Microsoft: We're good for your health

Microsoft: We're good for your health

Summary: Microsoft has been signaling its intentions to enter the health-records-management space for more than a year. On October 4, the company finally provided an official gameplan of what it's readying on the healthcare software and services front.

SHARE:

Microsoft has been signaling its intentions to enter the health-records-management space for more than a year. On October 4, the company finally provided an official gameplan of what it's readying on the healthcare software and services front.

Microsoft: We’re good for your healthOn October 4, Microsoft launched an open beta of HealthVault, a client application plus a Live service that will allow consumers to build and maintain a personal health record. One of the inputs into this health record will be results from Microsoft's health search-engine, also known as HealthVault, which is based on the MedStory search technology Microsoft bought a year ago.

This is how HealthVault will work: Users will create a secure password which they will be able to share and will have the option of sharing data in their records with doctors or others at their own discretion. This password will enable access to their health information, which will be housed in a cloud-based storage site (HealthVault Account) that is hosted by Microsoft. Users will be able to store results of health-related search queries (via HealthVault Search), electronic forms and records from doctors and other medical professionals; data they collect themselves from medical devices (like blood pressure cuffs, heart-rate monitors, etc.), which is maintained on the Healthvault Connection portal; prescription data; and other relevant information.

Peter Neupert, vice president of the Microsoft Health Solutions Group, described HealthVault as "an extension of our (health) search product." "It's a platform -- a shared data repository for users to collect, store and access their health information."

Neupert acknowledged that governments have been taking stabs at building regional health-provider networks to simplify medical-records sharing, but those projects have been "slow to market and complicated." He also admitted that there are a number of Microsoft competitors, some healthcare specialists and some other tech vendors (like Google and Steve Case's Revolution Health) that are working on ways to allow users to create personal healthcare records.

"That (healthcare-record) data is more useful if I can share it," Neupert said. "You need to start in the cloud and start with an API (application-programming interface).

Neupert and others at Microsoft know that connectivity is only one hurdle players in this market face. Privacy concerns are even more of an issue, especially for Microsoft, which isn't a company many users have come to equate with "trust." Microsoft will use Windows Live ID as the secure-authentication mechanism. And the servers and networks used to store HealthVault records will be separate from the other infrastructure housed in Microsoft's datacenters, Neupert emphasized. Logs of users' health-related searches will be erased after 90 days.

How much will it cost users to store their health data in Microsoft's cloud? It will be free, Neupert said.

"I believe search is a big market and we can monetize this around health searches with online ads," he explained.

"We want to make sure it's clear this is a copy of the (user's) data and that they are the ones who decide at different levels who they can share with," he said. "Currently, we are not targeting Web results or the ads based on data in a user's HealthVault record. We may do that some time, but we are not doing it now."

Microsoft announced a bunch of medical-device and records partners at the Washington, D.C., launch of HealthVault on October 4. It also unveiled a HealthVault software development kit for companies and individuals who want to build apps and services that can plug into the HealthVault ecosystem.

Questions: Do you trust Microsoft and its infrastructure enough to store your personal medical info on the company's servers? (Would you trust Google or another vendor any more?) If not, what would change your mind enough to give HealthVault a try?

Topics: Enterprise Software, CXO, Health, Microsoft, Software, IT Employment

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • You Have GOT to be kidding

    I don't trust any company to store my medical records out on the internet. My records are between myself and my doctor. No one else.

    Knowing Microsoft's record on security, you would have to be a blithering idiot to want to trust them with this sort of private personal data.

    Timbo.
    TheBoyBailey
    • Bingo...

      Considering the current state of affairs when it comes to IT security, there are only 2 groups of people I can think of who would do this...those who simply don't care if the whole world knows their medical history and those who are completely ignorant of problems with internet security that have existed since our old buddy Al G. invented the internet. Even if I were going to trust someone with this data, it certainly wouldn't be Microsoft.
      jasonp9
      • There are a few others

        [i]Considering the current state of affairs when it comes to IT security, there are only 2 groups of people I can think of who would do this...those who simply don't care if the whole world knows their medical history and those who are completely ignorant of problems with internet security that have existed since our old buddy Al G. invented the internet.[/i]

        Walk into an emergency room bleeding and you might have a different perspective on privacy. You have to sign it away before they'll put pressure on a spurting artery.
        Yagotta B. Kidding
        • Wow...

          I'm going to bleed to death if I don't sign away all my privacy rights. That's a pretty amazing claim.
          jasonp9
          • RTFagreement

            [i]I'm going to bleed to death if I don't sign away all my privacy rights. That's a pretty amazing claim.[/i]

            I take it you haven't actually read the papers they hand you to sign (in a large stack) when you arrive in ER.

            Your choice, though -- you can try refusing and see what happens.
            Yagotta B. Kidding
          • Believe it! Been there, done that.

            June 9, 2007. 6:30 pm Traumatic partial amputation of index finger.
            At first hospital ER 7:30 pm: sign this, and this, and this, and this, etc. Paper work gets done a lot faster than anything else. Well, they put a dressing on it, while waiting for everything else. Outcome: Doc says I'd like to help you, but there's nothing there to stitch to. You need to go to ___________for skin graft. Consultation, antibiotics.
            Second hospital, about 10:00pm:sign this, and this, and this, and this, etc. Paper work gets done a lot faster than anything else.
            3:00am, I wake up in OR after surgery
            2:00pm:sign this, and this, and this, and this, etc. Released.

            Beautiful report on file at the second hospital, including: do you smoke?, Do you drink, etc. etc. At least they gave me a copy on request.

