How Much Would You Trust Third-Party Web Applications with Your Medical Records?

As I’ve mentioned before on this blog (What are Strangers Doing With All of Your Information?), when you willingly hand over your information to Google via Gmail or a third-party application, they own it. Once they own it, they can sell it.

But businesses, non-profits and individuals willingly provide this information because it’s convenient. They are assured that this information is protected, perhaps out of a projected sense that it ought to be protected.

So the development of Google Health has caught my attention. Now you can store your medical records online. When it comes to your medical information, some of the most private data you’ve got, when that info gets turned over by hospitals to a private company, the data is no longer protected by regulations like HIPAA (as noted in a recent Technologist column by Steven Levy). Nonetheless, there is definitely a trend for public institutions to put this information in third-party web apps like the Google Health project before we have better security.

Google has millions of dollars to spend on security, but simply by browsing hacked sites, the people uploading their data to the Internet have made the multi-million dollar investment in security pretty much irrelevant.

The point being, while there may be efficiencies, possibly even life-saving ones, from putting this data in third-party online databases, the framework isn’t quite there yet. So long as the vast majority of Internet users are vulnerable to spyware and other threats, the system is not ideal for storing of your most private information

The movement of all business functions to virtual apps is definitely happening, but my advice to businesses looking into it to hold off for a little while longer… at least until you're willing to accept the risk.