Slashdot Mirror
Microsoft Working On Health Information 'Vault' System
josmar52789 wrote with an article from the New York Times, discussing Microsoft's new push into the consumer health care market. The plan is to offer personal health care records online via a system called HealthVault. Numerous big names in the medical field have signed up for the service, including the 'American Heart Association, Johnson & Johnson LifeScan, NewYork-Presbyterian Hospital, the Mayo Clinic and MedStar Health'. The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities: "The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol levels. "
unsubscribe
Microsoft is starting its long-anticipated drive into the consumer health care market by offering free personal health records on the Web and pursuing a strategy that borrows from the company's successful formula in personal computer software.
I'll bet this sentence is not going to go over too well with the slashdot crowd.
This sounds like one horribly, terribly bad idea to me from a security standpoint.
Also, I can't help but believe that 'anonymous' information will be handed over to drug companies so they can 'research' their 'market'.
Some things are still best done with paper and pen.
Message contains 1 attachment: spam.gif
The last thing I need is an employer or potential employer tracking down my medical records. Or the CIA, NSA, ATF, or cybercriminals or any other organization or individual who wishes to covertly steal my personal data for nefarious purposes.
Do you know what your medical history contains and how it can be used against you? I do.
My blog
meaning, that is.
Read radical news here
defectivebydesign
What I'll find amusing is if Microsoft actually follows the legal protocol that such an application has to follow. There are many laws dictating how medical data get's stored, how, and how it is to be accessed. My guess is that MS will "do their own thing" and try to market it as a new feature, even if it breaks a couple laws or compromises our medical info.
Remember Hailstorm? The plan was to expand Passport to first include calendar, todo, and some other web services, and then to provide an ActiveDirectory back-end for auth and ultimately to include all these kinds of services (including payroll and AR/AP data) in a massive cloud.
Privacy experts freaked out, but Microsoft never cancels anything.
... since they lose money on virtually everything they do, short of Windows and Office. I bet they make money on keyboards and mice, too.
Well at least the Vault will always lock up...
Did you get that thing I sent ya?
M$ is aware that the medical industry is home to some of the strongest privacy and security regulations, are they not? Or are they going to use a few campaign contributions to relax or otherwise eliminate provisions in HIPAA and other regulations associated with medical records? Color me crazy, but with M$'s track record in the area of security, I wouldn't be so certain my medical records would be handled in accordance with US law...
The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities:
Yeah...That's gonna work out well. After all, whose products are more secure than Microsoft's?
Gifts for Geeks - Stuff that really matters!
Man if anyone could link Google searches to individuals we would know every person's medical condition.
Google Search: Itchy crotch
NSA: Hey Fred Smith has crabs again...lol
The company that gave us the ultimately secure Windows OS and the uncrackable Passport?
Say, are the people who are in charge of this living on another planet? I mean, even a non-technical person should have heard by now that "MS" and "security" in the same sentence are usually only used if there is also at least one of the group "flaw", "leak", "compromised" or "nonexistant" in the close vicinity.
In other words: How much was it?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Minneota eHealth is intending to share records. I just hope it won't require Microsoft technology. That would be sickening.
I personally think microsoft windows server is a great platform to build websites.
There are range of tools and cookie cutter stuffs already written for in asp/net allows very powerful function to exist especially inter-operate ability with different MS product like sharing outlook generated schedule via exchange server out to web portal.
However, putting medical records requires requires middleware between ms platform and medical softwares. I see this use of middleware becomes security problem here. Windows do not work very well when 3rd party glue is applied to the what seems to be rigid architecture it shares between products of ms. This inability to have full control over the protocol, situation usually involving previously unthoughtful of...should I say out of boundary for what original purpose of the software calls for...ends up becoming the problem.
Oktokie
Actually, 2 lotteries, one for how long it will take before this system is first compromised and the second for how long after that until MicroSoft admits that the breakin occurred.
I pick 6 months & 7 months, respectively.
Don Dugger
"Censeo Toto nos in Kansa esse decisse." - D. Gale
Nah... Like shooting fish in a barrel, there's no sport in it.
But I will say that the announcement did provide the best chuckle I've had all day.
I'm not about to give MS any person medical information.
Think Deeply.
and require Microsoft Windows to access it.
No thanks.
Just look at what Microsoft is planning to do with Office Live or whatever they are calling it. You need to have Microsoft Office installed locally on your HD. All you are storing is your data. GNU Linux OSes probably won't even be able to run WINE to access those Office Live files. So even if they don't actually charge to access the data, it extends their reach into your life.
So, great, they got their grubby hands on a copy of the HL7 schema and dropped in into an encrypted database. Whoop-dee-doo.
``...privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or...''
That sounds good. You actually get full say in who is allowed to do what, and "give permission" sounds like the permissions are secure by default.
I have about zero trust that Microsoft will actually implement this correctly and securely (I've seen far too many stupid bugs from them lately), but at least they're saying the right things. Not vague promises that it will be "very secure", but an actual description of the security controls they are planning to provide. Moreover, those security controls seem to actually provide the security one would want in such a system.
Please correct me if I got my facts wrong.