            Of course, I get to pay a co-pay at each hospital.

            As I understand it, this info isn't really public, but open to all the medical community and all the insurance community, and all the legal community and probably your employer (if they pay for your insurance) and the FBI & CIA & DEA & HS and anyone with a badge

            If your lucky enough to have insurance, the ins co. also gets everything.

            If you get the clap and you don't want your husband/wife/whatever to find out, hope they don't work for one of the above.
            LOL, as we say...
            Hans Schmidt
    • If you think those records are private

      you are kidding yourself. Your insurance company has "shared" this info for years.
      No_Ax_to_Grind
      • Message has been deleted.

        itanalyst
        • Once Again, ZDNazis Strike Again

          Proving your total stupidity again.
          itanalyst
          • Not actually he is correct.

            The databases are out there and have actually been hacked if you keep up on news...so I think you better rethink your statements. Also, did you know your records are also in India...
            ItsTheBottomLine
        • What message???

          What message???
          Hans Schmidt
      • partially correct

        No_Axe is partially correct in that this data is already out there owned by all the healthcare companies. Their networks are spread to every Doctors offices, every clinic and every hospital in the country. The database is there and all it needs is a name and password to access. Regardless, I like to keep most of my business private as much as I can control it.
        MIS Master
      • ...Maybe In The US...

        .. but not in the UK...

        Timbo
        TheBoyBailey
        • Sorry but you are wrong.

          Every insurance claim you ever filed is in a Data Base somewhere and is "shared" with many.
          No_Ax_to_Grind
          • Perception versus Reality

            Yes, I have to completely and unequivocally agree with you.

            I would like to add a thought or two to this discussion if i may.

            The problem with the public in general is that *en masse* we (i.e. the public) generally have the "perception" that, for the most part our health, education, employment and a raft of other pieces of data/information about *our person* is "safe and secure". As perceptions go, this is to a degree true, however, how *the Public* perceive "safe and secure" is almost certain to differ to the way in which the governement, educational institutions and private enterprise (e.g. banks, insurance firms, credit card companies, etc, etc) perceive your *supposedly private* data/information.

            The reality of the situation is more likely that your "private data" is circulated for:

            (a) Governmental statistical purposes and *legal* federal/government inter-departmental information sharing purposes.

            (b) Legal Disclosure to an agency one might be indebted to (i.e. a Credit Card company or a business one has outstanding debts - which may since have been passed on to debt collection agencies)

            (c) Law Enforcement agencies for investigatory purposes.

            or

            (d) a combination of the above and/or other reasons

            My point is this: it is not only *naive* and *ignorant* to assume that Microsoft is the only agent that is privy to your "private records", but it demonstrates that there is a frightening amount of public mis-information circulating regarding the bigger issue: private information disclosure.

            I think that the *levy broke* quite some time ago - basically when the computer age took private data storage into a new dimension. Though the old methods of storing data in a secure lockup (e.g. safe or filing storage room) have for the most part been replaced by the DBMS and other legacy type systems, they (safes and filing rooms) weren't necessarily as bad security-wise as our modern databases might appear to be. Technically speaking, we can argue that they are considerably worse than the old *locked room*. As our good friend No_Ax inferred: this information is a 'few key strokes' away.

            If those critical of Microsoft on this particular count are to be brutally honest with themselves, they might just see that in all honesty MS is the least of their worries. Disclosure of the types of private data in question here, has been occurring between governmental, law enforcement and financial agencies for many years.

            Lastly, I just wish to make it clear, I am not advocating this initiative nor attempting to promote Microsoft's stance. What I am attempting to demonstrate is that the information the public at large considers at present to be: confidential, safe and secure is already likely to have been circulated in a number of domains - and highly likely for a number of years.
            thx-1138_
  • Write-only privacy

    Issues of Microsoft's trustworthiness aside, the privacy of that data is like any other secret: it's safe as long as only one person knows it. Once someone hands out access, it's public.

    Three people can keep a secret only if two of them are dead (and the privacy of the dead is an active legal issue.)
    Yagotta B. Kidding
  • Considering HIPAA Laws And How Strict They Are

    Any health organization that has Microsoft managing their records are complete idiots and should not be allowed to practice medicine.
    itanalyst
    • Management and techs rarely see eye to eye.

      That's why my company is going to Exchange and Outlook despite constant cries of "corrupt accounts", "added risk of malware", "how this article says many more administrators are needed", "I'm a new employee and coming from an Exchange shop, I can tell you it's a buggy product", et cetera,
      HypnoToad72
    • Moot point

      HIPAA doesn't require any kind of secure platform. Like most such "feel good" legislation, it mainly requires specific procedures to be performed.

      In my experience, the main impacts of HIPAA are two:
      * All health providers require you to waive HIPAA as a condition of service, and
      * The MDs now have a legal excuse to refuse to talk to anyone else. "Hey, Doc, about that case I sent you last week with point tenderness at C4 and peripheral numbness -- do you have any feedback on the care we gave her?" "Sorry, I can't talk to you. HIPAA. We never had this conversation."
      Yagotta B. Kidding
      • HIPAA

        I'm not sure with which healhcare providers you have experience, but I'm not aware of ANY healthcare provider who requires a patient to waive his privacy rights as a condition of service. In fact, healthcare providers are required to state their privacy policy which must conform to HIPAA, and you are only required to acknowledge that you are aware of their policy by your signature. HIPAA does not forbid physicians from discussing with each other the care that both provide to the same patient.
        philprof