On October 4 Microsoft Corporation launched a free service called HealthVault that facilitates the gathering, storing, and sharing of health information online. According to Microsoft’s “Frequently Asked Questions” (FAQ), the service allows consumers to control who has access to their electronic medical records.
The following excerpts from the company’s FAQ about HealthVault may be of particular interest to Health Freedom Watch readers:
Q: How is HealthVault different from a personal health record?
A: HealthVault is not a personal health record (PHR). It’s a way for individuals to collect, store and share health information where partners can build applications [systems] that use health and wellness data to provide solutions for people. We expect there to be many different PHRs available in the future (for example, fitness, chronic condition). HealthVault offers a way to connect, store and share all this information in one place, without being tied to a siloed database. [Emphasis added.]
Q: What is Microsoft’s approach to privacy for the HealthVault platform?
A: People willing to try Microsoft’s HealthVault must trust that their data will not be lost or misused by us or anyone else. Microsoft designed and built HealthVault with a strong foundation of security and privacy while consulting with experts inside and outside the company to augment our significant expertise in these areas. HealthVault’s privacy principles show that we’re committed to putting people in control of their health information:
- The Microsoft HealthVault record you create is controlled by you.
- You decide what information goes into your HealthVault record.
- You decide who can see and use your information on a case-by-case basis.
- We do not use your health information for commercial purposes unless we ask and you clearly tell us we may.
Computer Privacy Expert Voices Concerns
In response to Microsoft’s announcement, Annie Antón, founder and director of ThePrivacyPlace.org (a research group of students and faculty at NC State University, Georgia Tech, Purdue University, and University of Lugano), questions whether that vault is really going to protect consumers’ privacy. Antón shared the following (excerpted) concerns and questions regarding HealthVault:
...Over the course of the past 7 years, researchers at ThePrivacyPlace.org have evaluated over 100 privacy statements for financial and healthcare web portals. In addition, we focus on evaluating the extent to which the privacy of sensitive information is protected in these systems as well as the extent to which system[s] comply with relevant regulations.