GDS & Medical Information

I recently received information from the Palo Alto Medical Foundation warning against use of the Google Desktop Search tool:

Do you use the Google Desktop Search tool or use a shared computer to view PAMFOnline?

Google recently released a new tool that allows people to scan computers for information in the same way they use Google to search the Internet. To enable the search, there is a setting that will index and cache Web pages including secure web pages like PAMFOnline. In other words, the tool has a photographic memory of what is on your computer.

How does this affect me? If this tool has been installed on a PC that you are using, it is possible for your private health information viewed through PAMFOnline to be cached on the computer’s hard drive and retrieved later by someone else.

The good news: Google Desktop Search is only able to retrieve Web pages that are viewed after it is installed. In other words, if you view PAMFOnline on a shared computer (e.g., Internet café, Library), someone cannot come along after you, install Google Desktop Search and pull up the pages you previously viewed.

For more information on the Google Desktop Search Tool and your privacy go to: http://searchenginewatch.com/sereport/article.php/3421621

A full copy of the warning is archived here.

This is pretty impressive – the risk presented by a new technology to personal patient health information was discovered, analyzed, and a solution distributed in a fairly short period of time. Makes me wonder: is PAMF unique amongst medical care providers due to its proximity to Silicon Valley? Or is this a sign of increasing sophistication of healthcare providers in light of HIPAA and other regulations designed to protect personally-identifiable information?

Freedom & Privacy

My buddy Kevin was lamenting having to give his ID to get into LinuxWorld in San Francisco this week. Yes, the response from the LinuxWorld security was absurd (“it’s for security reasons”), but it’s interesting to note Kevin’s failure to grasp a key point: he didn’t have to go to LinuxWorld. Nobody was forcing him to reveal his identity – as long as LinuxWorld was up front with its requirements for entry (or offered a refund if Kevin refused to provide his ID) I’m not sure there’s anything wrong with what LinuxWorld did.

At the risk of infringing Bruce Schneier: privacy is a trade-off. It’s a free country – companies have a right to dictate the conditions under which they’re willing to sell to a consumer, and consumers have the right to decide whether or not they feel like accepting those terms. If you don’t like the terms, then there’s a simple solution: don’t buy the company’s product or service. It’s not like LinuxWorld security held Kevin down and went through his wallet – he could have just walked away.

It’s relatively easy to protect your privacy, as long as you’re willing to accept the inconvenience, cost, and lost opportunities. Don’t like companies tracking your purchasing habits? Fine – say good-bye to easy access to credit via credit cards, say good-bye to discount cards that “save” you money (the “save” is in quotes because the prices are usually inflated to encourage participation in discount schemes). Don’t want your movements to be traceable? Fine – get rid of your cell phone. Now, I’ll admit it’s effectively impossible to stand up to every company, all of the time, especially if you want to get anything done in life. But no one’s holding a gun to your head.

I think people overestimate the value of their freedom and privacy – they’ll scream bloody murder against laws that allow the government to collate data it already has on citizens, but sign away the same information in a heartbeat to save 10% on their groceries. It also appears people misunderstand the freedoms to which they think they’re entitled. Sure, you have a right to assemble – but only peacefully, without blocking free passage, and on public land. Sure, you have the right to free speech – but not to make threats, or spread libel. You can’t protest in the mall – it’s private property. And if you and a couple hundred friends are going to protest at the Democratic National Convention, don’t be surprised if the police put you in “free speech” cage. Those are the rules – any ideas of your own on the subject are merely creative works of fiction.

For those areas where you have a choice between preserving your privacy and buying into another product or service, it’s up to you to stick to your guns. If enough people had the courage to vote with their dollars, maybe companies would get the message. Until then, be prepared to present your “papers” along with your cash.