Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Working On Health Information 'Vault' System

Zonk posted more than 6 years ago | from the vaults-can-be-cracked dept.

314

josmar52789 wrote with an article from the New York Times, discussing Microsoft's new push into the consumer health care market. The plan is to offer personal health care records online via a system called HealthVault. Numerous big names in the medical field have signed up for the service, including the 'American Heart Association, Johnson & Johnson LifeScan, NewYork-Presbyterian Hospital, the Mayo Clinic and MedStar Health'. The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities: "The personal information, Microsoft said, will be stored in a secure, encrypted database. Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol levels. "

cancel ×

314 comments

Let the Stone Throwing Begin! (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#20855437)

Lets see what kind of unfounded, absurd, and irrational comments you social rejects can come up with!

Re:Let the Stone Throwing Begin! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20855463)

This article only proves that Microsoft, in league with Helen Thomas, was responsible for the 9/11.

Re:Let the Stone Throwing Begin! (1)

Jawnn (445279) | more than 6 years ago | (#20855687)

Nah... Like shooting fish in a barrel, there's no sport in it.
But I will say that the announcement did provide the best chuckle I've had all day.

Re:Let the Stone Throwing Begin! (2, Funny)

blcamp (211756) | more than 6 years ago | (#20855815)


Actually, I would have said "Let the CHAIR Throwing Begin!"

unsubscribe (4, Funny)

Anonymous Coward | more than 6 years ago | (#20855461)

unsubscribe

Oxymoron..... (0)

Anonymous Coward | more than 6 years ago | (#20855589)

Microsoft......secure? No thanks, I'll pass....

Please Permanently Vault (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20856005)


George W. Bush: The World's Most Dangerous Person [whitehouse.org] .

Thanks for your support.

I predict (0)

Anonymous Coward | more than 6 years ago | (#20855477)

There will be a breach and Microsoft will be sued. I predict they'll end up losing a lot of money on this long term (assuming they stick with it long enough).

Mod parent funny or obvious (1)

reidconti (219106) | more than 6 years ago | (#20855541)

... since they lose money on virtually everything they do, short of Windows and Office. I bet they make money on keyboards and mice, too.

Microsoft's successful formula (5, Funny)

us7892 (655683) | more than 6 years ago | (#20855485)

Microsoft is starting its long-anticipated drive into the consumer health care market by offering free personal health records on the Web and pursuing a strategy that borrows from the company's successful formula in personal computer software.

I'll bet this sentence is not going to go over too well with the slashdot crowd.

Re:Microsoft's successful formula (1)

Opportunist (166417) | more than 6 years ago | (#20855559)

Must've been borrowing for a while now. If I was MS, I'd sue to get it back.

Re:Microsoft's successful formula (0)

Anonymous Coward | more than 6 years ago | (#20855937)

I have milk in my nose and on my face thanks....

Re:Microsoft's successful formula (2, Informative)

SoCalChris (573049) | more than 6 years ago | (#20856051)

I don't think that anyone can argue about whether they have a successful formula in personal computer software. They've made billions using that formula.

Re:Microsoft's successful formula (1)

iONiUM (530420) | more than 6 years ago | (#20856087)

You can dislike Microsoft's business practice all you want, but they are "successful" in a financial sense. Nobody, not even slashdot users, can deny that.

Monopoly Abuse. Re:Microsoft's successful formula (1)

twitter (104583) | more than 6 years ago | (#20856097)

"... borrows from the company's successful formula in personal computer software." I'll bet this sentence is not going to go over too well with the slashdot crowd.

I don't have a problem with that statement at all. It's nice of them to admit they are and be described as a one trick pony. The only "formula" they have is monopoly abuse. Everything else they do is a failure, especially security [slashdot.org] , but they don't care about any of it.

Will they continue to be a success by their own standards? No, they have already failed. [slashdot.org] In fact, the article looks like hype and might actually piss the hospitals off. Are they all really jumping in with both feet when most of them don't even want to go to Vista? I doubt it.

Re:Monopoly Abuse. Re:Microsoft's successful formu (3, Insightful)

everphilski (877346) | more than 6 years ago | (#20856237)

It's nice of them to admit they are and be described as a one trick pony.

One hell of a pony ...

