Welcome to LinuxMedNews
 up a level
 post article
 search
 admin
 Contact
 main


  Serious Privacy Questions Raised About HealthVault
Health-IT Failures Posted by Ignacio H. Valdes, MD, MS on Tuesday October 09, 2007 @ 12:11 AM
from the Health-IT Failures dept.
Dr. Annie Antón of ThePrivacyPlace.org an organization devoted to online privacy has posted an article that raises serious privacy questions about Microsoft's HealthVault Personal Health Record software: "...Unfortunately, what people don’t realize is that HealthVault and similar PHR systems are not subject to or governed by law. When the Health Insurance Portability and Accountability Act (HIPAA) was enacted, we did not envision that private software firms would eventually want to create databases for our health records. As a result, HealthVault and other PHR systems are not subject to the same privacy and security laws to which traditional medical records are subject to in the United States because they are not “covered entities” as specified in the HIPAA...Microsoft appears to have sought the counsel of physicians who believe that patient consent is the best indicator of privacy protections. Unfortunately, most physicians do not understand the subtleties buried within healthcare privacy statements within the context of the software that implements those statements. For this reason, I now list three primary questions that one should ask before entrusting their health records to HealthVault or any other PHR system:" Paraphrased, the questions are:

  • Will my data be off shored and therefore subject to no US law?
  • Will my data be merged with other non-health related information Microsoft collects about me?
  • If read/write authority is granted, can the grantee give read/write authority to my data?

    Surprisingly from its privacy statement the answers to the above appears to be yes. Not mentioned are other additional security concerns beyond the obvious issue that the HealthVault software cannot be examined by most 3rd parties for security and privacy flaws. It would appear that Microsoft did not look at previous efforts such as the LGPL'ed IndivoHealth PHR and others. Digg this article



    <  |  >

     

    		•
      Related Links
  • Articles on Health-IT Failures
  • Also by Ignacio H. Valdes, MD, MS
  • Contact author
    		•

    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    Re: Serious Privacy Questions Raised About HealthV
    by Lorie Obal on Tuesday October 09, 2007 @ 05:32 PM
    I think it is also important that the academic community become more aware of this issue. There has been a great deal of interest in PHR research; however, many people is MIS/IS do not seem to be aware of the lack of privacy protections in this area. I was at an e-health symposium last year where a panel presented their experiences using their company-provided, online PHR record system. When someone in the audience pointed out that their information was not protected by HIPAA (and HR decisions could be made using this information),it was a big surprise to most of the academic community in the room.
    [ Reply to this ]
    Re: Serious Privacy Questions Raised About HealthV
    by Ignacio H. Valdes, MD, MS on Wednesday October 10, 2007 @ 08:48 AM
    ZDNet's Dana Blankenhorn has picked up on this story here and here. -- IV
    [ Reply to this ]
    Re: Serious Privacy Questions Raised About HealthV
    by Tim Cook on Friday October 12, 2007 @ 11:32 AM
    I have resisted a day or two in posting this in order to gather my thoughts about how to present it.

    I was at the opening sessions at MedNet in Leipzig, Germany this past week and one of the presentations was from a health economist that had performed a study on the act of placing healthcare information in public as being a social good. His foundation was on HIV positive or negative status.

    Okay, if you made it through that paragraph and are breathing deeply, you are where I was in the midst of the presentation. It actually took me a few minutes to be sure that he was suggesting placing personal HIV status onto a public website. But, that he was.

    My point in entering this here is that he mentioned that MS HealthVault might be a good place to do this since it is likely to produce a public good.

    Frankly I could not follow his research / assertions because there were far too many "assumptions" in his complex analysis.

    My reason for presenting this here though is to show that people of some importance (a health economics professor in an industrialized country) are not really aware of reality when it comes to peoples' wants and desires in disclosing personal health information.

    Frankly my experience at MedNet was less than impressive. Having been to and presented at a few international conferences in this domain over the past few years I found the first day / keynote presentors at MedNet to be woefully unaware of the world around them. :-(

    For a congress entering their 13th year I hope their selection criteria becomes a bit more strict in terms of overall presentation quality.
    [ Reply to this ]
    • Re: Serious Privacy Questions Raised About HealthV
      by Ignacio H. Valdes, MD, MS on Friday October 12, 2007 @ 11:54 AM
      EHR/EMR software probably is a public good, but HealthVault will make it a proprietary lock down with MS as arbiter and not a real market. If you become successful then Microsoft will either crush you or buy you out. Besides, I do not think Microsoft has a legitimate place here. The idea is to just skip the whole proprietary lock down with all of its problems and go directly to Free/Open Source. This will avoid decades long wrangling and enormous expense.

      -- IV
      [ Reply to this ]
    Re: Serious Privacy Questions Raised About HealthV
    by Tim Cook on Wednesday October 17, 2007 @ 12:45 AM
    Dr. Mark Singh, Co-founder of SEMRHIO (www.semrhio.org) and president Clinicore (www.clinicore.com) has a review on his blog about his experience and overall hope for the future of HealthVault;
    As a practicing physician, I'm really excited about this application and have signed up for a personal account. My plan is to start enrolling my patients with the hope of consolidating their medical data. I found however that the application did not have a place for me to enter my past medical history, medication lists etc. I think, for this application to work for my patients, this feature needs to be in place. Perhaps this feature already exists. If this is the case, it needs to be more obvious to the user. BTW: Clinicore business are is: "We specialize in clinical IT solutions: Healthcare Data Exchange, RHIOs, data integration and healthcare analytics."
    [ Reply to this ]
    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )


     
    Google
     
    www.linuxmednews.com Web
    Advertisement: CCHIT certified EMR and Medical Practice Management Software from Medical Software Associates makes patient management easy. Free practice management and medical billing software demo available.
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©2000-2006 Ignacio Valdes, MD, MS.