Sunday, February 03, 2008
Microsoft's vision on health care
Summary: Microsoft outlined a grand vision, Health Vault, an online personal health information database on which doctors can post electronic medical records such as "scans, lab results, test results, visit minute" and people can view all those health records and share information with health care providers and insurance companies. MS is arguing that storing health data on the internet is as secure as storing it in a bank, but there are all kinds of privacy and security questions remaining. Use of this system will be free both for the users, doctors and also for the vendors. In the meantime, MS's business model depends on targeted search.
D - Customers' health data, ranging from doctors' reports, scans, lab results, test results, visit minutes (these are from doctors) to daily measurements of weight or blood pressure, everything in digital form.
O - Basic idea of 'Health Vault' is to enable users to access to their personal health information records any time, anywhere, via the internet. Both individuals and doctors can post the health data, and by owner's grant, certain people have access to those information, such as an insurance company.
C - It's web-based service. Centralized health database has obvious benefits as well as scary problems. Efforts are underway to develop online patient databases to track physician and hospital performance, and the state could greatly benefit from these, but in order to attract any users in the first place, Microsoft has promised to enforce strict privacy rules. There are concerns over data security and privacy, coupled with difficulty in striking partnership deals.
U - Consumers will be able to post & view information, as well as myriad health care providers and insurance companies. Health care providers (medical offices and hospitals) who signed up for the service could easily send test results in digital form to the vault, and patients could authorize them in turn to have access to various, carefully circumscribed bits of their personal data.
M - Standardization of health-information in digital form is critical for interoperability. Currently, Health Vault's business model centers on advertising, particularly search-related advertising. Use of this system is free both for the individuals that sign up for them and for the vendors and doctors that provide services.
E - Health Vault is the name of MS's new health-information product, storing records online. In conjunction with this, MS is also launching Health Vault Search, a secure version of its health care search engine.
N - It is a general belief that centralized health care information system will lower the overall U.S. healthcare cost, and also that centralized health database represents the single most profitable social media endeavor imaginable, which is why many IT companies are trying (have tried) to this. It's also a blue ocean market since most consumers don't have electronic access to their health records.
T - (Constraint) Storing records online is not secure - nothing is secure on the web. (Opportunity) Health Vault's search engine would work better than those of rival sites if it could examine users' health records and past queries, and thus provide the responses that are most relevant to each individual's situation.
-Eun Kyoung Choe
The word combination of 'Privacy' and 'Microsoft' is a very contentious subject. There are a wide range of opinions on the internet of how secure user's health information will remain in the Healthvault architecture. There are two points I would like to make here. The first revolves around privacy issues that need to be addressed with medical information in particular situations. For example, a parent or legal guardian might have access to a minor's health information unless it relates to sexual activity which is confidential and cannot be disclosed. How would situations like this be handled within Healthvault?
Second, people are very quick to point out the history of security vulnerabilities in Microsoft's architecture. However, think about these two points. Paper records are misplaced, lost and compromised more often then any health organization would care to admit. Also, I would argue that the majority of healthcare IT platforms in this country are built on Microsoft architecture already. Just some things to consider.
Creating and maintaining a UID for medical patients is actually much more difficult than one would think. Relying on user-reported demographic elements, such as name, date of birth, sex, address, etc. is dangerous because of data changes (i.e.: changing last names), input errors. Piggybacking on existing UID's, such as SSN, is also unreliable because patients often make up this number.
This issue can be considered a privacy and a security concern, because there is really no room for error here. Imagine if someone's lab results got sent to Microsoft's system and stored under an incorrect UID! The volume of the data being sent makes hand-indexing impossible. Microsoft will need to work out this issue before their sysem is even remotely feasible.
Thanks for the information!