I don't trust MS to determine if my copy of Windows is Genuine, do I really think they can keep my medical history safe? Hell no. How long do you think it will be before they cut a deal to 'share' that information with marketers/insurance companies for a buck or two?
To Microsoft: NOT A CHANCE IN HELL. I'd prefer running naked through a pile of broken glass than let you have my medical information.
Pax Vobiscum
Must ... resist ... "whole new meaning of BSOD" joke ...
The Tao of math: The numbers you can count are not the real numbers.
Actually, I would have said "Let the CHAIR Throwing Begin!"
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Putting paranoia aside, managing healthcare information is a major pain in the butt. I see this as a way for ME to control how my information is shared rather than my Dr. or my insurance provider. If this idea matures I can see how insurance providers and health providers would need to ask for the patients permission to exchange information rather than just doing it...which is what happens today. If you're worried about the CIA looking into your health information this isn't going to make the problem any worse. Perhaps a little medication might alleviate your stress on that...
What does this mean? I hope it doesn't mean that there's no record of who it was that peaked into your medical records.
Same here; my health-records stored on Windows-Servers with Microsofts own software?
Won't happen.
this sig is useless
That world is already here. Google for "Medical Information Bureau".
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Let's not forget the best feature of all: They'll give the government a back door into it, in exchange for the government backing off on the anti-trust lawsuits, just as was done for a backdoor remote control into Windows.
Nah.
Just kidding.
Go on about your business.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Now not only Microsoft bad for the help of my computer but bad for my health as well. What's next my car... oh wait they're trying to get in there also, stereo - nope trying there, phone - ditto. I know, Microsoft isn't bad for health of my dog - yet. I can see it now microsoft dog, won't do what you say, will eat all of my documents not created in word or excel, will help burglars by opening the door for them and will need to be kicked every couple of days because it turns blue and keels over.
Doctor: I've examined you, and reviewed your MSMedicalHistory(tm) and it looks like you are in fine health, though I see your blood pressure is slightly higher than last time.
Patient: Well, work has been a bit stressful, should I worry?
Doctor: Not at all. It is still good for your age. Have you tried Halo 3?
Patient: huh?
Doctor: Video games are a great stress reliever. If you don't have an Xbox 360 with Halo3, I can put in an order for one for you. Have you had any other problems?
Patient: Sometimes I get a headache from staring at the computer too long.
Doctor: Hold on -- there, I've adjusted your screen resolution and font size on your home and work computers.
Patient: Umm.....
I've been wishing for a system like this, but on a much more mandatory basis for some time now. It is one reason I am in favor of a universal health care system, where all hospitals, clinics, doctors, etc. have access to a single health care information system. Anyone who's been to an emergency room can see the benefits of such a system. Instead of playing 20 questions with the emergency room docs and hoping you don't leave out anything important, they can instantly download your file. They don't' have to request it from your doctor and they get an instant snapshot of your health records. What are you allergic to? Did you have surgery recently? Were there any complications with said surgery? The point being that if I am on vacation and need medical assistance, the doctors will have all of the same information my personal doctor has. Given equally skilled doctors and equally equipped facilities, I will get the same quality care.
Of course, there are some downsides, but they are mostly the tin-foil-hat-wearing kind. A central database of your health records could be infiltrated, thus compromising your privacy. There are a lot of people who would want to know how healthy you are, but it's really none of their business. This could be potential employers, political competitors, etc. Security would have to be a number one priority of such a system. Unfortunately, you can never be 100% secure. That's why I'm unhappy Microsoft had to be the one with the initiative. Any Slashdotter worth his salt is aware of Microsoft's security track record. And of course all of those electronic documents will be in a proprietary format (and yes OOXML might as well be proprietary). But at least maybe someone else who knows how to do it right will decide to compete. At least the issue is being raised.
"It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
Given Microsoft's track record in the last 20 years for security flaws, I don't think I'll be participating with this one. I'd rather my personal and medical data be safer locked in a nice, strong FILE CABINET, thank you very much.
It understands neither security, nor the enterprise market. The thought that they could be responsible for securing my health history is particularly troubling.
Yes, I understand that a lot of healthcare providers use MS products internally. However, gaining access to that information requires a concerted attack against a particular target, rather than just "listening" on a wire for healthcare info... The difference is that attempting the first is a crime, while even succeeding in the latter is not. Knowing Microsoft, they're going to leave holes in their scheme somewhere, and crackers will have exploits ready soon. Knowing Microsoft's lawyers, their licensing/contract with the provider will absolve them of any responsibility whatsoever.
I mean, think about it: if Microsoft cannot prevent their OS from being cracked and pirated (which they do value), how could they possibly have the means and motive to protect my health information (about which they could care less)?
Very troublingt indeed.
The society for a thought-free internet welcomes you.
Microsoft better not botch the security on this one, there's alot of people whom don't look at medical records as numbers that can just be reset in a database & make things all better.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Why do I have a feeling that no one will ever be able to implement a medical records application, which is simultaneously able to interoperate with HealthVault, and also not run on MS Windows?
