Big deal! And in every sense of the word, it is a big deal. An association between the Mayo Clinic and Microsoft’s Health Vault initiative. A big deal for both of them; and not necessarily for you.
Why would you want a central repository of your medical records?
Not having to fill-out those damn duplicative forms each and every time you visit a doctors office. Hand-carrying x-rays and reports from doctor to doctor. It does have its attractions.
But, while it seems like a great idea at first, upon closer examination, you may want to reconsider allowing any commercial vendor, including Microsoft, Google or others to store your medical records.
My objections are extremely simple:
One, your medical records may be incomplete and contain conflicting information.
It is a fact that a doctor’s file is a chronological hodge-podge of test results interspersed with your doctor’s notes and impressions. The copies of the test results may be faxed results from the lab and somewhat illegible. Your health changes from period-to-period and the results of tests and impressions may be extremely time-sensitive, with older records being of more or less importance as time moves forward. Over-size records such as x-rays, MRI scans are often stored separately from your medical record and may be accessible only on demand.
For those who see a PCP (Primary Care Physician) and then a referred specialist, the information may be stored in two or more places and be duplicative of information stored elsewhere.
Many doctors do not want to assume the time, expense and responsibility for converting your paper documents into electronic format. And those records which are mass-scanned into imaging systems are often less than legible. Doctors who use the same data and reach conflicting conclusions may introduce even more danger into the review process if one set of records is automated and one is not.
Two, your doctor may not have the time, ability or willingness to review your history thoroughly.
Doctors, on a fifteen-minute rotation schedule are not apt to take the time and effort to review your records unless you bring up something very specific. Specialists are more likely to review records from other specialists within their specialty than a more thorough history. In many instances, your interaction with a nurse taking a preliminary history is more important to the process of obtaining quality care than you might think. The nurses are the ones with more time, more receptivity and more willingness to accept your written materials.
Much of the benefits of the commercial records systems are based on, and in my opinion incorrectly, their availability during an emergency. However, emergency room physicians are taught to take nothing for granted and often conduct their own tests. Supplementary medical information may be helpful in determining a diagnosis or treatment plan, but for the most part, ER doctors do not spend a lot of time in record reviews, relying mostly on a patient’s oral history. Many ER physicians, nurses and clerical staff might have a great deal of reluctance to sign-on to a third-party site to retrieve medical information about which they know little or nothing. Especially if the site can convey harmful viruses and malware into their trusted and protected systems.
Three, records must be stored in a common, easy-to-use format which allows a doctor to drill down to the data that is required to deal with the matter at hand.
As you must know from following the news, few doctors are capable of accessing and analyzing records contained on external systems. This is the basis for President Obama’s healthcare initiative that would develop common data formats and interchange methods. And, when that happens, all of the information may need to be re-formatted or, in some cases, ignored in hardcopy (paper and film) files. As of now, most data is stored in a somewhat proprietary record format specific to a particular software vendor. While their are standards (such as HL7), use is optional and far from mandatory.
Four, there is the probability that your medical records will remain inaccessible in a true emergency.
In a wide-spread disaster, there is no time for the luxury of being able to access medical information from the field. Information stored in a multiplicity of electronic sites may be just as unavailable as paper records stored in a doctor’s office.
Five, your records, no matter how well-maintained, no matter how large and strong the vendor who maintains your records, may become unavailable or compromised in various ways.
We have learned from the compromise of medical records at the world-class UCLA hospital that it is often employees with full and complete access that divulge confidential information. Whether for personal curiosity, profit or revenge, it happens more frequently than you might suspect.
Your vendor may, for various and sundry reasons, become unable to provide your records in a timely manner.
And certainly, one would expect that there are few or no provisions to electronically export your formatted data to another healthcare records system maintained by a competitor.
And six, these records can be accessed and used in ways that are unintended by the user who does have some reasonable expectation of privacy.
More on that later.
And these are just a few of my basic concerns.
So let’s see if the Mayo Clinic endorsement changes any of the pertinent facts or concerns …
Mayo Clinic backs new personal health record site
According to the Associated Press …
“The Mayo Clinic has combined its medical expertise with Microsoft Corp.'s technology in a free Web site launching Tuesday that will let people store personal health and medical information.”
