Slashdot Mirror
Microsoft Working On Health Information 'Vault' System
josmar52789 wrote with an article from the New York Times, discussing Microsoft's new push into the consumer health care market. The plan is to offer personal health care records online via a system called HealthVault. Numerous big names in the medical field have signed up for the service, including the 'American Heart Association, Johnson & Johnson LifeScan, NewYork-Presbyterian Hospital, the Mayo Clinic and MedStar Health'. The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities: "The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol levels. "
``...privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or...''
That sounds good. You actually get full say in who is allowed to do what, and "give permission" sounds like the permissions are secure by default.
I have about zero trust that Microsoft will actually implement this correctly and securely (I've seen far too many stupid bugs from them lately), but at least they're saying the right things. Not vague promises that it will be "very secure", but an actual description of the security controls they are planning to provide. Moreover, those security controls seem to actually provide the security one would want in such a system.
Please correct me if I got my facts wrong.
I don't think that anyone can argue about whether they have a successful formula in personal computer software. They've made billions using that formula.
Yah, I work with medical data and while doing my HIPAA awareness training, I was surprised and disturbed by it also.
Here's more info:
http://www.aclu.org/privacy/medical/15222res20030530.html
cat sig >