As a customer, you have to be fucking crazy (and downright hostile to your stockholders), to want more MS lock-in. Auditors, if any of your people don't look terrified by this, start looking for kickbacks. By trying to start a new monopoly, Microsoft is actually doing a wonderful thing: showing you exactly which employees are trying to rip off your company.
"Believe me!" -- Donald Trump
Oh -- and it uses your Windows Live ID All of your medical, financial and communications information under one Microsoft password (if MS has their way).
It's enough to give me a heart attack.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
C'mon - I don't even trust MS to write a secure operating system - let alone a healthcare information system.
Better watch it MS - HIPAA will not be your friend, and you'll probably find that you end up paying more in fines than you'll ever make in revenue.
You have to meet all kinds of restrictions and security levels that Windows today just hasn't been able to meet.
Who is general failure, and why is he reading my hard drive?
he personal information, Microsoft said, will be stored in a secure, encrypted database.
Its said that if you think encryption is the solution to your problem you don't understand your problem. Where are they going to put the access keys? How will they authenticate users? What does encryption have to do with any of this, anyway? I think they have bigger challenges, like actually enforcing access control.
Who decides who can access MY personal Medical history? I'm the only person who should have that right. not my doctor, not my insurance company, not my government, and most definitely not Microsoft. I am wondering how long it will take for my info to appear in the database, since I'm certainly not going to approve the transfer unless under duress.
Given Microsoft's proven track record on ethics, reliability and security, I daresay you would be hard pressed to find a better candidate to providing life-critical services such as this one. I will rest easy knowing that my medical files as secure, that they will always be available to my doctors when needed, and that all that information upon which my very life my depend will be properly stored without mistake.
Pure vapor. Again, Microsoft sees other people making money, gets mad, issues a vaporware press release. This one sounds like it may have taken an hour or so to write. If there ever is a finished product, you just know that it won't even resemble what they are talking about here. Go back and read old Microsoft press releases if you doubt me.
Is it just my observation, or are there way too many stupid people in the world?
See this NYT article on both services
It's nice of them to admit they are and be described as a one trick pony.
...
One hell of a pony
Get my point?
How long do you think it is going to take before you have to give permission to prospective employers to see your complete file? Longer than it took before almost everybody has to undergo a credit check before being hired?
http://www1.va.gov/CPRSdemo/
It's going to be built on Microsoft Access, right?
In order for the consumer to authorize a physician to see some of the data in the vault, both sides need to have a Windows Live ID.
I feel the same way. The problem I see is what if my caregivers decide to subscribe to this MS service? What hoops do I need to jump through to revoke my HIPPA agreement with them? Can I?
Microsoft doesn't have a good security track record. Their marketing is pretty damn good. My doctor doesn't know they are incompetent in the security arena.
This is scary.
The more likely thing is some office worker throwing your file out in the trash or getting his/her laptop stolen.
I have a far better idea...
Make the doctors give it to YOU.
You want to control how information is shared? Then do the sharing yourself. Keep the data yourself and determine what you will share and what you wont.
This needs to be a desktop app with a defined format, not some Orwellian data mining operation.
Keep your own medical records.
A Pirate and a Puritan look the same on a balance sheet.
But your information is stored in a vault!
Er, you're right, I'm not comfortable with that either.
Now, if it was stored in a lock box, that'd be a different story...
"I have no special gift, I am only passionately curious." - Albert Einstein
to not trust MS to secure a horse to a hitching rail?
Enlightenment? It's just a flush in the pan.
Considering this initiative is suppose to span multiple states, multiple health plans, etc. then I'd be curious to see what will be used as the index key. It's not likely going to be individuals health plans policy number, so will they use name, DOB, and location?
Judging from http://www.namestatistics.com/ there will be lots of duplicate name combinations. People are always moving and not updating their address so that would not be kept up-to-date. Plus what do you do with someone who's legal name is Thomas but registers in this Health Vault as Tom?
All of these issues can be overcome ie: postal address verification software, common name comparison software, etc. However there will always remain a need for some manual intervention for ones that cannot be adjusted by software. Who's going to foot the bill for the manual intervention or even other costs associated to this vault? This is a huge endeavor and this "news" announcement really doesn't address any real world issues that this vault will encounter.
WoW! Is there going to be a health care industry in the US? Honestly, it looks like a health insurance industry (the two are are polar opposites).
Must. . . never. . . go. . . to . . . doctor. . . again!
Ugh!
Error: Could not find liver.dll
Seems to be a conflict with Alcohol 120%.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
In the article, they state that the user/patient controls everything. Now, while I already doubt this, it's written that the user has to permit (once) what your doctors can store in this "vault" and what not. I guess they have to implement this security measure, health-records are very valuable and potentially dangerous data. Without the patient being able to decide what gets there and what not, there would be quite some resistance in various countries.
I trust I can refuse to have my data stored there.
this sig is useless
Get over it.
Lacking <sarcasm> tags,
That sounds good. You actually get full say in who is allowed to do what, and "give permission" sounds like the permissions are secure by default.
Prepare to see a new waiver in the stack of crap you have to sign when going to a new doctor's office requiring you to give permission for full access to your records for any purpose not prohibited by law.
