MedMemory - Microsoft HealthVault ComparisonMedMemory has chosen not to offer a online service like Microsoft HealthVault for the many of the reasons outlined below. With a MedMemory Personal Health Record (PHR) you are in total control of all your medical records! Visit our Health Information Manager page to find out more about how MedMemory can help you store, organize, and develop your Personal Health Record
Friday, October 05, 2007
Microsoft's HealthVault Fault There has been much press lately about Microsoft's newly launched health Vault Web site designed to allow consumers to store and share their "personal health records" (PHRs)". Over the years, several different companies and organizations have tried to offer this kind of service and all have failed to generate much interest among consumers. According to a Wall Street Journal article:
"Microsoft Corp.'s quest to be a player in health-information services faces a broader challenge already rankling the health-care industry: how to collect information that many consumers don't even share with their families. 'The service throws Microsoft into a crowd of insurance companies, employers, Internet companies, start-ups and tech companies trying to provide digital-health records to patients and consumers. Included are Aetna Inc. and WellPoint Inc., which hold billing and claims data that they are trying to use to build personal-health records, and newcomers like Microsoft and Google Inc., which says it is working on a system but hasn't disclosed specific plans." (See "Microsoft's Health Push Faces Obstacles".) As the WSJ article points out, one concern for consumers is privacy. And consumers SHOULD be concerned, especially with a service offered by a company well-known for security lapses and violation of EU and FTC privacy laws and regulations. You may recall that both the EU and FTC sued Microsoft over its Passport identification and authentication system (see EPIC's "Microsoft Passport Investigation Docket") -- the same system Microsoft uses for the HealthVault registration process. According to the HealthVault privacy policy: To sign into the Service, you are asked to enter an e-mail address and password, which we refer to as your Windows Live ID or your Microsoft Passport Network credentials. After you create your Windows Live ID, you can use the same credentials to sign in to many different Microsoft sites and services, as well as those of select Microsoft partners that display the Windows Live ID or Microsoft Passport Network logos. By signing in to one Microsoft site or service, you may be automatically signed in when you visit other Microsoft sites and services.
Aside from the privacy and security risks inherent in centralized storage of personal information -- that's what Passport does -- there is the issue of who benefits the most form HealthVault, the consumer or Microsoft.
In 2001, EPIC filed complaints alleging that the Microsoft Passport system facilitates online profiling. EPIC claims that Microsoft officials have stated that the goal of the system is to create a profile of every Internet user, to upsell individuals to subscription accounts, and to engage in ad targeting of Passport members. Numerous surveys indicate that the vast majority of Internet users seek health information online. Consequently, the quickest way to sign up a majority of Internet users to Passport is through so-called "online health services" like HealthVault. But consumers see very little benefit in having an online PHR. As reported by the WSJ:
"Consumers are just not that excited about these services," said Elizabeth Boehm, an analyst at Forrester Research Inc. A scant 6% of consumers used a Web-based program or personal-computer software to track their health and medical information, while 94% said they use paper-based methods, according to a Forrester survey of 10,400 North American households in 2005. Anyway, why would you entrust your personal health information with a technology company known to be prone to privacy and security lapses? Wouldn't it make more sense to go with a service from a company with healthcare experience like Aetna or Wellpoint? While you may not trust health insurance companies, at least these companies must comply with health information privacy and security standards set by HIPAA and they have a good incentive to protect their clients' privacy unlike Microsoft, their business depends upon it. What about Google? They also plan to offer a similar service to consumers. I don't think too much of Google's healthcare savvy (see "Google's Old School Health Advisory Council"). But, more importantly, Google is competing with Microsoft and is sticking its nose into the health arena as part of its own plan for world domination of the Internet. Posted by John Mack at 6:37 AM
HealthVault: Privacy, a Complex Problem Underestimated.
Fred Trotter
Hacktivist, coding for social change
October 24th, 2007
I have passed my CISSP certification, marking me as an Information Security Expert. I had to pass a complex test and demonstrate that I had three years of full-time security experience to become CISSP certified. I have a four year degree in Computer Science, and I have been trained in Information Warfare by the United States Air Force at the Air Force Information Warfare Center in San Antonio. I have been trained in physical security by the United States Marine Corps (Hoorah). I have worked in Healthcare IT Security for over 5 years now. Frankly, I find the issue of Health Information Security to be extremely complex. Here are examples of the thorny issues that I face as a professional.
