Google Health, Google’s new health information system, allows patients, doctors and pharmacists to share medical information over the Internet, but the sensitive nature of medical information presents unique security challenges, according to Google security engineer Umesh Shankar. Shankar described the information encryption system that Google uses to ensure the security of medical information and the other technological challenges that Google Health faces in a lecture, “Security and Data Integrity in Google Health,” on Wednesday at Dartmouth College.
Google Health, a personal health record application, allows users to organize their health information in one place, gather their medical records from doctors, hospitals and pharmacies, and share their information securely with family members, doctors or caregivers, according to its website. All of this information is stored in data centers composed of thousands of machines scattered around the globe that are also responsible for other Google services like Search and Gmail.
Google draws information from its search engine to generate new projects, according to Shankar. A multitude of “health search[es]” — in which people type symptoms into the general Google search engine for a diagnosis — was the “impetus” for Google Health, he said.
Google employs an infrastructure that utilizes cryptography and key management to ensure privacy and security, Shankar said. To illustrate the system, Shankar used the hypothetical case of Alice, a mother using Google Health to monitor her son’s medical records. After Alice verifies her identity with a username and password, Google “wraps” her credentials with a key that deciphers her son’s information.
Google employs a remote service that deciphers the encrypted information, Shankar said. At this point, Alice, through her account, has the power to delegate to others who can access communication between Google Health and the service that stores the key. If Alice gives permission to a doctor, the doctor can directly access Alice’s son’s records through his or her own account and alter them.
Rather than transferring vital records in paper form, doctors and pharmacies can now instantly and effortlessly transmit information concerning diagnoses, prescriptions or lab tests to patients and their health care providers, according to Shankar. In addition, users can edit their own records, adding their own diagnoses or deleting incorrect diagnoses.
Google preserves medical histories, tracks who can view a profile or who has accessed a profile and allows people to revoke others’ access to their records, Shankar said. Returning to the example, Alice cannot conceal any part of her son’s medical records, but she can stop a doctor from accessing her son’s entire medical records with the click of a button.
Google is currently working on synchronizing real-world devices with Google Health accounts, Shankar said. A wireless scale will soon be able to automatically record and transmit a patient’s weight to Google Health as soon as the patient steps off of it, keeping a record of weight over time.
The main challenge Google Health faces now is “bidirectional editing,” or the ability of two parties to revise a medium storing information on the Internet simultaneously, he said.