When Microsoft launched its much-ballyhooed HealthVault medical-records system for individuals (see my review here), it made such a fetish of security protections that it virtually rendered the service unusable. My own effort just to establish a HealthVault account took roughly two hours, much of that devoted to simply coming up with a password the system would accept; I documented the struggle here. One of the company’s PR reps even emailed me to note that Microsoft is taking “extra precautions at every layer of security” because “privacy and security is one of the areas that Microsoft is taking very seriously for HealthVault.”
As I wrote at the time, it’s hard to fault Microsoft for being paranoid about security, given how privacy concerns are going to be a major hurdle to widespread adoption of online health records. But is the Redmond giant really serious about protecting patient privacy?
Maybe not. Earlier this week, Annie Antón, a software professor at North Carolina State University, raised three important questions about Microsoft’s dedication to patient privacy based on a close reading of the HealthVault privacy statements (here and here). Antón’s post at the Privacy Place blog is worth reading in its entirety, but I can’t help summarizing it as well.
The big surprise (to me, at least) is that services like HealthVault aren’t covered by HIPAA, a mammoth federal law that, among other things, sets some strict standards for the privacy of medical data. Privately-managed record repositories like HealthVault apparently weren’t even envisioned when Congress passed HIPAA in 1996, and so they’re exempt from its provisions (which, to be fair, many people consider onerous).
All that makes it even more important to look at what Microsoft actually promises, and what Antón turned up is disquieting. For instance, Microsoft reserves the right to store your medical data offshore, in countries that may not have the same privacy protections as the U.S.
The software giant also plans to merge other personal information it holds about you with information stored in HealthVault. (That certainly puts the intrusive questions Microsoft’s Live.com service posed to me during registration in a new light.) Finally, HealthVault appears to open the door to a potentially unlimited line of people, entities or programs that can obtain permission to read and alter your health information, since it’s possible to delegate the ability to grant those permissions to others.
Antón also questions whether Microsoft’s decisions in these cases leave users with any legal recourse if their data does leak. It’s a great question, and one I’m in no position to answer at the moment, although I’d certainly want to take a hard look at extending HIPAA privacy provisions to these sorts of electronic records. This analysis certainly underscores the wisdom of approaching services like HealthVault very, very cautiously, because once your medical privacy has been breached, there’s virtually no way of getting it back.
8 Comments
-
Etienne said:
Its my view that the only way for any organixation to pull this off is to be totally transparent and open about it. To the extent that the data holders can obtain no special benefit from owning the data. As long as the custodian of the data has some exclusivity to the data then the temptation/opportunity will always be there to make a fast buck from it.
It seems that the only way large scale personal health records can work is to either store the data client-side (with all the problems that brings) or store the data server-side but openly and anonymously. That way everyone gets to see all the data and nobody has any special advantage.
Commercially this is a less attractive proposition but, lets face it, thats why consumers should distrust the HealthVault type of offering anyway. The real commercial value is in the provision of a ubiquitously available health record - the vendor that provides the best on-line *service* will be the winner in this game, not the one that figures out how to sell user’s data to drug companies for the most bucks.
-
Deepak said:
Etienne is spot on. IMO data must be stored server side, but from the consumers perspective that is a huge leap of faith.
Openness is key. However, I do think that there are a lot of policy issues that need to be resolved at this point. HIPAA, etc must be updated and data ownership issues need to be resolved.
There is a value and a business model here, but it will require a lot of education, pin-point execution and the collaboration of a number of parties including the consumer
-
David P. Hamilton said:
I think these are very interesting points, although there’s also clearly an alternative mechanism that involves client-side storage on something like a USB thumb drive. (This raises a bunch of other issues such as data integrity and accidental loss, of course, but it does sidestep the privacy fears that many people probably have.)
That said, I’d also like to question whether there is in fact a business model here. Lots of people seem to assume that there is, but I’m not sure I see it. Selling ads next to your personal medical records seems likely to be a non-starter — something I’ve already seen others speculate about. So if that doesn’t work, where’s the revenue for the Microsofts and Googles of the world? Partnership agreements will only bring in so much, so chances are good they’ll eventually try to charge consumers for these services — which, given that the end-user value isn’t immediately apparent, seems likely to be a hard sell.