There are various State and National laws that govern the disclosure of HIV or AIDs status. These often mean that portions of medical records must be operate with different disclosure rules based on whether they reveal a persons HIV status. For instance imagine the physician discussing a patient with AIDS in the notes section for that patient.
” It would be good if Patient X could maintain their exercise regime. However, given his level of immune function, Patient X should stay away from public gymnasiums, which can be unsanitary. I recommend any kind of constant aerobic activity, three times a week for at least 30 minutes each.”
Normally a message like this would be ideal for a PHR to pass to a personal trainer, however the middle sentence arguably reveals the HIV status of the patient. There was no mention of the terms “HIV” or “AIDS” so a simple text search of the document could not easily determine that it was associated with HIV status. Yet this piece of patient information should be treated differently. The level of awareness that a PHR would need to have in order to determine that the note above is related to HIV status is equivalent to human intelligence. The PHR would need to understand English to such a high degree that it would be very close to passing the Turing Test.
The alternative, of course, is to have a person validate every piece of data to see if they reveal HIV status for patients whose PHR records are tagged with HIV positive status. But how many records could such a custodian hope to manage? What level of human-error would be acceptable from such a custodian? Assuming all the records were correctly tagged, how could a human accurately review thousands of medical data points in a given record?
But even those issues ignore the problem of who tags a record with HIV status. Perhaps the patient should be in charge of tagging the account with HIV status, so that automated systems could attempt to handle the rest. But what if a patient wants to withhold that status from the PHR?
What about Family planning and pregnancy status? Physicians must be very careful to follow local laws to know what extent a patients parents can be informed about their under-aged daughters reproductive condition. However, any other medical condition would obviously be under the purview of the child’s parents or guardians. There are also cases where the patients themselves cannot access their own records. Many psychiatrist records must be protected in this manner.
Can a patient remove the information that they have diabetes from their own record? Can they remove their allergy to penicillin? What if they removed it on accident? If patients can accidentally remove data, or can remove a diagnosis or allergy that they do not like, how can a physician or other healthcare provider rely on the contents of the PHR? If a physician knows that they cannot rely on the contents of the PHR, why would they both to add information themselves. If physicians do not add information to the PHR, why should its contents be trusted. Electronic trust is tricky.
If the patient cannot totally control every aspect of the record, does the patient really own the record? Does the healthcare provider own the record, even though the law often compels providers to produce and distribute a patients record?
How much information should payers (insurance companies, etc.) be able to see? Payers certainly must be made aware of the procedures that they will be paying for, but they should not be given so much information that they can discriminate inappropriately.
Lets sum up. Medical records belong to the patient, except when they don’t. They should be accessible to the patient except when they shouldn’t. The records of minors are always open to their guardians except when they are closed. Segmenting data in order to protect portions of health information is currently an intractable problem of free-text analysis. Tagging patient records with critical information is difficult. Trust is far more complex than is first seems. Finally, patients should be allowed to “control” their own record, except when that control would allow them to do something that would invalidate the record. This is just a taste of the kinds of problems that I have run across during a career as a health information privacy professional. Notice that a deep understanding of several of these problems requires enough Computer Science know-how to understand why free text analysis is a difficult problem. The other problems required at least shallow understandings of medico-legal issues, which seems simple until you consider how you are going to design a PHR or EHR to meet these requirements. How do you design a PHR so that “control” can be so finely parsed? How do you put the doctor in charge sometimes, the patient in charge other times (except to undo what the doctor did), the teenage daughter in charge, for only one of her medical issues, in such a way that her parents are not informed about that one medical issue, but are in charge of everything else?