Sure.. (0, Troll)

Anonymous Coward | more than 6 years ago | (#20855487)

I know I'd gladly trust my personal information to a Windows-based system. After all, Microsoft says it's secure, and they totally nailed security in Windows 95 ^H^H 98 ^H^H 2000 ^H^H^H^H XP ^H^H Vista

Re:Sure.. (1)

Silas is back (765580) | more than 6 years ago | (#20855837)

Same here; my health-records stored on Windows-Servers with Microsofts own software?

Won't happen.

Re:Sure.. (0)

Anonymous Coward | more than 6 years ago | (#20856287)

9 9 2 X Vista?

Oh yeah, triple secure. (2, Insightful)

photomonkey (987563) | more than 6 years ago | (#20855495)

This sounds like one horribly, terribly bad idea to me from a security standpoint.

Also, I can't help but believe that 'anonymous' information will be handed over to drug companies so they can 'research' their 'market'.

Some things are still best done with paper and pen.

Re:Oh yeah, triple secure. (5, Insightful)

Em Adespoton (792954) | more than 6 years ago | (#20855701)

This sounds like a horrible idea to me from other standpoints too:

1) Medical professionals never like patients to have full access to their records, as if a patient misunderstands something on their file, their life could be at stake based on the decisions they make.

2) The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.

3) The system appears to be designed so that MS can sell aggregated data to drug companies and insurance companies. Seems to me though that even with aggregated data, you could reverse-mine it to have a reasonable suspicion regarding individuals (you'd know trends, which would help in searching for more specific details)

Anyway, the whole thing could be really useful if used correctly, but there are so many ways it could be misused even if the system doesn't have a major security breach that I for one would never use it.

Re:Oh yeah, triple secure. (1)

zifferent (656342) | more than 6 years ago | (#20855869)

This sounds like a horrible idea to me from other standpoints too:

2) The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.

Uhmm that was already the hidden agenda of the HIPPA regulations. The government has complete access to your medical records.

Re:Oh yeah, triple secure. (1)

ejdmoo (193585) | more than 6 years ago | (#20855885)

The US has this thing called the PATRIOT act, and MS has agreements with some agencies allowing back-door access to data they host. Let's just say that I highly doubt this information will be protected from people working for US "security" agencies.

Proof?

Proof.. (0)

Anonymous Coward | more than 6 years ago | (#20856053)

You can't prove the PATRIOT act has caused any damage because you aren't allowed to talk about it. It's a national security kind of thing, you know.

Re:Oh yeah, triple secure. (1)

ShieldW0lf (601553) | more than 6 years ago | (#20856225)

Aside from all that, does anyone find the idea that hospitals could be shut down with no more difficulty than erasing an illegally copied politically newscast off a TCP compliant DVR intimidating?

What happens when a small county hospital can't afford to pay, so they lose access to the data they depend on to treat people? Spend a few years in court establishing that this is a problem?

Hell, there seems to be a lot of concern about foreign nations using cyber-warfare to attack another nations critical infrastructure. So, that being the case, why in the sweet hell would you want to take something as critical to human life as medical records and centralize them?

Wouldn't we be safer making do with a little less privacy and having them replicated automatically from hospital to hospital?

Honestly... I don't care if you guys know that I broke 5 ribs 15 years ago, have bad eyesight and am allergic to Ceclor. Snoop away, no skin off my ass. But you better fucking believe I want every hospital worker and their mom to know all about it.

Re:Oh yeah, triple secure. (4, Insightful)

Evanisincontrol (830057) | more than 6 years ago | (#20855723)

Like it or not, your medical information is going to become electronic. Microsoft isn't the first company to propose an Electronic Health Record [wikipedia.org] -- not by far. The Cerner Corporation [cerner.com] , for example, has been working modernize the health record since 1980. There are at least two universities [rit.edu] in the U.S. which host a major in Medical Informatics, a program specifically designed to produce experts in this very subject.

Try to fight the Electronic Health Record is like trying to fight the use of computers in any other field -- it's inevitable.

Re:Oh yeah, triple secure. (1)

jpfed (1095443) | more than 6 years ago | (#20855971)

Oh yeah?!? Well my employer [epicsystems.com] has been working to modernize the health record since 1979!

