HealthBlawg

David Harlow's Health Care Law Blog

  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

HealthVault: The end of the world as we know it?

October 23, 2007

Fred Trotter has thrown down the gauntlet: he says Microsoft’s HealthVault privacy policy doesn’t pass muster.  He chides Deborah Peel, director of the Privacy Rights Foundation for endorsing its privacy protections.  Martin Jensen at the HIT Transition Weblog, among others, is in agreement. 

Bottom line, they’re right, but so what?

Whose privacy policy really works these days anyway?  And we’re talking about medical records, right?  Those mostly paper records that get slogged around medical offices and hospitals and nursing facilities and imaging centers . . . . It’s not as if their security has never been subject to compromise before being locked up in the HealthVault.

Fred recoils in horror upon learning that Microsoft’s posted privacy policy is subject to change.

He wonders what might happen if Microsoft isn’t around when his great-great-great-great-grandkids need to review family medical histories.

Again, while it would be nice to have perfect privacy policies and practices to go along with the brand-spanking-new HealthVault, I think we are asking too much of new technologies if we expect the old wine to be transformed simply by being decanted into new bottles.

First of all, as many others have observed, there are plenty of other hurdles that Microsoft will have to vault over before facing this one head-on.  For example: (1) likelihood of individuals bothering with complete data entry and maintenance is low, so (2) use of data from the vault by other health care providers is relatively unlikely because it will not be viewed as reliable.

A panacea offered by some to the problem of sharing patient health information across providers is the RHIO.  Unfortunately, we have witnessed the failures of numerous RHIOs, big and small (e.g., Santa Barbara and Northeast PA, to name but two); and, in fact, one limitation of the RHIO is its first name: "regional."  The perceived demand HealthVault seeks to tap into is the demand for portability of personal health data, not regionally but nationally and internationally.  RHIOs seem to be able to tackle the problem locally on a technical level (witness MAeHC; see also MAeHC CEO Micky Tripathi’s blog), but long-term viability is far from assured given the struggle RHIOs have had with settling on a sustainable busniess model — and privacy issues are a concern for RHIOs too.  HIPAA does not apply to RHIOs, and while there is legislation pending that would extend HIPAA privacy protections to RHIOs (Wired for Health Care Quality Act of 2007), it is stalled in committee and is opposed by HIMSS.

The challenge remains the same: timely development of workable interoperability standards — and products that adhere to those standards and allow for real-time access to organized health records by all providers caring for a patient.

Fred and others point to Indivo, an open source solution with perhaps greater transparency than HealthVault (auditable, etc.); however, it is ultimately subject to many of the same concerns.  Unless I’m missing something, maintaining a personal health record that is complete, and up to date, and subject to HIPAA-type protections, is still little more than a pipe dream.

— David Harlow

Related Posts

  • Health Wonk Review is up at Health Care Policy and Marketplace Review

    Bob Laszewski collects the best of what all the usual suspects wrote on our summer…

  • Health Wonk Review is up at Health Care Policy and Marketplace Review

    Bob Laszewski has posted the latest edition of Health Wonk Review at his blog, Health…

  • Health Care Reform edition of Health Wonk Review is up

    Joe Paduda does a great job pulling together the best of recent policy posts from…

Filed Under: Consumer-Directed Health, Ehealth, EHR, Health 2.0, Health care policy, Health Law, HIPAA, HIT

« OIG advisory opinion OK's certain ambulance service support for county expenses
Rhetoric vs. reality, or, the not-yet-ready-for-prime-time universal health plans: Britain's NHS, Medicare (for All), and the FEHBP »

Trackbacks

  1. Trusted.MD Network says:
    April 10, 2008 at 11:14 pm

    MA eHealth Collaborative extends pilot for six months

    From today’s press release from MAeHC: The Massachusetts eHealth Collaborative (MAeHC) announces the extension of their electronic health record (EHR) pilot program. Thanks to efficient project management, funds remain from the Blue Cross Blue Shield of M

Threads

Follow me on: Threads

Mastodon

Follow me on: Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2025
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]