Healthcare: Google vs. governments?
Google just introduced Google Health, a new web tool that allows user to organize their health information all in one place, to gather their medical records from different sources (doctors, hospitals, pharmacies, …), to keep doctors up to date about their health, and to be informed about important health issues. Users can import their medical records from participating medical facilities and pharmacies (only eight, only in the United States at the moment) and let Google manage all their health related data.
Google tries to reassure its users by saying they will never sell their data, and that users choose which data is public and which data is private. But we all know Google's core business is advertising based on recognition of keywords in user related data. In the present case, even the US laws about personal data protection do not apply as Google says in its Terms of Service: "Google is not a 'covered entity' under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder. As a result, HIPAA does not apply to the transmission of health information by Google to any third party."
So, should we see Google Heath as a threat to government smart card supported healthcare projects? Maybe, not:
At the same time, the Fraunhofer Institute just approved the German health care application model, based on a public key infrastructure, and individual access controlled by smart cards. The German Healthcare system includes a combination of health care related data stored on central servers and distributed information in smart cards, guaranteeing the individual control of each patient on the dissemination of his personal health related information. The Fraunhofer Institute, supporting the combination between centralized servers and smart cards, concludes that hardware security tokens, like smart cards or USB keys, without a central infrastructure are not an option for data storage in healthcare. The head of the Fraunhofer Institute said there were no technical reasons to further delay the roll out of the electronic health cards in Germany.
A global project like the German one certainly has a higher cost than an initiative like Google's, but it ensures all precautions are taken to guarantee citizen's privacy. And in most countries, the best guarantee for the citizen comes from the audit capacity of independent bodies.