Microsoft launches personal health record site

Microsoft launches personal health record site

Summary: Microsoft's HealthVault aims to record personal health details in the cloud and allow users to control access to that data

TOPICS: Security

Microsoft has launched its HealthVault cloud-based health-organiser platform in the UK, nearly three years after its US launch in October 2007.

The platform is designed to allow organisations to develop applications that let individuals monitor various aspects of their physiological performance, based on user-supplied data such as body mass index, blood pressure and heart rate.

"HealthVault is aimed at the 13 percent of the UK population who are actively engaged in monitoring their wellness," Dave Coplin, Microsoft's national technology officer, told ZDNet UK. "We wanted the right kind of data store."

Individuals are given control over who can look at the data by specifying which applications and organisations have access rights, and can also audit who has accessed the data, said Coplin. The underlying system uses XML schemas to provide this control, he said.

In the UK, Microsoft has worked with Nuffield Health on applications, and hopes to talk to organisations such as the British Heart Foundation and the British Diabetic Association to develop monitoring apps.

Microsoft has provided a software development kit (SDK) for developers based on Microsoft's .Net platform. For open source and developers on different proprietary platforms, Coplin said that HealthVault had a set of application programming interfaces (APIs) available on CodePlex, Microsoft's open-source repository, which would allow coders to develop on languages including PHP and Python.

Read this

NHS top culprit as UK data breaches exceed 1,000

NHS has generated more data breaches than the entire private sector, and there are stricter rules on the way, according to the Information Commissioner's Office

Read more+

Microsoft has no plans to allow information exchange between HealthVault and NHS systems such as Summary Care Records, which hold patient medical information. In addition, Microsoft said it would not at present integrate HealthVault with the NHS health organisation suite, HealthSpace.

Applications which interact with the HealthVault database must comply with Microsoft security and privacy policy, said Coplin. The cloud platform will be hosted in the UK at the same datacentre as used by government organisation the Child Exploitation and Online Protection Centre (CEOP), said Coplin. Under European data protection law, citizen information must not be sent outside of Europe without consent. The UK datacentre is administered by UK technology company Attenda.

Law enforcement and the intelligence services will only have access to the information should they present a warrant, said Coplin.

The strength of a private sector health organisation's privacy commitment was questioned on Tuesday by Ross Anderson, professor of security engineering at Cambridge University.

Anderson said that institutions such as GPs and the Family Planning Clinic had a history of resisting demands for information access from law enforcement, if those demands contravened European human rights law. "At the moment, if the police go to a doctor and ask to see your patient records, the doctor will say: 'I'll see you in court'," said Anderson. "If the police go to a 26-year-old [Microsoft] health administrator or senior shift supervisor, that's something else."

Anderson added that there was a danger of function creep in who had access to the health data, saying that the scale of the amount of information could attract requests for information from police, health researchers and health insurance companies.

The Conservatives in August 2009 said that should they be elected, they would seek to "dismantle Labour's central NHS IT infrastructure", including putting a greater emphasis on third-party health platforms such as HealthVault.

Coplin said that Microsoft had not discussed HealthVault with the new government, but had been talking about decentralisation of services.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sorry, but Microsoft would not be my first choice for being in charge of any of my personal information. Come to think of it, they wouldn't be my last choice either.
  • I signed up for Healthvault to try it out and it looks as if I'm in charge of my information; like any other cloud service it's just stored on a Microsoft data centre. The cost of running a data centre that's secure and private enough not to get Microsoft sued for leaking health data is high enough that there must be a lucrative market selling server-side systems to health providers. Digital health products are going to be popular and having one place to put all the data could be useful... At lest you know it's not being indexed to drive Google AdWords

    Simon Bisson and Mary Branscombe
  • Does Microsoft not know that Northern Ireland is part of the UK ? Tried logging in with a valid liveid and was told that my country is not valid. Oh Dear, do I have to wait until Ireland gets Helath Vault or move to Scotland ?