Re:Oh yeah, triple secure. (0)

Anonymous Coward | more than 6 years ago | (#20856321)

Was this company the same as Disc several years ago?

M$ Onwership is Not Inevitable. (1)

twitter (104583) | more than 6 years ago | (#20856211)

Try to fight the Electronic Health Record is like trying to fight the use of computers in any other field -- it's inevitable.

Sure, but we don't have to roll over while M$ brings their culture of greed into medicine. There's no good reason to give control of medical records to a third party like them. Free software already has the answers and is already used by GE, Phillips and other medical equipment makers with a clue.

Re:Oh yeah, triple secure. (1)

BuhDuh (1102769) | more than 6 years ago | (#20856241)

Am I alone in not trusting MS to secure a horse to a hitching rail?

Uh uh. (3, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#20855499)

Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or, say, test results showing blood pressure and cholesterol level
The hell I will! No way, Jose. Fuggeddaboudit!

The last thing I need is an employer or potential employer tracking down my medical records. Or the CIA, NSA, ATF, or cybercriminals or any other organization or individual who wishes to covertly steal my personal data for nefarious purposes.

Do you know what your medical history contains and how it can be used against you? I do.

Re:Uh uh. (0)

Anonymous Coward | more than 6 years ago | (#20855609)

A vote for ron paul would allow such a system because government oversight is BAD...

Re:Uh uh. (2, Funny)

Anonymous Coward | more than 6 years ago | (#20855615)

You do? How did my last screening turn out? I can't get hold of a real person to ask.

Re:Uh uh. (5, Interesting)

nine-times (778537) | more than 6 years ago | (#20855657)

Well, yes, there's a potential problem any time you put enough personal information into one place: sure, it's more convenient for the appropriate people to access, but it's also more convenient for someone to steal.

My bigger concern, however, is that this is Microsoft proposing this. It makes me want to vet the idea for possible abuses. Beyond the obvious privacy concerns, is Microsoft going to make it accessible only to Windows Vista machines, thereby forcing the entire medical system and any potential clients to upgrade, followed by years of lock-in?

Even if such a system is going to be set up, I'd rather someone with a good track record build something that makes use of open formats and protocols. I'd like to know that my family's medical records aren't going to go up in a puff of smoke because Windows Update decided my Office license wasn't "genuine", or something other bizarre thing.

Re:Uh uh. (4, Funny)

jimicus (737525) | more than 6 years ago | (#20855903)

is Microsoft going to make it accessible only to Windows Vista machines, thereby forcing the entire medical system and any potential clients to upgrade, followed by years of lock-in?

Not at all. It will be web based, and provided you're running Internet Explorer 8 you're fine.

Oh, didn't we mention? IE 8 will be Vista with SP1 only.

Re:Uh uh. (0)

Anonymous Coward | more than 6 years ago | (#20855939)

It makes me want to vet the idea for possible abuses
A person might ask you to provide your credentials for doing so, considering you don;t know the difference between vet and vett. And your propensity to ask leading questions based on complete assumptions.

Re:Uh uh. (0)

Anonymous Coward | more than 6 years ago | (#20855997)

I'd like to know that my family's medical records aren't going to go up in a puff of smoke because Windows Update decided my Office license wasn't "genuine", or something other bizarre thing.
If it would wipe my records off of their servers I would keep an obviously "pirated" install just for regular connection to their services.

"Blue screen of Death" to have a whole new (5, Funny)

unity100 (970058) | more than 6 years ago | (#20855509)

meaning, that is.

Re:"Blue screen of Death" to have a whole new (4, Funny)

Joe the Lesser (533425) | more than 6 years ago | (#20855845)

Error: Could not find liver.dll

missing tag (1)

ruffles321 (1023357) | more than 6 years ago | (#20855513)

defectivebydesign

Standards (1)

jshriverWVU (810740) | more than 6 years ago | (#20855517)

What I'll find amusing is if Microsoft actually follows the legal protocol that such an application has to follow. There are many laws dictating how medical data get's stored, how, and how it is to be accessed. My guess is that MS will "do their own thing" and try to market it as a new feature, even if it breaks a couple laws or compromises our medical info.

Re:Standards (1)

ScentCone (795499) | more than 6 years ago | (#20856031)

My guess is that MS will "do their own thing" and try to market it as a new feature, even if it breaks a couple laws or compromises our medical info.

