I Just Need a Little Privacy
Today I’m thinking about identity. This is a result of attending the Health2.0 discussion this morning and listening to David Recordon speak about Open ID and XFN (the XHTML Friends Network). All of the social applications here at Web2.0 Expo rely in some part on the user providing and agreeing to share their personal information. Are there standards for the data? How will it be shared? And most importantly, how secure is it? When I give PageFlakes my Gmail username and password to get my mail in a handy little AJAX box on my personal start page, are those credentials safe? Shouldn’t I worry about this at least a little? Would that I could authenticate against a central, trusted identity partner and then provide security tokens to those applications requesting credentials.
This idea is rapidly becoming a reality thanks to OpenID and OAuth. Having a single, trusted identity and a permission granting service is key to taking social media past sharing personal social information to sharing personal private information such as medical data. As a healthcare industry web geek I’m worried about how patients will access and share their medical information.
I’m not sure the public identity standards efforts are quite at the level needed for medical information. Today’s Health2.0 discussions suggested a growing market for medical social media services, all of whom rely on users sharing their data. Maybe not their HIV status, but certainly a summary of their basic health conditions. In order for my social network to build my network associations, it needs to know how to limit the possibilities, limits based on personal information.
Disease support groups come to mind as a super easy application. Why search for people when they could easily be found for you based on condition and some other limiter like location. We’ve been looking at the disease support group concept for a while at work and we keep running up against the data privacy/HIPAA question when it comes to hosting and specifically sharing our patients’ personal information. To date we’ve pushed the activity a step away from us by directing people to a third-party service provider. I feel badly about that. I can’t guarantee that they will have a good experience with that provider, nor do I have any control over the integrity and privacy of their information.
I’m wanting an independent service, run by a non-rofit, and overseen by consumer and industry representatives to manage the storage of my private information. At the very least there should be open and robust standards for how we deal with the data privacy and ownership issues. I also want an open source, open standard for electronic medical records let’s call it MXML for the moment. It bugs me that my most personal and intimate information is currently locked away in a variety of vendor-supplied proprietary systems that I can’t access without jumping through huge hoops.
So I’m a hippie, and that’s a good thing. I should control my identity, the information associated with it and my data should be mine and be portable. Hello dataportability.org.
