Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Working On Health Information 'Vault' System

Posted by ryuzaki0 on from the vaults-can-be-cracked dept.

josmar52789 wrote with an article from the New York Times, discussing Microsoft's new push into the consumer health care market. The plan is to offer personal health care records online via a system called HealthVault. Numerous big names in the medical field have signed up for the service, including the 'American Heart Association, Johnson & Johnson LifeScan, NewYork-Presbyterian Hospital, the Mayo Clinic and MedStar Health'. The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities: "The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol levels. "

21 of 314 comments (clear)

  1. unsubscribe by Anonymous Coward · · Score: 4, Funny

    unsubscribe

    1. Re:unsubscribe by Mister+Whirly · · Score: 4, Insightful

      "I'll be damned if any of my personal medical information will be entrusted to anything using M$ junk."

      It already is. Look around your doctor's office next time you are there. See the computers? They aren't Macs now, are they?

      --
      "But this one goes to 11!"
  2. Microsoft's successful formula by us7892 · · Score: 5, Funny

    Microsoft is starting its long-anticipated drive into the consumer health care market by offering free personal health records on the Web and pursuing a strategy that borrows from the company's successful formula in personal computer software.

    I'll bet this sentence is not going to go over too well with the slashdot crowd.

    1. Re:Microsoft's successful formula by h2_plus_O · · Score: 3, Funny

      Nobody, not even slashdot users, can deny that.
      you must be new here.
      --
      If there's one thing I won't stand for, it's intolerance.
  3. Uh uh. by morgan_greywolf · · Score: 3, Insightful

    Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol level The hell I will! No way, Jose. Fuggeddaboudit!

    The last thing I need is an employer or potential employer tracking down my medical records. Or the CIA, NSA, ATF, or cybercriminals or any other organization or individual who wishes to covertly steal my personal data for nefarious purposes.

    Do you know what your medical history contains and how it can be used against you? I do.
    --
    My blog
    1. Re:Uh uh. by nine-times · · Score: 5, Interesting

      Well, yes, there's a potential problem any time you put enough personal information into one place: sure, it's more convenient for the appropriate people to access, but it's also more convenient for someone to steal.

      My bigger concern, however, is that this is Microsoft proposing this. It makes me want to vet the idea for possible abuses. Beyond the obvious privacy concerns, is Microsoft going to make it accessible only to Windows Vista machines, thereby forcing the entire medical system and any potential clients to upgrade, followed by years of lock-in?

      Even if such a system is going to be set up, I'd rather someone with a good track record build something that makes use of open formats and protocols. I'd like to know that my family's medical records aren't going to go up in a puff of smoke because Windows Update decided my Office license wasn't "genuine", or something other bizarre thing.

    2. Re:Uh uh. by jimicus · · Score: 4, Funny

      is Microsoft going to make it accessible only to Windows Vista machines, thereby forcing the entire medical system and any potential clients to upgrade, followed by years of lock-in?

      Not at all. It will be web based, and provided you're running Internet Explorer 8 you're fine.

      Oh, didn't we mention? IE 8 will be Vista with SP1 only.

  4. "Blue screen of Death" to have a whole new by unity100 · · Score: 5, Funny

    meaning, that is.

    --
    Read radical news here
    1. Re:"Blue screen of Death" to have a whole new by Joe+the+Lesser · · Score: 4, Funny

      Error: Could not find liver.dll

      --
      "I only speak the truth"
      Karma: null(Mostly affected by an unassigned variable)
  5. Hailstorm by Saint+Stephen · · Score: 3, Insightful

    Remember Hailstorm? The plan was to expand Passport to first include calendar, todo, and some other web services, and then to provide an ActiveDirectory back-end for auth and ultimately to include all these kinds of services (including payroll and AR/AP data) in a massive cloud.

    Privacy experts freaked out, but Microsoft never cancels anything.

  6. Google Searches too by svendsen · · Score: 4, Funny

    Man if anyone could link Google searches to individuals we would know every person's medical condition.

    Google Search: Itchy crotch

    NSA: Hey Fred Smith has crabs again...lol

  7. Re:Oh yeah, triple secure. by Em+Adespoton · · Score: 5, Insightful

    This sounds like a horrible idea to me from other standpoints too:

    1) Medical professionals never like patients to have full access to their records, as if a patient misunderstands something on their file, their life could be at stake based on the decisions they make.

    2) The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.

    3) The system appears to be designed so that MS can sell aggregated data to drug companies and insurance companies. Seems to me though that even with aggregated data, you could reverse-mine it to have a reasonable suspicion regarding individuals (you'd know trends, which would help in searching for more specific details)

    Anyway, the whole thing could be really useful if used correctly, but there are so many ways it could be misused even if the system doesn't have a major security breach that I for one would never use it.

  8. And sell your health info back to you by christian.einfeldt · · Score: 3, Insightful

    and require Microsoft Windows to access it.

    No thanks.