No, my guess is that they'll follow all of the HIPPA requirements, and as a result their service (and anyone else's, trying to accomplish the same thing) will be - just as HIPPA requires - such a gigantic PITA to use that it simply won't be used. People will just die from drug interactions the good old fashioned way, but do so with more privacy.

Hailstorm (3, Insightful)

Saint Stephen (19450) | more than 6 years ago | (#20855529)

Remember Hailstorm? The plan was to expand Passport to first include calendar, todo, and some other web services, and then to provide an ActiveDirectory back-end for auth and ultimately to include all these kinds of services (including payroll and AR/AP data) in a massive cloud.

Privacy experts freaked out, but Microsoft never cancels anything.

Agreed (1)

twmcneil (942300) | more than 6 years ago | (#20855693)

Sounds like one more attempt to resuscitate Passport.

Lock up (2, Funny)

OK PC (857190) | more than 6 years ago | (#20855561)

Well at least the Vault will always lock up...

Free medical records on the web? (1)

Enlarged to Show Tex (911413) | more than 6 years ago | (#20855563)

M$ is aware that the medical industry is home to some of the strongest privacy and security regulations, are they not? Or are they going to use a few campaign contributions to relax or otherwise eliminate provisions in HIPAA and other regulations associated with medical records? Color me crazy, but with M$'s track record in the area of security, I wouldn't be so certain my medical records would be handled in accordance with US law...

Re:Free medical records on the web? (3, Interesting)

mpapet (761907) | more than 6 years ago | (#20855825)

The actual HIPAA regs appear quite stringent, but you'll find that they don't make the data more secure.

For example, Use is well-defined in many cases, but actual security mechanisms are not. This kind of programming is right up Microsoft's alley. Not only is the security model pretty weak, there's limited interoperability requirements.

Please, read the standard. It's not fun reading, but the average /.'er will probably discover it addresses some basic stuff, but leaves the door wide open for familiar and massive compromises.

http://www.hhs.gov/ocr/hipaa/ [hhs.gov]

Yeah... (1)

Cleon (471197) | more than 6 years ago | (#20855565)

The ultimate purpose of the service is to provide an online accessible but highly secure service to patients and medical facilities:

Yeah...That's gonna work out well. After all, whose products are more secure than Microsoft's?

Re:Yeah... (1)

jonesy16 (595988) | more than 6 years ago | (#20856065)

Well, NTFS may be a major pain when it comes to fragmentation and journalling support, but it does have one of the best security systems out there in terms of cascading permissions. Most *NIX filesystems only provide you with three tiers of controls: owner, group, everyone. On XP/Vista/NT you can provide as many levels of permissions for as many users as you want with much finer control than just read, write, access. With this in mind, we shouldn't say that microsoft is completely insecure. It's much easier to secure a service that's proprietary in nature and runs on a single maintained backbone than it is to provide security for an OS with some near billion number of users on everything kind of crap hardware imaginable.

Now, I'm not proposing that Microsoft should be the ones in charge of such a project, in fact it makes me shudder at the thought. It would even sound better if they were just being contracted by one of the other organizations that was mentioned instead of the other way around. But if not MS, then who? You asked who does have more secure products and I'm not sure there's a good answer to that. Every OS has security vulnerabilities (as anyone on here will tell you). And most people will agree that those exploits aren't a huge concern when you only make up ~1-5% of the computer market.

In a situation where you're setting up a massive database of personal information, you immediately supercede any metric for target size and jump straight to the top of the "attack me" list. So which OS / Company / Organization should head such a product. Haha, or better yet, choose between microsoft and the government . . . you may not get a third option!

Microsoft security expertise (0)

Anonymous Coward | more than 6 years ago | (#20855587)

A Microsoft built *secure* health database...what could possibly go wrong with that? Of course, I'll let the company with the worst security record in the world track my health records.

Yeah right (0)

Anonymous Coward | more than 6 years ago | (#20855597)

I don't trust Microsoft and I don't trust their products.

The only thing Microsoft can be entrusted with is fucking people over.

Google Searches too (4, Funny)

svendsen (1029716) | more than 6 years ago | (#20855603)

Man if anyone could link Google searches to individuals we would know every person's medical condition.