In short “patient privacy” is a very, very complex problem that requires some pretty high level thinking and is pretty easy to mess up. Currently, Microsoft is using a very dull blade to try and make these fine distinctions. Their solution is to give absolute control to a “role” and then give you the consumer the right to decide who gets the “absolute control” role. In short Microsoft is pushing the complexity, subtly and difficulty that I described above on their users. In subsequent HealthVault articles I will consider the implications of that
The Health Information Manager: The Next Generation Of Medical ID's & Identification Is Here!The modern history of Medical Identification started with Military Dog Tags and has progressed to medical bracelets and now the next generation medical identification and medical records management is a MedMemory Personal Health Record The MedMemory Health Information Manager is a Personal Health Record that is a revolutionary advancement of traditional medical identification products that allows an individual to store critical health and medical records with other key information on a Medical Alert designed flash drive. The MedMemory PHR is the future of medical identification - a great management tool for Caregivers, Business Travelers and must have for PERS users. Included with every MedMemory Medical-Alert PHR purchase are 15 Health, Medical and Lifestyle Forms. Some of the included templates are: Medical Release Form, Power of Attorney, Living Will, Emergency Contacts Form, Advance Directives Form, Allergy Log, Immunization Log, Diabetes Log, Insurance Forms and Providers Template. To view all templates click here: http://medmemory.com/templates.html About The MedMemory Health Information Manager As an electronic Medical Identification PHR Medical-Alert / Medical Bracelet type device, MedMemory can store a dazzling array of critical information, such as lab results including glucose measurements, cholesterol readings, blood pressure readings and your current weight. This product doubles as a Medical-Alert / Medical Identification / PERS - personal emergency response system - and can store identifying information that can make a huge difference in the event of an emergency. As an electronic health record (EHR), MedMemory can hold imaging results like X-rays, CT scans, MRs, PETs and ultrasounds; additional tests and readings - like EKGs and pulmonary functioning tests - can be stored on MedMemory as well.
MedMemory is a personal high tech Medical-Alert / Medical Identification program and storage device that you can bring it with you everywhere, including to doctor's visits. Rather than experiencing the delays associated with transferring records from office to office you can have them on hand and bring them along anywhere they go; it is a genuine health record. Redundant tests are eliminated, saving everyone a great deal money on medical expenses - and saving you valuable time. Your records are kept under control more efficiently, creating a far superior level of personal information management than is otherwise possible. With excellent customer support, MedMemory will never leave you in the dark. WHY YOU NEED A PERSONAL HEALTH RECORD!IN AN EMERGENCY:Critical information about your identity, conditions, medications and allergies are available in seconds! ROUTINE PHYSICIAN VISITS: Prevent errors, unnecessary testing, save time and insure accuracy while at a healthcare visit CONTROL YOUR INFORMATION: You have legal control of all your own medical information! Access medical records anytime and lock/unlock data as YOU choose! PEACE OF MIND: Avoid relying on physician’s, hospitals, insurance companies to maintain your medical records ASSIST YOUR PHYSICIANS: Avoid confusion and errors between multiple doctors by having your complete health and medical records available SAVE ON MEDICAL EXPENSES: Decrease your out of pocket health care costs due to redundant expensive medical testing TAX DEDUCTIBLE: MedMemory can be deducted as a health care expense PHYSICIAN DESIGNED/MANAGED:Designed by physicians from the Yale University School of Medicine for their patients. EASY TO USE:Software is extremely very user friendly and intuitive NO computer skills needed - Autolaunches automatically TRUE CLIENT SUPPORT: The best US-based support in the industry! Phone, email, instant messaging and online web-based support available 24-7 .Concierge data loading service available ENDORSED BY PRESIDENT OBAMA: “electronic health records could cut waste, eliminate red tape, and reduce the need to repeat expensive medical tests...it will save billions of dollars and thousands of jobs...it will save lives by reducing the deadly but preventable medical errors that pervade our health care system.” (1/12/2009, CNN.com). Free Medical FormsThe MedMemory PHR program includes 15 free http://medmemory.com/templates.html (A $19.95 Value!) hard to find costly commonly needed medical, health and lifestyle forms (Living Will, Advance Directive & Medical Release) that simplify the development of your Personal Health Record.
Concierge Data Loading ServiceIn addition MedMemory is the only company that offers a low cost flash drive based HIPPA compliant Concierge data loading service to assist you in developing your own Personal Health Record. MedMemory’s only mission is to put only you in control of your medical information! MedMemory is the revolution of the Medical ID the and intelligent choice for the development of your life saving Personal Health Record! Visit our Health Information Manager page to find out more about how MedMemory can help you store, organize, and develop your Personal Health Record. To Receive Free All 15 Medicals Forms On Your MedMemory Medical-Alert Health Information Manager Order Your Drive Today! Pill Box, Key Chain, USB drive. Credit Card USB. Value Model USB To Receive A Free Copy Of Any MedMemory Health Tracking Or Medical Form Email: sales@medmemory.com Or Call 1-888-633-6679
| 