I’m totally open to being convinced otherwise, but for now this whole “personal health record” notion amounts to lots of smoke and mirrors with very little substance behind it.
-
Deepak said:
I would extend the question a little more. What is the goal of the personalized health record? Is it meant to put the user in complete control (that has its own set of risks)? Is it meant to be a personal guide, providing information, etc to help the informed patient make decisions, while giving them access to data from tests etc.
The latter is far more feasible. You are quite right, the business models are still uncertain. I do think that highly relevant advertising has a place in this space. What kind of returns could you get? I don’t know. However, in the end, and perhaps this will help in giving these services value in the minds of the public, the freemium model might be the best one here.
For now, I think the PHR is a bit of a toy, but I do believe that the idea has legs, BUT only in the appropriate environment. To flog a dead horse, ownership standards MUST be established first, as well as rules on advertising, etc.
-
Etienne said:
You can tell from the name that Microsoft’s strategy with HealthVault is to lock users in ;)
They’ve teamed up with various medical device vendors (blood sugar monitors and the like), so if you have one of these devices you can *easily* record all your data in HealthVault. That locks you into using both the vendor’s device and HealthVault - win/win. MS are also encouraging an ecosystem of applications that work with HealthVault APIs - a classic Microsoft play, and further lock in for the user.
The hapless user will be stuck with their data in HealthVault and inertia will keep them there.
Meanwhile at the back-end aggregated and anonomixed health data is worth big bucks to the drug companies. Look for some deals here when MS has enough data. That’s where the real business model is.
-
Khurt Williams said:
Putting aside the privacy issues for a second ( hard for me to do but..) and take a look at the business side and where this might be valuable for both the consumer, Microsoft and it’s partners…is there value in a business model similar to Mint, the money management site?
Mint’s goal appears to be to allow the consumer to aggreagate financial information and then provide advice, special savings or services opportunities, and simple financial analysis.
Will this work for HealthVault?
-
David P. Hamilton said:
Khurt, interesting question. The main problem I see is that any service that borders on medical advice typically requires a medical license, which is one reason you don’t see a lot of Web sites trying to help you diagnose illness. (There seems to be a big difference between providing useful background information and offering anything remotely proactive, although I also wouldn’t be surprised to see those lines blurring.)
Perhaps there are other services a company like MS could get involved in, but I tend to think that Etienne is probably closer to something that would work when he suggests that MS will probably try to sell aggregated and anonymized health, drug/procedure and outcomes data to pharma and device companies. Which, of course, brings us back to the privacy debate :-).
Etienne, for what it’s worth, I’d also add that MS insists that data can be moved freely in and out of HealthVault. Whether that’s true or not is something else entirely — I’ve already chatted with one correspondent who can’t seem to upload a file to HealthVault in CCR (continuity of care record) format. For more detail, see this MS comment reported in one of the Seattle P-I’s blogs.
-
Etienne said:
MS will deal with CCR just like they try to every other standard: Embrace, extend and extinguish.
6 Trackbacks
10:40 pm
» Standards in health records » business|bytes|genes|molecules said:
[...] Further reading Does Microsoft’s HealthVault really protect your privacy? [...]
10:40 pm
» Standards in health records » business|bytes|genes|molecules said:
[...] Further reading Does Microsoft’s HealthVault really protect your privacy? [...]
4:22 pm
VentureBeat » Google Health launching soon? said:
[...] user-unfriendliness that I’ve heard scarcely a word about it since. (Plus, there are those nagging privacy questions.) Scads of Health 2.0 sites also offer various pieces of what Google appears to be promising, [...]
8:57 am
VentureBeat » Life sciences briefing: Monday, Dec. 31, 2007 said:
[...] Microsoft’s HealthVault, which we reviewed here and here, LifeOnKey charges individuals to store their medical info. A basic plan starts at $50 a year, plus [...]
10:39 pm
michaelzimmer.org » Archives » More Designing for Privacy: Microsoft HealthVault said:
[...] personal medical data online is fraught with privacy issues, and HealthVault has attracted its fair share of criticism and concern (especially given the bad taste Miscrosoft’s [...]
7:18 pm
Google Health’s Cleveland testbed and some nagging questions » VentureBeat said:
[...] of course, there are privacy concerns as well, as I’ve written about previously with respect to HealthVault. Google’s system apparently won’t be regulated by the [...]