Microsoft HealthVault: Can you trust Microsoft or any other commercial vendor with your health information?
There is no doubt that Microsoft wants to extend the use of its flagship desktop and server products by moving into the consumer healthcare arena. According to Reuters ...
"Microsoft said it plans to reach out to doctors, hospitals and health services companies to build Web applications to work with HealthVault. It's a strategy similar to how it encouraged other technology companies to build applications on top of its Windows operating system."
By offering consumers a free filing cabinet for all of their medical records, along with a broad array of third-party products built around Microsoft's vision for healthcare records, Microsoft hopes to extend their brand well into the future.
But, in spite of all of the assurances and pronouncements made by Microsoft, I am still left with significant questions regarding this service. To be fair, I have not yet approached Microsoft with my questions, leaving it up to my readers to determine whether or not some of my concerns are valid.
From Microsoft's Press Release...
Microsoft Unveils Consumer Health Vision, Launches Technology Platform to Collect, Store and Share Health Information
"Joined by nationally recognized medical providers, health-management device manufacturers and patient advocacy organizations, Microsoft Corp. today launched Microsoft HealthVault, a software and services platform aimed at helping people better manage their health information. The company outlined its vision for ways that HealthVault can bring the health and technology industries together to create new applications, services and connected devices that help people manage and monitor their personal health information, including weight loss and disease management, such as for diabetes."
" The launch of HealthVault makes it possible for people to collect their private health information on their terms and for companies across the health industry to deliver compatible tools and services built on the HealthVault platform.”
"Microsoft today also announced the availability of HealthVault Search, a powerful new vertical health search tool designed to work with the platform. Integrated with Live Search and accessible on the HealthVault Web site, this specialized health search engine intuitively organizes the most relevant online health content, allowing people to refine searches faster and with more accuracy, and eventually connect them with HealthVault-compatible solutions."
Privacy, Compatibility and Security
"Created in cooperation with leading privacy advocates, respected security experts and dozens of the world’s leading healthcare organizations, HealthVault is designed and built to enhance privacy while providing people with the control they expect and require."
So far, the HealthVault product and related services seem to be a great idea. So why am I concerned?
One, because it is a Microsoft offering.
We have seen every version of the underlying Windows product and its browser being touted as the most secure product yet developed by Microsoft... only to be confronted over numerous patches and security enhancements to fix problems as they arise. Somehow, the Microsoft brand is not, at least in my mind, synonymous with "security." While I have not inspected or tried this new offering, past experience makes me extremely cautious and tells me to go slow when it is my health that may be put at risk by my over-reliance on a product which may ultimately fail to deliver in a time of need. Or which may be compromised by evildoers.
Two, because it is a Microsoft offering.
Traditionally Microsoft software is provided in an original distribution and it is up to the user to continually update their systems with the required bug fix, security and product enhancement patches. Microsoft has improved the delivery of these critical patches over the years and will automatically update your system -- provided you have selected that option. Some people feel that Microsoft's intrusive computer security program -- to protect Microsoft from the piracy of its proprietary program -- is yet another intrusion into your privacy. With web-related services, the user may be protected from the versioning problems of the past since any code residing on a user's system may be refreshed during the web access process.
Three, because it is a Microsoft offering.
You are on your own to backup any data that may reside on your local computer. Although there are programs to simplify this function, you still must set up your backup program to do the job automatically or take affirmative action to perform a backup. I see lazy people every day who lose a portion of their data when their hard drives fail.
Four, because it is a Microsoft offering.
There is no doubt that the Federal Government is going to mandate data storage formats and communications protocols to allow for the "federalization" of healthcare. Microsoft has traditionally tried to restrict its data structures to proprietary formats and allow access only by using an API (Application Programming Interface). There is no guarantee that your health records, in whatever form, may be used by someone who does not use Microsoft protocols or adhere to Microsoft's standards.
Five, because it is a Microsoft offering.
Microsoft has a reputation for absolving themselves of any legal or financial responsibility to the user for the loss, corruption or compromise of the user's data. One should look at the multiplicity of "legal" and "privacy" statements for each and every product and component of a system before making assumptions about adopting any critical system that would impact your health. Presented here are excerpts from Microsoft's official policies.
Although I am not a lawyer, I believe some of these clauses raises the need to ask additional questions before committing your health history to a commercial vendor and a new "beta"product which is still being tested.
