in the person's control.
1) This is a pointless analogy. Apparently all Rosenberg wants to say is that people make different decisions regarding their personal information and that these different decisions need to be equally respected by Google, but instead of just saying that we have some incidental guff about children, health and accidental death.
2) The analogy contains one of the shittest pieces of reasoning I have seen this long, long year
"Let's say your child has an allergy to certain medicines. Would you allow her medical data to be accessible by a smart wireless syringe which could prevent an EMT or nurse from accidentally giving her that medicine?"
OK, well let's say I don't have any children and then let's say I take this argument to pieces and put it back together again in the wrong order?
What if:
a) The records are incorrect;
b) The records are correct but the computer's gone haywire?
Now let's say Mr. Rosenberg has an allergy to certain medicines: Would he allow his medical data to be accessible by a smart wireless syringe which could prevent an EMT or nurse from giving him the correct medicine and accidentally give him the medicine he's allergic to because the system's broken? I bet he fucking-well wouldn't.
Rosenberg seems to be presuming that computer systems never go wrong: They are perfect and always do their master's bidding correctly. Fortunately most people seem to live in the really real world, and right here in the real world this kind of talk is specious nonsense. Not only do computers have a long way to go before they're maintenance-free, they also rely entirely upon their less-than-perfect human masters for software code, hardware build and data-input. Which means Mr. Rosenberg is now dead because some minimum-wage typist in a data-centre somewhere was having an off-day and screwed up when inputting his allergies.
Not that this proves much. Rosenberg works in marketing and marketing consists mainly of glossing over the facts in such a way you forget that the blue sky they want you to believe in is actually a sky that's pissing down with rain and filled with dysenteric pigeons.
This will be why - having made his point about equal respect Rosenberg doesn't say anything else about how Google might respect different people's decisions about their personal information. What's the betting he hasn't really thought about that, and that anything he might say about it will be specious guff to distract you from the huge bird pellet headed your way?
Of course we would always be willing to give every piece of our medical data to the government, they are so trustworthy when it comes to matters of data and information security. As this data is for your "medical needs" it is of course a back door way of getting the population database they have been craving for years to have, and of course, under the guise of "Detecting and Preventing Terrorism etc etc" they will mine and harvest that data to their hearts content, after all, you wouldn't want your "medical records" to be out of date or worse still, wrong.
In large practices they already won't permit 'off label' use of meds or procedures. So the physicians are merely robots following scripts... just hasn't been fully automated yet.
The point is that while one view is 'we must prevent errors by slavishly following protocols' another view is that 'slavishly following protocols can result in real injuries' since all humans deviate slightly from one another.
I wholeheartedly agree. This article was a fairly pointless rant that makes the ramblings of CEOs seem normal by comparison.
All that was originally said was that in a hypothetical world where frightening amounts of information are collected about every citizen, whether warranted or not, that people should have a choice whether to participate or choose alternative methods. End of story. And I have to agree with that viewpoint. No need to go off on tangents on whether the "smart syringe" would work or not.
Respect people's rights to privacy. It's increasingly harder and harder to get.
How about smart syringes for addicts, that won't let them OD?
While not entirely relevant to the article being commented on, we do not need 'smart' syringes to prevent - I presume The Silver Fox meant accidental - O/Ds, we merely need legalisation of all drug use, and consequent quality control of the various drugs.
Living in Central Scotland, death by accidental O/D is not unknown to me, but it is almost always because somebody has released heroin onto the street of an unexpected strength. With proper quality control, this risk vanishes and therefore we don't need the attached privacy risks of 'smart' syringes.
Chris Cosgrove
npfit in practice has sounded like a terrible failure. But, this is due to several reasons. Partially due to bureaucracy and the typical use of expensive and underperforming closed software, paying huge fees to IT consultancy firms to try to get it all running. Also, the idea of having a gigantic centralized database with all the information.. the transactoinal load, size of data, and fault tolerance needed would be incredible, as would the need for security with everyone's records in a single point like that.
Several systems have been using open source medical records software (there are several good packages available.) These cost like 1/5th or less the cost to install compared to the typical closed systems, and apparently work great.
The computerized syringe does sound daft though, I love when some guy comes up with a crazy "pie-in-the-sky" idea like this. In practice, how will it figure out what medicine is put in it, how will it tell who the doctor intends to jab the needle into, are you going to then have to replace syringe batteries all the time or what? Yeah.