This will happen because doctors will not want to spend time having you okay access to each locked off section of your records that they might need, and they sure as heck don't want to spend time arguing with you about it when it's something you find embarrassing and don't know may be relevant.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Of course the merits of using an OS that is a prime target for information theft like Windows can be debated all day long. I don't really see much of a problem with accessing an online database with a 256bit SSL connection though. People do it all the time for their online banking transactions, and not all of them are doing it with a Microsoft operating system. I can pretty much bet that MS will require IE7, ActiveX and all of that nonsense, but you never know... there might be a Java API for it.
Well, if there is one name that I both hold trustworthy enough to guard my private medical data and also associate with a proven history of excelence in computer security, it's Microsoft. But isn't there a danger that the data will be rather skewed towards insanity based on those who choose to opt in?
I'm an American. I love this country and the freedoms that we used to have.
does that mean i wont have to fill out the same monotonous bullshit every time i go to the doctor?
Anyone creating this article had to know it would spark debates on trust. Could this just be someone in marketing measuring the current trust level of Microsoft as a company? I would not be surprised to see a similar post about placing a large portion of trust in some other company for their comparison.
MS has the marketing, economic, and political clout to get themselves the contract for keeping the health records for everyone in the USA. Washington is already salivating over the prospect of:
- Saving hundreds of billions on health care costs, and
- All of the money that companies will make from providing medical informatics services [1]
Curiously, they don't see any conflict between those two points.One way or another, though, giving MS (or possibly someone else, but MS is the main chance) custody over your health records is well on its way to being a requirement for getting any kind of medical care in the USA.
[1] Sort of the way the FCC is drooling over all the money that the carriers will make from the spectrum they buy.
Lacking <sarcasm> tags,
The Truth Machine or The First Immortal anyone?
:)
I seem to recall one went into the database/vault/whatever you wanna call it in more detail than the other (I think it was the first one), any other Halperin fans out there?
PS: If you haven't read either / both, both are available for download & IMHO well worth the time.
Sorry to get your site slashdotted, James
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
We do suffer, indeed people die, from an inability to rapidly and accuragtely get complete medical information on someone. The basic idea of a secure database of medical history is, in my opinion, quite sound. The problems are security and abuse. The instances of hacking of companies like Microsoft and Googe are rife. Certainly, our money is online and I won't say that Citigroup or TeleCheck are immune to hacking either; but they do seem to have a better record. There is, correctly, a concern of MS finding ways to mine this information that it considered legal and disrupting privacy. I won't go as far as to condemn a program I've never seen the particulars of; but I am very wary of it.
I am assuming that since it is a Microsoft system that it will be hosted in the USA.
It therefore cannot lawfully be made secure.
Any information in any computer system operated by an american company must be made available (secretly, MS will not be allowed to notify you) upon request from an american government agency like homeland security or the CIA.
This is a total non-starter for citizens of other nations like for example Canada.
In fact, I doubt this service would even be compliant with Canadian or European privacy laws.
All that being said; I do like the idea. We just need it to be an open source system that can be deployed and operated by more trustworthy organisations.
Sssh! They might here you.
From the fine article: "It's going to be a long journey," Mr. Neupert said. "To make a difference in health care, it is doing to take time and scale. And Microsoft has both." The advantages of the EHR is that all the doctors a patient sees have instant access to all the patient's medical history. This includes the results of diagnostic tests (X-Rays, MRIs, CT-Scans, Endoscopy, Colonoscopy, allergies, etc). The theory is that we'd get better results from the healthcare system if only practitioners had better information. While better information might help a little bit, and also would probably help reduce the amount of duplicate tests ordered, better sharing of this kind of information will make little difference in patients' outcomes.
There are various philosophies of healing, and to make a difference, a more effective philosophy than 'allopahty' has to be adopted. Allopathy - a derogatory term coined by a homeopath for his competitors who used drugs to counteract an illness' symptoms - has become the definition of the practice of Medicine in the United States. From the Arizona Revised Statutes:
Don't get me wrong - modern medicine has done extremely well with getting to the core of many medical problems. Emergency medicine is also a fine art, with which I have no qualms.
But allopathic medicine is mostly powerless to deal with most chronic degenerative disease. Sure, the allopath will prescribe something to help with the symptoms, and sometimes surgery is the best that one can do under the circumstances (severe knee degeneration, for example). But it's better to treat the cause of the problem before the patient is on their deathbed.
But treating the nearly-dead patient is much more profitable for the system (hospital chains, equipment manufactures, pharmaceutical companies, G.E., etc) than lifestyle changes early-on in one's lifetime. For example, in The Great Modern Glucose Poisoning Epidemic, it's much more profitable for the system to wait for a pre-diabetic to develop full-blown type 2 diabetes before begining treatment...