Microsoft HealthVault Beta Version Privacy Statement (last updated: October, 2007)
Microsoft is committed to protecting your privacy. This privacy statement applies to the data collected by Microsoft through the Microsoft HealthVault beta version (the "Service"); it does not apply to data collected through other online or offline Microsoft sites, products, or services. The Service includes an online component (account.HealthVault.com) and client software (HealthVault Connection Center) that communicates with the online component. This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be exhaustive."
Concern: Any personal information that you provide to initially set up an account may be used to reference or cross-link other Microsoft services or programs.
Concern: There does not appear to be a single privacy or EULA (End User License Agreement) covering the gamut of provided services. Due to a multiplicity of agreements, your legal rights may be affirmatively waived when you use their systems.
Concern: In order to secure your health data, you must also secure your computer system.
"When you use HealthVault Connection Center to transfer health and fitness information from a device to HealthVault, the information from the device is stored locally on your computer and then can be uploaded into the HealthVault service. You should check your computer to ensure it is properly secured. You can do this by using anti-spyware and virus protection software, and by restricting access to your computer, such as by using a strong password for your computer login and using a network firewall."
Concern: Once data is uploaded, it may not be easily downloaded in a convenient format that would allow for the easy transfer to another software package.
Concern: You have no absolute control over how Microsoft may use your personal information.
How We Use Your Personal Information
"We use personal information collected through the Service, including health information, to provide the Service, and as described in this privacy statement. "
"In support of these uses, Microsoft may use personal information:
- to provide you with important information about the Service, including critical updates and notifications
- to send you the HealthVault e-mail newsletter if you opt-in
- to determine your age and location to help determine whether you qualify for an accounts
Microsoft occasionally hires other companies to provide limited services on our behalf, such as answering customer questions about products and services. We give those companies only the personal information they need to deliver the service, such as IP address or e-mail address. The companies are required to maintain the confidentiality of the information and are prohibited from using the information for any other purpose.
"Microsoft may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Microsoft services or members of the public."
Concern: Section (a) Microsoft may reveal your information to governmental authorities without your knowledge, permission or a chance to contest any administrative order or subpoena.
Concern: Section (b) Microsoft may use your data to protect their rights -- whatever they may be?
Concern: Section (c) It is unknown whether or not a psychiatric report that is uploaded to the system could be used to trigger this clause.
"Personal information collected on the Service may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities, and by using the Service, you consent to any such transfer of information outside of the U.S."
Concern: If information is stored and processed outside of the United States, you may not have any legal rights under foreign law and there is no guarantee that Microsoft will protect you should your health information be compromised by a foreign evildoer.
"The Service may be used only in the U.S."
Concern: Does this mean that your health information will be unavailable should you travel to a foreign destination?
"Microsoft may use aggregated information from the Service for marketing of the Service (for example, to tell potential advertisers how many HealthVault users live in the United States). This aggregated information is not associated with any individual account. Your account and record information from the Service is not individually used for marketing without Microsoft first asking for and receiving your opt-in consent."
Concern: Many companies have been known to bury a customer's "opt-in" consent in confusing content which may be overlooked or as a condition for downloading and using the program. Again, you almost need to be a lawyer when dealing with "click here" agreements.
"You can close your account at any time by signing into your HealthVault account and editing your account profile.. In order to help keep your health information from being accidentally or maliciously removed, we wait 90 days before permanently deleting your account information."
Concern: Due to the nature of government records retention requirements and the normal propensity for organizations to keep data, especially valuable data which can be used by advertisers, for long periods of times, this may not be a guarantee of data destruction.
"When you close your account, all records for which you are the sole custodian are deleted."
Concern: Without any assurance of data portability and the ability to transfer all of your data to another service, this looks like a perpetual agreement.
"If you share custodial access for a record, you can decide whether or not to delete the record from the Service."
Concern: If you have shared access with another person, you may be prevented from deleting all of your data.
"Sharing Records with Programs through the Service"
Concern: If you have granted others access to your data, you must also check their privacy and user agreements which may be different from those published by Microsoft.
"Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, and disclosure. For example, we store the personal information you provide on computer servers with limited access that are located in controlled facilities.
- All communications with the Service are sent using encryption (that is, HTTPS).
- We require you to use a "strong" password
- You can view a history of access and actions to any Health Record that you are a custodian of."
Concern: I would question whether or not the health information itself is stored in an encrypted format as it contains your social security number and other "non-public" personal information.
