Microsoft & Personal Health Records, Take 1

Microsoft launched its Personal Health Record initiative yesterday, according to the New York Times:

The company’s consumer health offering includes a personal health record, as well as Internet search tailored for health queries, under the name Microsoft HealthVault (

The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls, the company said, are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously, Microsoft said, and will not be linked to any personal information in a HealthVault personal health record.

This is definitely a step in the right direction, using Personal Data Stores for managing health records, with fine grained access rights management so users can set privileges for multiple health vendors. It’s a classic VRM use case, undoubtedly implemented with full HIPAA compliance.

For those willing to trust Microsoft, their privacy assurances seem reasonable (full policy):

  1. The Microsoft HealthVault record you create is controlled by you.
  2. You decide what goes into your HealthVault record.
  3. You decide who can see and use your information on a case-by-case basis.
  4. We do not use your health information for commercial purposes unless we ask and you clearly tell us we may.

Unfortunately, it doesn’t look like Microsoft is promoting any open standards (no surprise there), nor allowing users a way to download what is stored in their health record. Does that mean if we want that data out, we can only go through a Microsoft-approved medical partner? If so, does that mean that Microsoft actually owns the data… and not the patient? If so, that’s disturbing.

The full text of the Health Vault privacy statement makes this sound like a feature, using full FUD mode to scare users into thinking Microsoft control is a good thing:

To help provide better protection of your information, the information transfer from your computer to the Service is one way; the Service does not transfer your Health Record information back to your computer.

So, minor points for Microsoft. Kudos for showing the way to a smarter way for managing Personal Health Records and shame on them for not doing it in a way that is completely transparent and open for all users.

I’ve sent the folks at Health Vault an email asking about export and ownership. I’ll let you know what I hear back, if anything.

This entry was posted in Personal Data Store, ProjectVRM, Vendor Relationship Management. Bookmark the permalink.

5 Responses to Microsoft & Personal Health Records, Take 1

  1. Pingback: Thomas Scovell’s Blog » Blog Archive » Microsoft do VRM

  2. Pingback: Doc Searls Weblog · Health care or Health snare?

  3. Pingback: Tirekicking HealthVault « Jon Udell

  4. Pingback: Health care or Health snare? | Library no 36

  5. TL Tipton says:

    I think this type of personal health information system is way past due. My concern is the security of such health information. I would have loved to see someone other than microsoft pioneer this advance in health care information technology. Microsoft is not exactly known for securing data appropriately. In addition, let’s not forget how Billy boy came up with Microsoft’s flagship, Windows. He was allowed access to information from Apple. Granted, it was not health information but that is not the point. Microsoft, in my oppinion is not an ethical organization and should never be allowed access to such sensative data.

Leave a Reply