I'll just refer to two of my previous posts (here and at kuro5hin.org) for supporting links/commentary:
the fundamental problem with insurance
links on how healthcare became screwed up
Learn the rules so you know how to break them properly.
www.teslabox.com
I was taking a more circumspect route instead of your more direct opinion. (correct IMHO)
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Some people call it paranoia to assume that these kinds of systems will be hacked but I've received 3 notices this year from companies letting me know that my personal information may have been stolen from their system. The company handling the data only has to make one mistake (or the software only has to have one security flaw) for some clever, determined hacker to gain access. They always talk about making these kinds of things voluntary but it could easily end up feeling compulsory. Primarily, this would appear to make things easier on health care providers. If they figure out that the new system it's cutting their costs they will do everything in their power to force you to use it. They may never be able to make it a requirement for care but they will find ways to apply pressure. It may eventually become the de facto way in which everyone's information is stored. Saying that something is voluntary and thus ok, is a huge cop-out.
online accessible but highly secure service
When given such statement it is important to remember that you can pick one and only one option. Everything else is wishful thinking.
HPC for Primates. Read Cluster Monkey
If you want that service for yourself, fine -- sign up with MedicAlert who have been doing that sort of thing for 50-plus years, and emergency responders are all trained to look for the MedicAlert tag. They're also a non-profit, which I'm inclined to think makes them more trustworthy than Microsoft.
There are some other outfits that have similar services -- Divers Alert Network (DAN) comes to mind, also a non-profit, they're specialized for divers and offer a number of related services (training, etc - they're associated with Duke University Medical Center).
-- Alastair
Unfortunately, it will sound nice to health care companies. I am involved in the healthcare sector, and I am worried that this will succeed, without the health care companies knowing (or caring) about the issues. Microsoft has the cash, the clout and the reputation for this. (Remember, to non-geeks, Microsoft is the premier computer company --lay people can't even tell whether Microsoft is software or hardware.)
The health care industry is greatly dependent on information technology, and is beholden to IT --without realizing it. People in healthcare have this attitude, for better or worse, that they are more important and special and have a unique place high on the totem pole, so they don't really see their vulnerability to some run-of-the-mill thing like IT, which is held with the same regard as the people who answer the phones or clean the medical instruments.
I just pray that Microsoft can have some high-profile screw-ups, maybe a few databases hacked here and there, that can reveal to non-geeks the dangers of having a convicted monopolist at the reins of the nation's healthcare info.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
Please, please, please.... let it run Linux!
Needless to say, this is a bad idea.
Paranoia? tin-foil hats?
when an agency does something a few times you consider it paranoia to suspect that they might do it again?
This comment has probably been made by somebody else already (I didn't check), and since I'm about to walk out the door I neglected to read TFA, so go ahead and mod me redundant/offtopic/etcetera.
This is an excellent way for MS to lock in the Hospital/Health Service market. If they require IE to interact with this website, they're in like Flynn; I can't think of many reasons a health services establishment would want to turn down a service like this.
oo
I'd rather have some small company that has to build up trust and earn the respect of the healthcare industry, rather than some big convicted monopolist that has enough cash to do what it wants with impunity, and has enough monopoly-generated momentum that it can market an OS like Vista and make statements like "Google's success was only because of us!"
If Microsoft was unable to enter the health info industry, then the healthcare sector would demand non-proprietary formats for their data from the small companies that provided health info services, in case the company folded. But this won't happen with Microsoft because of the MS clout.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
I know a few provinces in Canada have adopted or will be adopting a system like this. Ontario has suggested paying $500 Million for a full implmentation of such a system. I believe the UK already has a system like this.
The best part is that the system should have records of all your drugs and if you had a bad reaction to a family of drugs. That way if you happen to see a different Doctor or forgot that you have bad side effects to a drug you took 20 years ago the system can catch it and flag you at the pharmacy counter.
The largest cost is ensuring secure access to those various location and only providing the right access to view only certain data, update certain fields, and insert certain data. Lots of various roles and permissions.
In principle it is a good idea that could reduce long term cost, provide faster responses, provide more accurate data, etc.
My Sig indicates the end of the comment I posted.
They are implementing quite a different system, which will actually pass the BC privacy standards... which aren't as strong as they could be. See http://www.oipcbc.org/publications/speeches_presentations/speech_04.html for an idea of just how hard this is for personal medical records.
--dave (who has worked on personally identifying health information in the past) c-b
davecb@spamcop.net
To me, security is not even the question. The question is that health care has been persuing open standards (like HealthLevel7) and Microsoft and open standards do not mix - at least, that has been Microsoft's track record and policy for more than 20 years.
Governments have a huge stake in this. Anything to do with Microsoft-only solution is bound to hurt the public health sector. I understand that, the public health sector being virtually non-existent in the U.S., this doesn't represent a big problem there. Nevertheless, it's sad to see big names like the Mayo Clinic or the American Heart Association embrace this thing so eagerly. The problem is, this will be used in other less developed countries as an example. "If it's good for the AHA, it's good for us" mentality.
This is yet-another instance of Microsoft monopoly.
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
That's what this is for, an online tool to manage your own health records. And it interfaces with some popular home medical devices such as blood pressure and blood sugar monitoring, which means you don't have to worry about recording it in a journal (which most people are too lazy to do). If you've ever had to fill the same damn personal history form out again and again, you know why this might be useful. Also, you can edit it to show whatever you want. It's getting to the point where we are going to have to take care of ourselves. There are simply not enough doctors. Use this to keep yourself healthy, move all of your insurance to high deductible plans, fund a Medical Savings Account or HSA and start taking back your medical options.