Google Search: Itchy crotch

NSA: Hey Fred Smith has crabs again...lol

MS and security? (1)

Opportunist (166417) | more than 6 years ago | (#20855605)

The company that gave us the ultimately secure Windows OS and the uncrackable Passport?

Say, are the people who are in charge of this living on another planet? I mean, even a non-technical person should have heard by now that "MS" and "security" in the same sentence are usually only used if there is also at least one of the group "flaw", "leak", "compromised" or "nonexistant" in the close vicinity.

In other words: How much was it?

Re:MS and security? (3, Interesting)

suv4x4 (956391) | more than 6 years ago | (#20855725)

The company that gave us the ultimately secure Windows OS and the uncrackable Passport?

As you know, Windows' security issues are ones of legacy. The more they fix it, the more they wreck existing apps.

Apart from this, I have to be honest with you: I'd rather have Microsoft work on this health information system, than some unknown little entity that just is in to grab the money and run.

Microsoft is here to stay, and while they may not end up with the most perfect solution possible, they don't need the money desperately, and can't hide if a major security breach occurs (and it's their fault).

Re:MS and security? (1)

Opportunist (166417) | more than 6 years ago | (#20855901)

...and can't hide if a major security breach occurs (and it's their fault).

No, they can't hide. And won't. And needn't. They'll simply say "gee, we're sorry" and get away with it. As usual.

When was the last time you've seen a large (IT) corporation being forced to take responsibility for the damage they did? Especially if it's "only" privacy leaking.

Re:MS and security? (1)

colonslash (544210) | more than 6 years ago | (#20855951)

Microsoft is here to stay

MS has been around for a while now, but Vista isn't taking off and Office may be cracking under the weight of competition and switches to ODF. They have tried to get into other markets, but, AFAIK, they haven't been successful anywhere else.

In 2002, I gave them 10 years, and I think I am right on track.

Re:MS and security? (1)

cduffy (652) | more than 6 years ago | (#20855985)

Apart from this, I have to be honest with you: I'd rather have Microsoft work on this health information system, than some unknown little entity that just is in to grab the money and run.
Yes, but the other entities getting into this space aren't exactly little and unknown, either. One of those has a name that starts with a "G", and I personally suspect that MS decided to get into this field principally to avoid one of their major competitors pulling one over on them again.

Re:MS and security? (1)

Dusty00 (1106595) | more than 6 years ago | (#20856335)

You actually mentioned the biggest reason I don't want them to have my personal data is the reason they're here to stay.

Microsoft stops even trying to make a quality product the second they don't have to and what's more they blatently flip their own customers the finger. I have yet to hear a spin on DRM in the OS that even makes it sound like it was designed as a benifit to the customer and it's in there none the less. If this takes off and Microsoft no longer has to care about making a secure or good product what they have in their hands to f**k up is a lot more important that what OS I use and I image will be even harder to migrate from.

Minnesota eHealth (1)

SleptThroughClass (1127287) | more than 6 years ago | (#20855621)

Minneota eHealth [state.mn.us] is intending to share records. I just hope it won't require Microsoft technology. That would be sickening.

microsoft vs security (3, Insightful)

oktokie (459163) | more than 6 years ago | (#20855641)

I personally think microsoft windows server is a great platform to build websites.
There are range of tools and cookie cutter stuffs already written for in asp/net allows very powerful function to exist especially inter-operate ability with different MS product like sharing outlook generated schedule via exchange server out to web portal.

However, putting medical records requires requires middleware between ms platform and medical softwares. I see this use of middleware becomes security problem here. Windows do not work very well when 3rd party glue is applied to the what seems to be rigid architecture it shares between products of ms. This inability to have full control over the protocol, situation usually involving previously unthoughtful of...should I say out of boundary for what original purpose of the software calls for...ends up becoming the problem.

Oktokie

Beats the status quo (0)

stratjakt (596332) | more than 6 years ago | (#20855645)

Think about it. Now there's just one big corp with deep pockets to sue when things go wrong.

This kind of shit is sitting around in excel files in those clerks flash drives right now.

I also like the idea that I can directly access my info, although I'm going to guess the system is going to be more about benefits enrollments and 834 transfers than anything else.