Use of Web Beacons
Microsoft Web pages may contain electronic images known as Web beacons - sometimes called single-pixel gifs - that may be used:
- to assist in delivering cookies on our sites
- to enable us to count users who have visited those pages
- to deliver co-branded services
Concern: Does this mean that MS is watching you as you navigate through our system and might deliver co-branded advertising depending on the program path you have selected? You bet!
"We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. For material changes to this privacy statement, we will notify you either by placing a prominent notice on the home page of the HealthVault Web site or by sending you a notification directly. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the personal information we collect."
Concern: You need to continually check each and every privacy agreement, as well as other agreements, each time you sign-on. This is not only impractical, but for most consumers, the implications of even an innocuous sounding clause may compromise your rights.
"Your continued use of the service constitutes your agreement to this privacy statement and any updates. Please be aware that this privacy statement and any choices you make on the Service do not necessarily apply to personal information you may have provided to Microsoft in the context of other, separately operated, Microsoft products or services."
Concern: This is my favorite statement. You are bound by the conditions because you are a user. Take it or leave it. And, by the way, we do not have a uniform agreement for all of our products, so each one must be read carefully.
Don't forget to read the additional privacy statement for the search product.
Note the slightly different disclosure form for one of the additional privacy notices.
"Microsoft may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on Microsoft or the Site; (b) protect and defend the rights or property of Microsoft and our family of web sites; or (c) act in urgent circumstances to protect the personal safety of users of Microsoft products or members of the public."
Concern: Now the protection seems to extend to their family of web sites.
Now comes the next agreement, Legal HealthVault Account Service Agreement (Last Updated: October 2007 )
"1. What the Service Agreement Covers."
This is a Service Agreement between you and Microsoft for use by residents in the United States. Sometimes Microsoft is referred to as "we," "us" or "our". This Service Agreement applies to Microsoft's HealthVault Account software and service including updates that you use while this Service Agreement is in force. The HealthVault Account software and service are referred to collectively in this Service Agreement as the 'Service.' "
Please note that we do not provide warranties for the Service. The Service Agreement also limits our liability. These terms are in sections 8 and 9 and we ask you to read them carefully.
We consider your use of the Service to be private. However, we may access or disclose information about you, your Account and/or the content of your communications, in order to: (1) comply with the law or legal process served on us; (2) enforce and investigate potential violations of this Service Agreement; including use of this Service to participate in, or facilitate, activities that violate the law; or (3) protect the rights, property, or safety of Microsoft, its employees, its customers or the public. You consent to the access and disclosures outlined in this section.
We may use technology or other means to protect the Service, protect our customers, or stop you from breaching this Service Agreement. These means may include, for example, filtering to stop spam or increase security. These means may hinder or break your use of the Service.
"We may cancel or suspend your access to our authentication network for inactivity, which we define as failing to sign in to our authentication network for an extended period, as determined by us. If we cancel your credentials, your right to use our authentication network immediately ceases. "
8. WE MAKE NO WARRANTY.
We provide the Service "as-is," "with all faults" and "as available." We do not guarantee the accuracy or timeliness of information available from the Service. Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws that this Service Agreement cannot change. We exclude any implied warranties including those of merchantability, fitness for a particular purpose, workmanlike effort and non-infringement.
9. LIABILITY LIMITATION.
You can recover from Microsoft only direct damages up to an amount you pay Microsoft for this Service. You cannot recover any other damages, including consequential, lost profits, special, indirect, incidental or punitive damages.
This limitation applies to anything related to:
content (including code) on third party Internet sites, third party programs or third party conduct,
viruses or other disabling features that affect your access to or use of the Service,
incompatibility between the Service and other Services, software and hardware,
delays or failures you may have in initiating, conducting or completing any transmissions or transactions in connection with the Service in an accurate or timely manner, and
claims for breach of Service Agreement, breach of warranty, guarantee or condition, strict liability, negligence, or other tort.
It also applies even if:
this remedy does not fully compensate you for any losses, or fails of its essential purpose; or
Microsoft knew or should have known about the possibility of the damages.
Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitations or exclusions may not apply to you.
11. How We May Change the Service Agreement.
"We may change this Service Agreement in our discretion by posting new applicable terms and conditions. If you do not agree to the changes then you must stop using the Service. If you do not stop using the Service, then your use of the Service will continue under the changed Service Agreement."