This might not be THE solution, but it's definitely a niche someone WILL fill. I don't know if M$FT is the ones to do it or not, but they are basically the only player in consumer software, so why not have consumer medical software.
I expect Google will find a non-evil way to do this exact thing. I'm telling you all, this is the killer industry for the next 20 years, and whoever figures out a way to save us is going to win big.
Cool! Amazing Toys.
Sounds like they're trying to compete with InterSystems HealthShare.
Should I just get a MySpace page and post my medical records on it?
Stick Men
Medical records SHOULD be managed by a company that has a history of writing software that: deletes data unintentionally, crashes, provides gaping security holes and reduces access via proprietary APIs. Yeah, this is definitely a way to make health care even worse. Exchange has done an outstanding job ending two decades of reliable email delivery.
Just what I thought the next step for WGA was going to be......
Windows Genome Advantage
It's called Indivo Health, formerly known as Ping on Sourceforge. It's been around for years and it is LGPL licensed. There's been some recent activity with the Dossia Group. More information and links here. -- IV
http://www.LinuxMedNews.com Revolutionizing Medical Education and Practice.
Seriously. Let me urinate and let it tell me what I need to know. Incorporate some sort of medical scanning equipment on it. Let me keep my records to myself.
How could that possibly be worse than the combination of Microsoft and doctors?
What is is all that is. Isn't that obvious?
My other fear is that this system becomes a defacto standard for getting ANY medical care in the future, much like the Social Security Number has. Yes, you can try to use a distinct number other than SS#, but you'll have to take twice as long to get stuff done. In the future, you can expect any hospital, doctor or pharmacy to REFUSE to treat you until you turn over ALL info on file. After all, drug interactions, etc....
judging by the track record of software 'bill' produced, actually probably anyone will be able to steal anyone's dna from that database
Read radical news here
Maybe the could put Windows into the "Vault" and finally figure out why it has all these bugs and skin problems.
Just wondering if Google will index the data base and show in the search results?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Whats worse, is the average doctor's office has at least a few legacy, broken, or half-assed attempts at computerized record management lying around. There are plain old incompetent vendors, vendors who suddenly go out of business, vendors who suddenly have incompatible platforms if the doc decides to change partnership affiliations, no backups, etc. Ask your doctor about his IT adventures next time you visit - it will be an eye-opener. And if you're an IT professional, I defy you to think of something you can do within the constraints of the doc's budget and operating requirements, except 1) Go back to paper, or 2) participate in some kind of online venture like this (and there are lots of others.)
What could possibly go wrong? Well, online banking isn't exactly a big disaster. Why would this be any different?
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Assuming this works and the health care industry buys into it, this is bad news for the market. This network will undoubtedly turn into a corporate cash machine full of back room deals, privacy violations, and targeted advertising. It's bad enough that credit information is available to the highest bidder. I don't want "sterilized for my privacy" versions of my health care information being floated out to anyone with a checkbook.
I swear to God...I swear to God! That is NOT how you treat your human!
So...when they strip all of what they claim as personally identifiable information out and sell it to insurance companies then what? The insurance company goes through their database of customer claims, match it up to the records, and in one quick motion have your entire medical history. Woo lookin forward to that day.
The only change I can believe in is what I find in my couch cushions.
Dude...this is about you controlling the information. I suppose MSFT or somebody else could build a desktop application that holds this stuff but that's not particularly practical for easy access by health care providers or insurance companies. The idea is that you can grant permissions to specific stuff that you WANT to share WHEN you want to share it. You're in control. You can question the ability of MSFT to execute this in a way that works and is secure but the idea is cool. I read somewhere that something like 15% of all Web queries are related to healthcare. That means that there are dozens of millions of people every day who are using the Web to help manage their health related stuff. This is just another way to make that work better IMHO. PS. I bet MSFT or someone else could easily write a desktop app that would store this info locally and then allow you to sync it up with a Web site when you want to.
Its it fairly insane, I wouldn't expect, nor consent to a credit check for employment unless it was employment that involved working with very sensitive information (in which case it would presumably be carried out along side background checks and criminal record checks etc. and may be justifiable) and I trusted the potential employer, criminal record checks are fine but my credit history, good or bad is not their business.
As for health checks / access to medical information, I would under pretty much no circumstances allow it, it is none of an employers business, if they have a specific requirement for a specific job (a job that requires a certain level of fitness for example, not simply to figure out if I had 1 or 10 sick days in the last 5 years)then fair enough, they can ask and give reasoning, but a license to access things they don't need would not be forthcoming.
I should point out that I am not in the US, and cant think of a single time that either was requested - outside of government work, but then I have fairly decent references...
This will probably crush a couple of small startups - like my previous job here:
www.ndma.us
(National Digital Medical Archive)
NDMA never did get all the bugs out. It was a little slow and lacked some key xml protocol sharing features. Security and never losing a file are a legitimately difficult task, in itself, and that was addressed. Maybe Microsoft will come up with better ideas than NDMA did. The protocol for the application there was terribly slow, but the website to access the information eventually came through.
Selling anonymous data is, unfortunately, a necessary evil. It's already happening, all Hospitals require you to sign things on joining that will give them rights to sell your data, with your name and ID numbers removed. Doctors do truly need that information, especially for disease outbreaks and drug treatment information. This system by Microsoft just makes it more practical.