“The Mayo Clinic Health Manager, as the site is called, is one of many emerging services for so-called personal health records. The sites, from companies such as Microsoft and Google Inc. and major health insurers, are meant to give people an easy way to stash medical information and transfer it to a new clinic, hospital or specialist. But those providers aren't necessarily ready for such an electronic revolution, which for now means it takes some work on the patient's part to set up and maintain the records.”
“The Mayo Clinic Health Manager uses Microsoft's HealthVault system to store medical histories, test results, immunization files and other records from doctors' offices and hospital visits, along with data from home devices like heart rate monitors.”
“Anyone can sign up for an account, not just Mayo Clinic patients. Users can give access to different slices of their health information to doctors and family members as the need arises.”
In an emergency, do you want to be the one to authorize each individual doctor, facility, pharmacy and others to access your medical data?
“The site prompts people to get started by answering questions about their family medical history and current and past health problems, allergies and medications. Based on that information plus age, gender and other factors, the site recommends additional tasks _ scheduling a mammogram, for instance _ and articles for further reading.”
As far as I am concerned, much of this personal information can be considered anecdotal and should be segregated from verifiable medical information from authorized and trusted sources. The fact that the system will provide follow-up information points to some level of third-party integration possibly with unknown or unexplained commercial relationships. And the system may say nothing about the selection of a competent, caring physician other than to provide a list of physicians associated with a particular facility, group or organization.
“In the health care system of the future, sites like Mayo Clinic's might connect seamlessly with pharmacies, hospitals and doctors' offices to update records. Today, however, while Microsoft's HealthVault system can connect to some pharmacies, insurance companies and providers, most doctors have yet to invest in an electronic system. For patients, that means typing the results of surgeries, lab tests and other information into the Health Manager themselves.”
Not only will patients not have access to their full medical records, but the danger in typing-in medical records by an untrained person is dangerous and can be extremely deadly if one misspells a single drug or refers to it by a brand name unknown to the doctor without further research. And there is always the possibility that a patient may decide to omit or edit medical details which makes the validity and usefulness of the entire record useless. What doctor, in his right mind, would rely on medical records that could be altered by the patient or any third-party? There is a reason doctors suspect patient-provided information.
Example: Digoxin: Digitalis preparation (trade name Lanoxin) used to treat congestive heart failure or cardiac arrhythmia; helps the heart beat more forcefully. "Digoxin" is a common misspelling or typo for: dioxin, any of several toxic or carcinogenic hydrocarbons that occur as impurities in herbicides. <Source> And there are any number of frequent misspellings – including those made by doctors, nurses and other healthcare providers.
Continuing with the Mayo story …
“Privacy advocates urge people who want to set up a personal health record online to read the fine print. Deven McGraw, director of the health privacy project at the Washington-based Center for Democracy and Technology, said sites like the Mayo Clinic Health Manager aren't currently covered by national laws that specify cases in which health care systems can access and share information without patients' consent.”
The basic law covering the security of health information, HIPAA (Health Insurance Portability and Accountability Act) is never mentioned – not even once.
The devil is in the details …
As I have said on a number of occasions, the devil is in the details – or in this case – the privacy and usage agreements that control the user’s acceptance of the conditions set forth by Microsoft to use their Health Vault product.
From: www.healthvault.com …
HealthVault Information Site Service Agreement (Last updated: June 2008)
“This Service Agreement applies to the HealthVault information site at www.healthvault.com, which is referred to in this Service Agreement as the “Service.” These terms do not apply to the Microsoft HealthVault Account or to other programs or device drivers that work with the HealthVault Account. Those have separate agreements. This applies to your use of the Service including updates that you use while this Service Agreement is in force.
You need to read and understand each individual agreement and how they may interrelate and it is your responsibility to check multiple sites on a daily basis to find policy and procedure changes. Not for me!
“Please note that we do not provide warranties for the Service. The Service Agreement also limits our liability. The terms are in sections 8 and 9, and we ask you to read them carefully.”
There are no guarantees that the service will be accessible if and when you need it.