While the above legalese should not discourage you from using any of Microsoft's products or services, you need to maintain an awareness of your rights as a consumer and plan ahead if you plan to store critical medical information to be used in life-threatening situations.
There will be competing systems...
In the coming months and years, there will be additional medical programs and storage products offered.
"Web search leader Google also has designs to be a player in health information products, but specific plans have been slow to materialize."
"Speculation from Google watchers has centered on ideas ranging from a health information search service to a way for allowing Google users to create a personal medical record."
And there does not seem to be a significant advantage of being an early adopter of any particular technology... especially programs which are in "beta" test and are soliciting consumer feedback on their experiences.
What can YOU do?
DO NOT RELY ON ANY ELECTRONIC SYSTEM TO MAKE YOUR RECORDS AVAILABLE IN AN EMERGENCY. Consider the preparation of an "emergency medical document kit" containing your latest medication record, your latest blood test and electrocardiogram (EKG) results, and any specialized reports of procedures which may affect the delivery of emergency healthcare. Make copies of your emergency document kit and place them in a waterproof and fireproof container. For those who have moderate to severe medical problems, you may want to consider keeping copies in various, easily accessible, locations. Update these document sets whenever results change. Your life may depend on having this "baseline" information available to assist first responders in treating your condition. Never assume that Internet-based systems will be functioning and available in times of emergency, especially when a natural disaster strikes.
THERE IS NO DOCTOR-PATIENT CONFIDENTIALITY PRIVILEGE WHEN YOU STORE YOUR MEDICAL RECORDS WITH A COMMERCIAL VENDOR. ALL PROTECTIONS ARE CONTRACTUAL -- AND USUALLY NEUTRALIZED BY PRIVACY AND USAGE AGREEMENTS.
Plan for the worst case scenario ... ask about the portability of your medical documents and the capability to transfer your records to other systems. One way you can achieve this type of transfer is to create your document set as an Adobe-compatible PDF (Portable Document Format) which can be read on a variety of computers. For the technically inclined, you may transfer these PDFs onto a keychain "thumb drive" which have been proven to be fairly secure as well as durable.
Avoid being an early adopter of any technology. As with all "beta programs" or initial program versions, things are bound to change. And, sometimes not in a way that is advantageous for the user.
Remember that your health records will be an ongoing project as you age. After a period of time, the very volume of these records can potentially lock you in to a company or a program because the records cannot be easily transferred into another system.
When dealing with your health information, every vendor, including those with well-known "brand name" systems should always be examined with scrutiny as they have been known to change business models, drop unpopular programs and take other actions which technologically strand the user in "no man's land."
Always assume that your medical records will be read by clerical personnel who may be bored and passing time. Even though this is prohibited by most hospital policies and legal requirements, it still happens. The records of celebrities and other well-known people have a mysterious way of finding a home in someone's political or tabloid files.
Perhaps it is best to wait until your personal physician or medical facility complies with the new federal health system requirements and allow your records, including imaging scans and other records, to be made available, as needed, to other health providers. Thus insuring doctor-patient confidentiality along with providing the doctor's notes and impressions which may not appear in an consumer version of a report. If Microsoft wants to provide systems to doctors, that is far better than providing them to consumers without any mandated legal safeguards.
One of my biggest concerns is if the information is somehow made accessible, either by affirmative action or accident, to an insurance company who can store the data on their own system for data mining. This information may be used to determine a "prior existing condition" which could result in the denial of care as well as highlight accidental discrepancies between the data contained on a consumer's application for insurance and the data respository... again with the purpose of denying care to cut operating expenses. It is also probable that, over time, the fine print in insurance applications may also enable access to any medical data respository which would function much like the insurance-company supported "MIB" (www.mib.com).
THERE ARE PATIENT RECORDS THAT MUST NEVER BE EDITED BY OTHER PROFESSIONALS OR VIEWERS OR CONTAIN A PATIENT'S COMMENTS -- THIS IS MANDATORY FOR THE HEALTH AND WELFARE OF THE PATIENT. ANY SYSTEM WHICH ALLOWS ANY PARTY TO CHANGE A HEALTH RECORD WITHOUT CHANGING THE SOURCE RECORD IS DANGEROUS TO THE CONSUMER.
Good luck and good health.
A reminder from OneCitizenSpeaking.com: a large improvement can result from a small change…
The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane. -- Marcus Aurelius
“Nullius in verba.”-- take nobody's word for it!
“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw
“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS "The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius “A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS
"The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius
“A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell