John Andrews is a Competitive Webmaster and Search Engine Optimization Consultant in Seattle, Washington. This is John Andrews blog on issues of interest to the SEO community and competitive webmasters. Want to know more?

johnon.com  Competitive Web & SEO

HealthVault (Microsoft Health Vault)

Microsoft is first out of the gate announcing Health Vault, an online personal health information database of Google proportions. We can expect everyone to go after that gold mine, because such a database represents the single most profitable social media endeavor imaginable. Google will eventually build a health database. Yahoo! will probably try and add “your medical records” to MyYahoo! some day. This is scary, scary stuff, but it’s almost inevitable. People are willing to give away just about everything these days for a free email account, so I guess I can’t blame Microsoft for going after the Holy Grail of online databases with the Health Vault initiative.

Health Vault : Can it be Secure?

In a word, no. As everyone in technology already knows, whatever is connected to the Internet will be exposed to prying eyes. The credit card companies know this, the hackers know this, the information brokers and their customers know this, and the government (including the military) knows this. They have security systems in place specifically because they know nothing is secure on the web. Those security systems involve watching the hackers as they penetrate and look around, and tricking the hackers with fake servers full of fake data (honeypots). Millions and millions of social security records have been compromised every year for the past few years. In addition to this more obvious fact (that health Vault won’t be secure), this health Vault is from Microsoft – arguably not a prime example of companies doing well with software security (based on our experiences with Windows and other Microsoft products’ security).

Health Vault and Privacy

This one is easy. What people don’t know, won’t hurt them. Privacy is to be “user-managed” with Health Vault. That’s the short story – it’s left up to YOU what you expose via your privacy settings. The longer story is unknown, but it seems pretty obvious that this approach is an excellent way to get as much access as possible to people’s data before they know what they are giving away, or how they can change their own privacy “controls”.

Hint to the hackers: where there is trust, there is an exploit. As soon as there is a “privacy control” it becomes a target (like a lock becomes the target once placed on a door). If someone resets your “privacy controls” without your knowledge, how soon will you notice?

Health Vault: Why is it so Valuable?

You will hear about the obvious benefits of a centralized health database because that makes for good press and is supported by marketing dollars. You will hear about the crazy conspiracy stuff because it makes for good press. You won’t hear about the real deal, some of which I know from my back ground as a biomedical engineer and clinical researcher. The real deal is that personalized medicine is the most promising advance in health care coming down the pipe, and personalized medicine is based on genetics and intimidate knowledge of individual data like health history and medical records. Some day soon we will be able to do a genetic screen in minutes, and determine accurate probabilities of your future health. We can already check on many disease states using hair and saliva samples, or possibly skin flakes you might leave behind at the coffee shop, hair salon, or hotel bathroom. Without a court order or any permission, someone can follow you, pick up a that frappucino straw you threw in the trash and test it for various diseases. What can they do with such knowledge about you?

They can set your medical insurance rates, for one thing. They can deny you a job if they see you will get real expensive in the benefits department before the expected retirement age. They can run your DNA against a centralized paternity database, just to see if maybe somewhere in the past you perhaps unknowingly fathered a child that is now 16 years old and in need of college funds or 30 years old an recently un-incarcerated for sociopathy. Think about the potential of a Web 2.0 Social Media community site for adopted or otherwise fatherless/motherless individuals… tell your story, speak of your memories, and try to connect with your “real” family. Monetized via a paternity database… “send in your hair sample and we’ll check across 200 million medical records… all voluntarily submitted”. I bet that would be wildly successful. Or how about affinity groups like “people likely to get ALS before they are 35″ or “Preparing for Alzheimer’s” or even better a Mensa-like “Perfect People – Meet other genetically Perfect People Here” monetized via the mandatory DNA screen and Health Vault database inspection.

They can craft custom medications designed to work for YOU specifically, based on your own health profile. What would the profit margins be on such personalized medicines? I guess another way to ask that would be, how much would YOU pay for a medicine that could save YOUR life? Exactly.

Health Vault: Why should you care?

Well you may know enough not to participate in Heaqlth Vault, but who among us has not felt the pressures of social change involving risky technologies like unencrypted email? The vast majority of Internet email is still today sent around the world in clear text, stored all over the place, and yet nobody seems to care. Have you ever been asked for your credit card information and decided it was better to call it in? And after you placed your order by phone, did you get an email confirmation that showed most or all of your name, address, phone number, and credit card information? Sent over that Internet, in clear text (readable form), accessible to many, many otherwise unprivileged eyes and likely stored in multiple locations outside of your control.

Back office people send stuff by clear text (unencrypted email) all the time, in violation of policies and procedures and probably privacy and credit card laws, but nobody cares because it keeps commerce moving. The more momentum “the system” has the harder it is to resist participating. The more people accept Health Vault, the more health systems will require it, perhaps even using it via back office operations without your overt knowledge. If you have ever worked in IT or IS, I know you believe me. If you have ever been without a drivers license, how did you manage to “show ID” as you seem to have to all the time these days? I imagine the line for “people not in Health Vault” would be quite a bit longer than the line for “regular people”.

Health Vault. Should be good some day, but right now, I think this is pretty scary stuff.

Resources:

★★ Click to share this article:   Digg this     Create a del.icio.us Bookmark     Add to Newsvine

9 Responses to “HealthVault (Microsoft Health Vault)”

  1. Price competition in health care is a pipe dream « Moneyed Politicians Says:

    […] But it doesn’t have to be that way. Efforts are underway to develop online patient databases to track physician and hospital performance, and the state could greatly benefit from these. The VA hospital has developed a system called VistA, which is excellent and freely available as open-source software. The state (or a private consortium) could and should expand VisTa into a Wisconsin patient database. […]

  2. This Week In SEO - 10/5/07 - TheVanBlog Says:

    […] HealthVault (Microsoft Health Vault) […]

  3. Mark’s Daily Apple » Blog Archive » Microsoft HealthVault: Empowering People to Lead Healthy Lives? Says:

    […] Microsoft’s HealthVault is scary stuff according to this concerned citizen […]

  4. » Google Health Platform - John Andrews - johnon.com Says:

    […] Following Microsoft’s Health Vault, Google has announced that the Google Health Initiative at the Web Summit. As allof us involved with search already know, Google reminds us: Google is already the starting point for a large majority of the health-related searches on the Web […]

  5. In the Heart of Matters Says:

    The Real Motivation for Microsoft HealthVault & Google Health?…

    I think I must be simple minded. 
    Since Microsoft launched its HealthVault beta on October 4, I’ve had no trouble finding opinions on whether or not the service is viable.  A representative sampling can be found here, here, here, here, here, a…

  6. William Fink R.Ph. Says:

    I would like to speak to some one from Microsoft about Health Vault. I am in the Clinical Pharmacy Consulting business. We also have a web based program that enables hospitals to receive pharmacy and laboratory data electronically in emergency departments, in patient hospital side, and urgent care centers. If you can give me some direction of who to speak to at Microsoft I would appreciate it.

    William Fink R.Ph.
    President, Managed Care Pharmacy Consultants
    President Rxaccord
    Tucson, Az.

  7. Amanda Says:

    This whole discussion reminds me of that movie Gattaca…

  8. Edward Gardiner MD Says:

    What a great idea , certainly would make the lives of ER docs and consultants much easier and more productive.Better access to information means better care.
    Don’t you think all the “big bad insurance company stuff” is overstated?
    you already have to disclose any illnesses to them at the time of sign up or they won’t cover you
    how is this any different?
    E M Gardiner MD

  9. » Google’s Microsoft Health Vault - John Andrews - johnon.com Says:

    […] Microsoft announced Microsoft Health Vault, for storing and retrieiving sensitive personal health records over the public Internet, I […]