What ARE they thinking?

Electronic health record are a very touchy subject, since these affect some of the most personal data. While a usable and reliable system for such electronic records would certainly save a lot of money and also prevent even more health-care related mistakes, the Microsoft HealthVault solution is probably the very worst way of trying to solve these problems.

Do not get me wrong – I do applaud Microsoft for trying to push this effort ahead, so that we (as a society) can make progress towards a reasonable solution. But a centralized (one is tempted to say: totalitarian), Passport-like data sink for my most personal data does not even sound bad to me[1]. Here are a couple of questions that came to my mind immediately after reading the announcement:

  • Why would I trust an unrelated and (health records wise) completely unexperienced company trust with my health records?

  • What happens in case of a data breach?

  • Why should I consent to having my data shipped to *any* other country?

  • Why is Microsoft only worried about third party “Program” provider satisfying *their* Privacy Policy needs and not mine.

  • What happens if health related surfing habits are harvested not through the HealthVault web site, but through the *required* Microsoft Passport account?

The list could go on and on after reading the boiler plate privacy policy. I just cannot understand why Microsoft is pressing forward into this area without taking much more caution to prevent security breaches (ha: they are using SSL and strong passwords!!) and limit liability. In this area (particularly when dealing with super personal data like real-time live sign data) there is no “get it right the third time”.

Paul Madsen made a very good point of this area of application being ideally suited for Liberty technologies. I think that data as sensitive as medical records should be regulated to only be kept in federations: without my explicit consent data should not move from one silo (doctor A) to any other (doctor B or insurance). In fact, the way the (ineffective, but privacy preserving) way health care works today is a federation model.


[1] I am really in a Pauli mood today.

Leave a Reply

Your email address will not be published. Required fields are marked *