“2. How you may use the Service.
In using the Service, you will:
- obey the law;
- obey any codes of conduct or other notices we provide;
- obey the Microsoft Anti-Spam Policy;
- keep your Service account password secret; and
- promptly notify us if you learn of a security breach related to the Service.”
“3. How you may not use the Service.
In using the Service, you may not:
- use the Service in a way that harms us or our affiliates, resellers, distributors, and/or vendors (collectively, the “Microsoft parties”), or any customer of a Microsoft party;
- use any portion of the Service as a destination linked from any unsolicited bulk messages or unsolicited commercial messages (“spam”);
- use any unauthorized third party software or service to access the Microsoft instant messaging network (currently known as the .NET Messenger service);
- use any automated process or service (such as a BOT, a spider, periodic caching of information stored by Microsoft, or “meta-searching”) to access and/or use the Service;
- use any unauthorized means to modify or reroute, or attempt to modify or reroute, the Service;
- damage, disable, overburden, or impair the Service (or the network(s) connected to the Service) or interfere with anyone’s use and enjoyment of the Service; or
- resell or redistribute the Service, or any part of the Service.”
“4. Privacy.
“We consider your use of the Service to be private. However, we may access or disclose information about you, your account and/or the content of your communications, in order to: (1) comply with the law or legal process served on us; (2) enforce and investigate potential violations of this Service Agreement; including use of this Service to participate in, or facilitate, activities that violate the law; or (3) protect the rights, property, or safety of Microsoft, its employees, its customers or the public. You consent to the access and disclosures outlined in this section.”
Note the section about compliance with the law. In some cases, vendors have turned over information with nothing more than an administrative request or data has been provided by security personnel with tied to their old agencies. In many cases, vendors will not notify you before turning over information thus depriving you of a chance to quash the request with a challenge as to its legality or breadth. Even worse, your insurance company can access this data by simply providing a “release” that you signed as a condition of insurance – even to the extent of using this information to deny your claim or store your information in a third-party medical database maintained by the insurance industry.
“We may use technology or other means to protect the Service, protect our customers, or stop you from breaching this Service Agreement. These means may include, for example, filtering to stop spam or increase security. These means may hinder or break your use of the Service.”
“In order to provide you the Service, we may collect certain information about Service performance, your machine and your Service use. We may automatically upload this information from your machine. This data will not personally identify you. You may read about this information collection in more detail in the HealthVault Information Site Privacy Statement.”
Even though a vendor may claim that information collection does not contain personal information, almost all documents produced by the major software vendors may contained embedded codes known as GUIDS (Globally Unique IDentifiers) which can link the document to the software and system which produced the file. These codes are often transmitted to the vendor as part of the software registration process.
“6. Microsoft authentication network.
We may provide you with credentials on our authentication network to use with the Service. You are solely responsible for any dealings with third parties (including advertisers) who use our authentication network, including providing such parties any information and the delivery of and payment for goods and services. This Service Agreement applies to you whenever you use the credentials you obtained with the Service. When you use our authentication network to gain access to any site, the terms and conditions for that site, if different from this Service Agreement, may also apply to you in your use of that site. Please refer to the terms of use for each site that you visit. We may cancel or suspend your access to our authentication network for inactivity, which we define as failing to sign in to our authentication network for an extended period, as determined by us. If we cancel your credentials, your right to use our authentication network immediately ceases.”
“7. How we may change the Service Agreement.
We may change this Service Agreement in our discretion by posting new applicable terms and conditions. If you do not agree to the changes, then you must stop using the Service. If you do not stop using the Service, then your use of the Service will continue under the changed Service Agreement.”
“8. WE MAKE NO WARRANTY.
We provide the Service “as-is,” “with all faults” and “as available.” We do not guarantee the accuracy or timeliness of information available from the Service. Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws that this Service Agreement cannot change. We exclude any implied warranties including those of merchantability, fitness for a particular purpose, workmanlike effort and non-infringement.”
“9. LIABILITY LIMITATION.
You can recover from Microsoft only direct damages up to an amount you pay Microsoft for this Service. You cannot recover any other damages, including consequential, lost profits, special, indirect, incidental or punitive damages.”