The "particular type" of techies aren't the danger here, it's the patricular type of politician (i.e. just about all of 'em) who believe Star Trek is real and therefore swallow tech *companies* promises hook, like, sinker, end of the pier etc.
Face it: if any number of politicians had bothered to educate themselves adequately in the public's interest, and then had the backbone to tell it like it is (but that's a whole nother can of worms innit?), biometrics would have died in some backroom when the venal company rep first mentioned it.
We have the same problem in the USA, where the added danger of a population that believes you can solve *any* problem if you apply enough technology to it. Domestic Terrorism? You can spend the money on a public awareness advert blitz in prime time TV commercial spots (anyone remember "wear something white at night" or "dip, don't dazzle"?) or you can spend a gazillion dollars on bells, buzzers and flashing lights.
Hmm.
while not wanting to draw an conclussions regarding the end of the world in 2010 but I find this a little interesting...
Revelation 13:16
He also forced everyone, small and great, rich and poor, free and slave, to receive a mark on his right hand or on his forehead,
http://bible.cc/revelation/13-16.htm
That said I've been looking at both HealthVault and Google Health as a consumer (I'm based in the US so can use them) and so called Personal Health Records are not that personal - http://bit.ly/8s5lk2
There has been a long running problem of inadvertent intrathecal injection of vincristine by medical staff. This is a chemotherapy drug which should be injected intravenously, but as it's often accompanied by another drug which is injected into the spine - they are sometimes mixed up, with fatal consequences (vincrustine in the spine usually kills within 48 hours, or irreversibly paralyses patients).
Although awareness, training and clear packaging helps, the most effective solution is probably to change the caps for intrathecal and IV so that they not compatible. This simple mechanical change of plastic connector would seem cost effective and obvious yet the NHS rollout seems to have dragged on for many years. I can't imagine anything that relies on IP network getting cleared before 2050
http://www.google.co.uk/url?sa=t&source=web&ct=res&cd=2&ved=0CAoQFjAB&url=http%3A%2F%2Fwww.datix.co.uk%2Findex.php%3Faid%3D181%26lan%3Den&ei=QkQzS4ybMZOj4QadqqGqCA&usg=AFQjCNEUiOu3APa8bU8_fMAWiNnA7ZjTtA&sig2=r-nkUD9uZcPJHme3KasKuA
@matt_black
"The US Veterans' Administration use a barcoding system where drugs, patients and staff are barcoded and all three are scanned at the point of drug administration. A fairly simple check of who and what drug and what dose manages to eliminate the vast majority of wrong dose/drug/patient errors."
This I like. Simple (provided you alread have a patient management system in place), well understood technology and *local* as in not *needing* a centralised data base.
@ Henry Wertz 1
"npfit failed but not terrible idea"
Well the *idea* sounded good. Like flying cars and fusion.
It's when idea meets implementation that it proves to be just a little bit trickier. But as others have noted if *average* politicians had even a *rough* idea of what the current limits on what a system could deliver were ID cards, IMP and the NpFIT (Nymphette. truly a case of think of the children) would have died at birth.
I suggest *most* of these systems are the product of the "Unholy trinity"
Ignorant, glory hungry ministers x senior civil servants with a data fetish x IT company reps seeing *huge* profits even if it fails, due to the support and repair contracts. = massive, late, over budget system whose only "benefit" is the erosion of personal privacy.
Mine will be the one with a copy of "Robocop" in. Dick Jones should be a warning to IT Reps everywhere, but he's probably more a role model.
How about encrypting the records, and the patient has to enter the password (which is not known to doctors etc) to decrypt? It won't cover emergencies, and it won't cover people too thick to remember passwords / use keyboards?
Or the patient could carry the encrypted records (probably on a phone, or thumb drive) and amongst the encrypted data would be digital signatures from the doctors etc who put the data there, along with checksums, to verify that it really is your medical data.
This company is becoming truly creepy and makes MS look tame in comparison.
Just remember all those Sci-FI films, tech or biotech company innocuous fluffy sounding name and slogan starts up and gets its claws into Government and then unleashes either a robot or other creation that becomes self aware and becomes hell bent on destruction.
All we need now is for them to join up with the other global mega corps.
Sleep well and don't have nightmares.
:)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
