Apple could succeed at this.

by w3woody

CNBC: Apple wants the iPhone to manage your medical history

Apple has been working on a hush-hush project that would make your whole medical history more accessible, according to CNBC. The tech titan reportedly wants to turn your iPhone into a repository for every diagnosis, lab test result, prescription, health info and doctor’s comment. That way, you don’t have to go through a bunch of emails to find that one test result sent as a PDF attachment or to have your previous doctor send data over to your new one. All you need to do to share any part of your medical history is to look fire up your iPhone.

Years ago Google had an initiative to do the same thing, but the project fell short. Google has a suite of apps designed for hospital collaboration while honoring HIPAA security requirements, but HIPAA requirements at this level only require that data is accessed with login security, that data can be marked with access controls restricting access to just those groups who can have access, and that all data access be logged for auditing.

Medical records on a personal device was something Google decided not to go after–because institutionally Google’s corporate structure is around gathering as much data as possible and exploiting it to feed the endless advertising maw. Institutionally, Google is not used to protecting data with the same degree of vigilance as Apple.

I think this is why Apple will succeed where a company like Google cannot: because Apple sees personal data as personal and private. Notice the number of people complaining that Apple is slowly moving towards forcing everyone to use two factor authentication for sensitive data–this is, I suspect, on purpose.

And with the iPhone 7, it would be very easy for Apple to provide two factor authentication, with the two factors being your fingerprint and your password, or your password and another device’s authentication.

(Remember: the three factors that can be used for logging in are “who you are” (like a fingerprint), “what you know” (like a PIN or password), and “what you have” (like another device or a ATM card). Two factor authentication uses two of the items above, and three factor authentication uses all three. And it’s why I’m disdainful of “fake two factor” authentication used by some banks, who ask you a question and a password: a pop quiz on what you know is not “two factor” authentication; it’s just hammering one of the factors–on what you know.)

So if anyone can make this work: if anyone can allow a user to store his personal medical records on his own device so he can share those medical records with any doctor or health care professional he sees, it’s Apple.