    Just look at what Microsoft is planning to do with Office Live or whatever they are calling it. You need to have Microsoft Office installed locally on your HD. All you are storing is your data. GNU Linux OSes probably won't even be able to run WINE to access those Office Live files. So even if they don't actually charge to access the data, it extends their reach into your life.

  9. Re:Oh yeah, triple secure. by Evanisincontrol · · Score: 4, Insightful

    Like it or not, your medical information is going to become electronic. Microsoft isn't the first company to propose an Electronic Health Record -- not by far. The Cerner Corporation, for example, has been working modernize the health record since 1980. There are at least two universities in the U.S. which host a major in Medical Informatics, a program specifically designed to produce experts in this very subject.

    Try to fight the Electronic Health Record is like trying to fight the use of computers in any other field -- it's inevitable.

  10. Re:MS and security? by suv4x4 · · Score: 3, Interesting

    The company that gave us the ultimately secure Windows OS and the uncrackable Passport?

    As you know, Windows' security issues are ones of legacy. The more they fix it, the more they wreck existing apps.

    Apart from this, I have to be honest with you: I'd rather have Microsoft work on this health information system, than some unknown little entity that just is in to grab the money and run.

    Microsoft is here to stay, and while they may not end up with the most perfect solution possible, they don't need the money desperately, and can't hide if a major security breach occurs (and it's their fault).

  11. Re:Free medical records on the web? by mpapet · · Score: 3, Interesting

    The actual HIPAA regs appear quite stringent, but you'll find that they don't make the data more secure.

    For example, Use is well-defined in many cases, but actual security mechanisms are not. This kind of programming is right up Microsoft's alley. Not only is the security model pretty weak, there's limited interoperability requirements.

    Please, read the standard. It's not fun reading, but the average /.'er will probably discover it addresses some basic stuff, but leaves the door wide open for familiar and massive compromises.

    http://www.hhs.gov/ocr/hipaa/

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  12. Except for the tinfoil hat crowd...not a bad idea by notaprguy · · Score: 3, Insightful

    Putting paranoia aside, managing healthcare information is a major pain in the butt. I see this as a way for ME to control how my information is shared rather than my Dr. or my insurance provider. If this idea matures I can see how insurance providers and health providers would need to ask for the patients permission to exchange information rather than just doing it...which is what happens today. If you're worried about the CIA looking into your health information this isn't going to make the problem any worse. Perhaps a little medication might alleviate your stress on that...

  13. Next Doctors visit might go something like... by EvilSpudBoy · · Score: 5, Funny

    Doctor: I've examined you, and reviewed your MSMedicalHistory(tm) and it looks like you are in fine health, though I see your blood pressure is slightly higher than last time.

    Patient: Well, work has been a bit stressful, should I worry?

    Doctor: Not at all. It is still good for your age. Have you tried Halo 3?

    Patient: huh?

    Doctor: Video games are a great stress reliever. If you don't have an Xbox 360 with Halo3, I can put in an order for one for you. Have you had any other problems?

    Patient: Sometimes I get a headache from staring at the computer too long.

    Doctor: Hold on -- there, I've adjusted your screen resolution and font size on your home and work computers.

    Patient: Umm.....

  14. Re:Monopoly Abuse. Re:Microsoft's successful formu by everphilski · · Score: 3, Insightful

    It's nice of them to admit they are and be described as a one trick pony.

    One hell of a pony ...

  15. VA (not MS!) VISTA? by xanthines-R-yummy · · Score: 3, Interesting
    As someone in the healthcare field, I've found that the VA has the best electronic record keeping system. It's logical, complete, reliable, and relatively easy to use. Why can't the government just lease that out? Or does it violate some kind of law regarding competition? Does anyone know how MS Vault is going to compare? I guess the VA system probably has weaker encryption, but I don't know that for sure. Here's the home site if you don't know what I'm talking about:

    http://www1.va.gov/CPRSdemo/

  16. Re:Oh yeah, triple secure. by Bacon+Bits · · Score: 3, Interesting
    1. HIPPA says no. You ask, they must give you complete and total access to your own medical records. They have no authiruty to deny them to you unless you suffer from some fairly specific medical conditions (namely, mental illness).

    2. HIPPA says no. If a nurse accidentally allows access to your health information, that's a $10,000 fine for her and a $100,000 fine for the hospital.

    3. HIPPA says no.

    WRONGFUL DISCLOSURE OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION

    SEC. 1177. (a) OFFENSE.--A person who knowingly and in violation of this part--

    (1) uses or causes to be used a unique health identifier;

    (2) obtains individually identifiable health information relating to an individual; or

    (3) discloses individually identifiable health information to another person,

    shall be punished as provided in subsection (b).

    (b) PENALTIES.--A person described in subsection (a) shall--

    (1) be fined not more than $50,000, imprisoned not more than 1 year, or both;

    (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and

    (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

    -- http://aspe.hhs.gov/admnsimp/pl104191.htm#1177

    Geez, you'd think that people involved in IT would be somewhat aware of the demands of HIPPA PHI.
    --
    The road to tyranny has always been paved with claims of necessity.