Microsoft Working On Health Information 'Vault' System

josmar52789 wrote with an article from the New York Times, discussing Microsoft's new push into the consumer health care market. The plan is to offer personal health care records online via a system called HealthVault. Numerous big names in the medical field have signed up for the service, including the 'American Heart Association, Johnson & Johnson LifeScan, NewYork-Presbyterian Hospital, the Mayo Clinic and MedStar Health'. The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities: "The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol levels. "

Oh yeah, triple secure.

[photomonkey]

This sounds like one horribly, terribly bad idea to me from a security standpoint.

Also, I can't help but believe that 'anonymous' information will be handed over to drug companies so they can 'research' their 'market'.

Some things are still best done with paper and pen.

Re:Oh yeah, triple secure.

[Em+Adespoton]

This sounds like a horrible idea to me from other standpoints too:

1) Medical professionals never like patients to have full access to their records, as if a patient misunderstands something on their file, their life could be at stake based on the decisions they make.

2) The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.

3) The system appears to be designed so that MS can sell aggregated data to drug companies and insurance companies. Seems to me though that even with aggregated data, you could reverse-mine it to have a reasonable suspicion regarding individuals (you'd know trends, which would help in searching for more specific details)

Anyway, the whole thing could be really useful if used correctly, but there are so many ways it could be misused even if the system doesn't have a major security breach that I for one would never use it.

Re:Oh yeah, triple secure.

[Evanisincontrol]

Like it or not, your medical information is going to become electronic. Microsoft isn't the first company to propose an Electronic Health Record -- not by far. The Cerner Corporation, for example, has been working modernize the health record since 1980. There are at least two universities in the U.S. which host a major in Medical Informatics, a program specifically designed to produce experts in this very subject.

Try to fight the Electronic Health Record is like trying to fight the use of computers in any other field -- it's inevitable.

Re:Oh yeah, triple secure.

[freemywrld]

The tone of your post should answer your own question. Why do people want the opportunity to keep certain information about themselves private? Discrimination, that's why. The automatic judgements you make in your post lead me to believe that you would treat people differently based on such information. People keep irrelevant personal information private to protect themselves from people like you.

Uh uh.

[morgan_greywolf]

Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol level The hell I will! No way, Jose. Fuggeddaboudit!

The last thing I need is an employer or potential employer tracking down my medical records. Or the CIA, NSA, ATF, or cybercriminals or any other organization or individual who wishes to covertly steal my personal data for nefarious purposes.

Do you know what your medical history contains and how it can be used against you? I do.

Hailstorm

[Saint+Stephen]

Remember Hailstorm? The plan was to expand Passport to first include calendar, todo, and some other web services, and then to provide an ActiveDirectory back-end for auth and ultimately to include all these kinds of services (including payroll and AR/AP data) in a massive cloud.

Privacy experts freaked out, but Microsoft never cancels anything.

microsoft vs security

[oktokie]

I personally think microsoft windows server is a great platform to build websites.
There are range of tools and cookie cutter stuffs already written for in asp/net allows very powerful function to exist especially inter-operate ability with different MS product like sharing outlook generated schedule via exchange server out to web portal.

However, putting medical records requires requires middleware between ms platform and medical softwares. I see this use of middleware becomes security problem here. Windows do not work very well when 3rd party glue is applied to the what seems to be rigid architecture it shares between products of ms. This inability to have full control over the protocol, situation usually involving previously unthoughtful of...should I say out of boundary for what original purpose of the software calls for...ends up becoming the problem.

Oktokie

And sell your health info back to you

[christian.einfeldt]

and require Microsoft Windows to access it.

No thanks.

Just look at what Microsoft is planning to do with Office Live or whatever they are calling it. You need to have Microsoft Office installed locally on your HD. All you are storing is your data. GNU Linux OSes probably won't even be able to run WINE to access those Office Live files. So even if they don't actually charge to access the data, it extends their reach into your life.

Except for the tinfoil hat crowd...not a bad idea

[notaprguy]

Putting paranoia aside, managing healthcare information is a major pain in the butt. I see this as a way for ME to control how my information is shared rather than my Dr. or my insurance provider. If this idea matures I can see how insurance providers and health providers would need to ask for the patients permission to exchange information rather than just doing it...which is what happens today. If you're worried about the CIA looking into your health information this isn't going to make the problem any worse. Perhaps a little medication might alleviate your stress on that...

Re:Monopoly Abuse. Re:Microsoft's successful formu

[everphilski]

It's nice of them to admit they are and be described as a one trick pony.

One hell of a pony ...

Re:unsubscribe

[Mister+Whirly]

"I'll be damned if any of my personal medical information will be entrusted to anything using M$ junk."

It already is. Look around your doctor's office next time you are there. See the computers? They aren't Macs now, are they?

You're easily troubled

[overshoot]

The thought that they could be responsible for securing my health history is particularly troubling.

If that bothers you, how do you feel about the fact that they're right, and you don't get any say in the matter?

MS has the marketing, economic, and political clout to get themselves the contract for keeping the health records for everyone in the USA. Washington is already salivating over the prospect of:

• Saving hundreds of billions on health care costs, and
• All of the money that companies will make from providing medical informatics services [1]

Curiously, they don't see any conflict between those two points.

One way or another, though, giving MS (or possibly someone else, but MS is the main chance) custody over your health records is well on its way to being a requirement for getting any kind of medical care in the USA.

[1] Sort of the way the FCC is drooling over all the money that the carriers will make from the spectrum they buy.

I worried that health companies will fall for it

[KWTm]

"... a strategy that borrows from the company's successful formula in personal computer software."
I'll bet this sentence is not going to go over too well with the slashdot crowd.

Unfortunately, it will sound nice to health care companies. I am involved in the healthcare sector, and I am worried that this will succeed, without the health care companies knowing (or caring) about the issues. Microsoft has the cash, the clout and the reputation for this. (Remember, to non-geeks, Microsoft is the premier computer company --lay people can't even tell whether Microsoft is software or hardware.)

The health care industry is greatly dependent on information technology, and is beholden to IT --without realizing it. People in healthcare have this attitude, for better or worse, that they are more important and special and have a unique place high on the totem pole, so they don't really see their vulnerability to some run-of-the-mill thing like IT, which is held with the same regard as the people who answer the phones or clean the medical instruments.

I just pray that Microsoft can have some high-profile screw-ups, maybe a few databases hacked here and there, that can reveal to non-geeks the dangers of having a convicted monopolist at the reins of the nation's healthcare info.