“This limitation applies to anything related to:
- the Service,
- content (including code) on third party Internet sites, third party programs or third party conduct,
- viruses or other disabling features that affect your access to or use of the Service,
- incompatibility between the Service and other services, software and hardware,
- delays or failures you may have in initiating, conducting or completing any transmissions or transactions in connection with the Service in an accurate or timely manner, and
- claims for breach of this Service Agreement, breach of warranty, guarantee or condition, strict liability, negligence, or other tort.
It also applies even if:
- this remedy does not fully compensate you for any losses, or fails of its essential purpose; or
- Microsoft knew or should have known about the possibility of the damages.
“Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitations or exclusions may not apply to you.”
“10. Changes to the Service; If we cancel the Service.
We may change the Service or delete features at any time and for any reason. We may cancel or suspend your Service at any time. Our cancellation or suspension may be without cause and/or without notice. Upon Service cancellation, your right to use the Service stops right away.”
“Microsoft HealthVault Information Site Beta Version Privacy Statement ("Last updated: June 2008)”
“Microsoft is committed to protecting your privacy. This Privacy Statement applies to the data collected by Microsoft through the HealthVault information site at www.HealthVault.com (the "Site"). It does not apply to data collected through the Microsoft HealthVault Account, other programs that work with the HealthVault Account, or other online or offline Microsoft sites, products or services. This is a preliminary disclosure and may not be exhaustive.”
So what do we know now?
One, we know the vendor is not responsible, on any level, for errors, omissions, availability, backup, retention or any other thing – including the adherence to any local, state or federal privacy requirements. Except possibly to refund the money you have already paid for the service. Which, the service being free, means being responsible for NOTHING!
Nice!
You are relying on the information being available only to find out it is unavailable because your account was canceled. There is no mention of a backup method that would allow you to keep your information safe in the case of a vendor mishap. There is also no mention about if and when such information is (if ever) purged from the system. And there is nothing that would keep the vendor from selling the information in an aggregated form (without specific identifiers) which does not stop information users from attempting to identify individuals using information from other databases.
There is nothing to prevent an insurance company, using your own signed release, to access these records for any purpose under the sun.
Bottom line …
You have a system that may or not be useful, you have a vendor who may or may not act appropriately in your best interests and you have a medical system that will, in all likelihood, not use the system. And you don’t know if the data is secure and always available; so why bother?
This is not meant to disparage the necessity of maintaining authenticated medical records under strict privacy legislation or the efforts of any vendor or organization that is attempting to enter the field of health records. It is meant as a “full disclosure” cautionary note for first adopters to insure that they understand the basis on which they provide private and non-public information to a commercial enterprise.
What I would do …
Having some degree of familiarity with both medical systems and data processing, I would consider the following.
If I had a specialty condition or poor health, I would consider putting together a summary of current information about myself. Starting with a list of my physicians, their contact information and their specialties. I would compile a list of my drugs including their purpose, dosages, and frequency of use. I would ask my doctor to review the information and provide the results of any specialty information which he believes may be relevant should I require emergency medical care. I would then have this information duplicated and stored in several secure locations. Possibly turned into microform (e.g. microfilm) or an electronic image and placed with a trustworthy person or organization.
I would be more inclined to trust an organization such as MedicAlert in Turlock California before I would trust Microsoft, Google or any other Johnnie-come-lately commercial vendor. They have a long history of providing services to patients and a good record regarding patient data confidentiality. Caveat: read their user agreement thoroughly as it may contain some of the same disclaimers as commercial service providers. But all things being equal, they have my personal trust and respect for their past good works and performance.
Be well, be safe and take care of yourself and your family first.
-- steve
Reference links:
Mayo Clinic backs new personal health record site - washingtonpost.com
OBAMA STIMULUS: COMPROMISING YOUR HEALTH RECORDS FOR POLITICS AND PROFITS|OneCitizenSpeaking
Danger: The SINGLE most important key to protecting your health records! | One Citizen Speaking
Microsoft HealthVault: Can you trust Microsoft or any other commercial vendor with your health information? One Citizen Speaking