With Microsoft entering, it probably means Oracle, IBM, and maybe Sun will as well. There's tens of billions of dollars to be made.
-Ben
I am in the IT healthcare field at present and have had a look at EHR (Electronic Health Records) and other iniatives. For an overall healthcare experience the data is one component of the quacks keeping me alive. Process is the other. I recommend looking at IHE (Integrating the Health Enterprise) and what they are trying to achieve using existing and open standards. Here is the intro from their website.
IHE is an initiative by healthcare professionals and industry to improve the way computer systems in healthcare share information. IHE promotes the coordinated use of established standards such as DICOM and HL7 to address specific clinical needs in support of optimal patient care. Systems developed in accordance with IHE communicate with one another better, are easier to implement, and enable care providers to use information more effectively.The weathers here - Wish you were beautiful
If this idea matures I can see how insurance providers and health providers would need to ask for the patients permission to exchange information rather than just doing it...which is what happens today.
Um... wha? Who the hell are you going to? I had to have medical paperwork with all my doctors that authorizes them to communicate with my insurance. I had to sign a HIPAA form at my pharmacist's place. My doctors all had me sign forms which laid out their privacy policies, and they ask for my permission before they share information (or, more often, I have to have paperwork that details who ordered tests and who will receive copies). I even still have my privacy agreement from my dentist.
If your health providers are just wantonly sharing your information, find new ones or sue the pants off them.
I'm sorry I didn't specify that I was talking about the US. I recently moved here from Belgium and it is amazing how much power companies have over here. I haven't come by a company yet that didn't do a complete background check (criminal, credit and previous employers). before hiring you. The lower the pay, the more intrusive they tend to be. I had several companies that required me to sign waivers, allowing them to act in my name and enabling them to circumvent the few privacy laws that exist here before even considering me for a position. I'm really afraid that once such a system is in place here companies will require to give them access to our health history
So is MS an "OMG PONIES!~" or an "invisible pink unicorn"-like pony?
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
I think this may be the best thing Microsoft has ever done with their monopoly.
I will create a sig when innovation restarts in the U.S.
Are they jumping at Vista? No. They aren't really jumping at XP either. 2000 Pro is what I see a lot of.
Hell, do you know how many nursing stations, in 200-300 bed hospitals, pass med orders to the pharmacy?
FAX. As in they fax the order down to the Pharmacy and the Pharmacists/tech prints it out and puts it in an INBOX. I've seen pneumatic tube systems for Christ's sake, and not just in rural LTACs.
Hospitals don't jump on new technology EVER. Never ever. Never ever ever.
OK, not exactly true. Big hospitals jump on tested technology all the time. The rest don't have the funding, nor the legal support, to do so.
In the US Healthcare services consumption is rising in proportion to the aging of the Baby Boomer generation. Add to this the fact that there is a severe shortage of Quality staff, and you have a MAJOR problem. Since most hospitals run in the red due to Insurance companies woefully inadequate rates for payments on procedures, retroactive denials, and games played with payment timing - and you have Hospitals who are effectively working as banks.
Let's not even add to the issue by introducing patients WHO CANNOT ACTUALLY PAY for services that cannot be legally denied.
So is Microsoft going to piss off Hospitals? HELL NO. Hospitals want this type of thing, FROM ANYONE THEY CAN AFFORD, even if only to save on labor costs for the manual tasks they execute now in order to emulate this functionality. Hospitals are being legislated into implementing EMR. What makes you think the existing McKesson, Cerner, or any other big Healthcare software company for that matter is making this same functionality available for a reasonable price.
They aren't. In fact, you should be more pissed off at the fact that these big HC software companies want to charge $50,000 for their HL7 connectors to put data INTO their systems. That's called a API in techland, and its usually much cheaper than that.
What I'd like to know if this is recent, I would expect that in a country with apparently low unemployment figures and therefore presumably a very competitive employment market for employers, would be one where everything favours the employee, you'd expect rising wages and benefits and good treatment from potential employers, not the opposite. I certainly wouldnt expect nor tolerate much of what you describe for any position, much less a low paying one. (As I said in my previous post, there are certain very specific circumstances where this kind of intrusion is justifiable, working at a local supermarket or in an unskilled position certainly do not qualify, working for a government agency or in a significant position of trust may alter that a little but not totally negate ones expectation of privacy. Not to mention that there should be legislation preventing abuses of this kind of thing.)
You would expect that. I don't know if you saw the latest movie of Michael Moore "Sicko". In this movies he explains that a lot of workers are held hostage by their college debt and the high health insurance cost. Typically a college student starts his career with 30 to 60 thousand dollar in debt and a good health insurance for your family is easily a 1000 dollars a month. You better find a job quikely before you get sick or the debt collectors are at your door. You also have to take these unemployment figures with a grain of salt. Working full time for walmart or consorts doesn't get you enough to rise above the poverty level. A lot of people work 2 jobs to make ends meet. Also a lot of people that shouldn't have to work - retired, handicapped or sick - work at these placed to be able to pay their health insurance. I don't know why people here accept it - in Belgium I would have been protesting about it - but here i'm an immigrant so I feel I have to follow the mores. Perhaps I'll change my mind later, but for now I try to work in their system.
So let's pretend this product was called Google Health ( http://blogoscoped.com/archive/2007-08-14-n43.html ). Everywhere the summary/article says "Microsoft" substitute in "Google" and anywhere it says "HealthVault" sub in "Google Health". Push your imagination really hard here.
(I just wanted to point out: I'm not taking sides. I've been on the payroll at both companies... http://brandonbloom.name/resume.html )
http://brandonbloom.name
OK now I am amazed, given the 1000 dollars you show as the monthly cost of healthcare + servicing student debt, I thought Id just check to see how much comprehensive private health would cost me in the UK if I went private, the quote was £57/m or about $114 for me and my partner, never mind the fact that we'd be covered under the NHS, next off as far as collage debt is concerned, my partner pays maybe £150 a month on her university loans of £12k ($24k), so that's a total of about $300, throw in repayments on a £100,000 ($200,000) home at £600 ($1200) and at $1614 were still $386 short of that, I'm fairly sure that covers my monthly travel costs.
So it would appear that there is some gouging going on, something that especially impacts on the less wealthy, and on top of that we have this extremely intrusive employment process. I think I am finally beginning to understand this whole 'big business' dominance and lack of consumer rights that you hear about the US, I mean I am and have been aware of them, but I have never quantified them in this manner.
Thanks for that, food for thought. Oh, and yes I think there would be a bit of an outcry if the situation were the same in Europe, if only from the unions, I would hope our politicians dont have the nerve to attempt to emulate the US in these matters.
I had a $20 copay and $500 deductible which meant that each time I went to a doctor I would have to pay $20 until the deductible was used up and after that the insurance would pay everything.
What really amazed me that if you weren't insured the doctor would charge you more than if you were. My GP charges $85 when you are insured and 115 when not insured. It seems they have agreements with the health insurance companies to lower rates if the health insurance companies sends patients to them.
Oh Fuck
The words "Microsoft" and "secure" are in the same sentence. Heaven forbid!
Seven puppies were harmed during the making of this post.
...will start being entered into a Microsoft database, as soon as all my patient's release this info to MS AND someone pays me for the time it takes to enter it. In other words...never. There is just no incentive to physicians to start entering their patients' info into this database. And for all those of you who say, "well then six different people won't have to ask me what drugs I'm allergic to." I say tough. If you are really that concerned that an ER has an accurate medical history on you even if you are unconscious, then pay someone to do a thorough history and physical exam. Get a copy and give it to your emergency contact. Shrink it down to fit in our wallet/purse and wear a bracelet that says "My medical history is in my wallet/purse, call my friend XXX for more info". It will cost you about $150 and ANY ER will be able to use it.
Check it out!
Have we all forget about Google's upcoming offering? Unlike Microsoft they have WONDERFUL respect for our privacy. I can see it now. "Do you have Erectile Disfunction? Try this new creme!"
this is just an ingenius and way-stealth method of making private medical records really really really really easy to get into.
I can't wait to learn the medical histories of Ballmer and Gates, maybe view the ex-rays that show exactly how far up his ass Darl McBride's head actually is.
Some of this appeals to me, some just confuses me.
For example, being diabetic, I'd love to be able to record data on my blood glucose, blood pressure, weight, injection sites and so on using a web app. I could pull of graphs and generate a report to take with me to my clinic checkups, saving me the hassle of taking paper versions or trauling through the memory in my glucose meter. However, even if they did go into the detail I wanted, I wouldn't trust Microsoft with the data, and the web app would probably be a pile of buggy crap anyway.
The most crazy thing though is that they want hospitals to push test results to the patient's record on HealthVault. This is such a bad application of technology. It's fabricating a solution to a non-existant problem. If your result warrented discussion with your consultant, the hospital would push the result to your profile on HealthVault anyway, then you'd get a call to organise a date to go into the hospital for a chat. If not, you don't hear anything from them - if you really want to know, you pop into the hospital as they rightfully won't give the information out over the phone. There's no problem with this. Pushing results to HealthVault is completely unnecessary.
Boggles the mind. It really does.
Everyone who says "But now my hospital will send my info to a central insecure database and it'll be hacked...." has been asleep for a few years. I work at a hospital and we send your records not to one central database, but to dozens of central databases. The state cancer commission, infectious disease control, health and human safety, insurance checkers, bill scrubbers, etc, etc, etc. Many of these are mandated by law. So if you think one database might be hacked, how secure is your info residing in 20 databases? Good luck with all that.
we all know Microsoft couldn't build stable software if there life depended on it. Now other peoples lives depend on it. This can only end in tragedy
The companies you've been hearing from are barking up the wrong tree. If they do find a way to subvert the intent of the law the Secretary of Health and Human Services will simply issue a statement invalidating whatever loophole they thought they had. The legislation is set up that way, so that it can be effectively amended without the hassles of representative government.
Moderation -1
100% Flamebait
TrollMods don't even want their own privacy, when they could sacrifice it at their Microsoft altar.
--
make install -not war