Monday, October 8, 2007

Microsoft’s HealthVault: Will it mean a broken HIPAA?

Microsoft is entering the arena of electronic patient records with a new online medical records site it calls "HealthVault."

It's always easy to bash the rogues from Redmond, a la
Slashdot; however, I think this is a topic far larger than Microsoft. Much is made of our right to keep our medical records private; that privacy is the purported reason behind the Clinton-era Health Insurance Portability and Accountability Act (HIPAA.) Yet, most Americans (the 255,000,000 or so of us with health insurance) waive that right to privacy to our insurers, and in many cases to our employers.

At the same time, many of us are using an increasing array of medical services. After all, it takes quite a bit of ongoing maintenance for us baby boomers to remain eternally "not old. " J That is the rationale behind Microsoft's entry into the electronic medical records business. Between my wife and I, there are at least seven physicians managing a variety of health issues. Our family doc's office does a commendable job of managing all that information, but getting to our own records is not a particularly convenient process. Under the Microsoft model, we would have unlimited access to our entire medical records, and make it easier to make them available if and when we come into the care of out of town specialists. You can read more about HealthVault here, here, and here.

The dangers to this naturally center on whether that data will remain truly secure, and how it might be otherwise used. For example, such a database would be a treasure trove of information for medical researchers. The use of sanitized aggregate data is nothing new in scientific research, but many people become concerned when the researchers are reading electronic data instead of paper records. In my opinion, the process of stripping identifying information from paper records creates a larger risk to an individual since somebody has to physically handle the original record and transcribe the anonymous data. An electronic system can do that without human eyes intervening.