Let's start a lottery on this (1)

n0ano (148272) | more than 6 years ago | (#20855663)

Actually, 2 lotteries, one for how long it will take before this system is first compromised and the second for how long after that until MicroSoft admits that the breakin occurred.

I pick 6 months & 7 months, respectively.

I wouldn't trust MS to store my phone number (1)

olddotter (638430) | more than 6 years ago | (#20855691)

I'm not about to give MS any person medical information.

And sell your health info back to you (3, Insightful)

christian.einfeldt (874074) | more than 6 years ago | (#20855717)

and require Microsoft Windows to access it.

No thanks.

Just look at what Microsoft is planning to do with Office Live or whatever they are calling it. You need to have Microsoft Office installed locally on your HD. All you are storing is your data. GNU Linux OSes probably won't even be able to run WINE to access those Office Live files. So even if they don't actually charge to access the data, it extends their reach into your life.

Per usual "revise and extend" behavior... (1)

C10H14N2 (640033) | more than 6 years ago | (#20855773)


So, great, they got their grubby hands on a copy of the HL7 schema and dropped in into an encrypted database. Whoop-dee-doo.

Sounds Good (2, Informative)

RAMMS+EIN (578166) | more than 6 years ago | (#20855777)

``...privacy controls are set entirely by the individual, including what information goes in and who gets to see it. The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record. Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or...''

That sounds good. You actually get full say in who is allowed to do what, and "give permission" sounds like the permissions are secure by default.

I have about zero trust that Microsoft will actually implement this correctly and securely (I've seen far too many stupid bugs from them lately), but at least they're saying the right things. Not vague promises that it will be "very secure", but an actual description of the security controls they are planning to provide. Moreover, those security controls seem to actually provide the security one would want in such a system.

Think of the children (0)

Anonymous Coward | more than 6 years ago | (#20855793)

If enough people contribute enough data over a period of 40 or 50 years, that data could be mined for a lot of really useful information. Such things as how lifestyle choices affect a person's health (is it fatty meat that causes obesity and diabetes, or is it starchy foods?) or long term affects of medicines (do statins raise the risk of stroke?)

In fact, given the age of most /. readers, this project could well make *your* retirements years longer and more comfortable!

Re:Think of the children (1)

safXmal (929533) | more than 6 years ago | (#20856293)

How long do you think it is going to take before you have to give permission to prospective employers to see your complete file? Longer than it took before almost everybody has to undergo a credit check before being hired?

Are you kidding me? (1)

PontifexMaximus (181529) | more than 6 years ago | (#20855797)

I don't trust MS to determine if my copy of Windows is Genuine, do I really think they can keep my medical history safe? Hell no. How long do you think it will be before they cut a deal to 'share' that information with marketers/insurance companies for a buck or two?

To Microsoft: NOT A CHANCE IN HELL. I'd prefer running naked through a pile of broken glass than let you have my medical information.

Microsoft & Health? (1)

maxwell demon (590494) | more than 6 years ago | (#20855801)

Must ... resist ... "whole new meaning of BSOD" joke ...

Threats to our health data privacy... (0)

Anonymous Coward | more than 6 years ago | (#20855805)

Anybody else suspecting that big health insurance industry money might be behind this and other threats to the privacy of our health data? Can you imagine a world of tomorrow where all your health data (as well as artificially manufactured bogus data) is kept in Health Reporting Bureau databases (just like the credit reporting bureaus) that the individual person is effectively powerless to audit/dispute/change despite laws supposedly in place to safeguard our rights? HIPAA was a blow to the health insurance industry's long range plans and goals, much more effective for the consumer than the FDCPA and FCRA have been on the credit side of things, and the health insurance industry is out for revenge and will not stop at anything to engineer a "solution" to get around the law or to get the law changed to benefit themselves.

Re:Threats to our health data privacy... (1)

base3 (539820) | more than 6 years ago | (#20855843)

That world is already here. Google for "Medical Information Bureau".

Except for the tinfoil hat crowd...not a bad idea (3, Insightful)

notaprguy (906128) | more than 6 years ago | (#20855827)

Putting paranoia aside, managing healthcare information is a major pain in the butt. I see this as a way for ME to control how my information is shared rather than my Dr. or my insurance provider. If this idea matures I can see how insurance providers and health providers would need to ask for the patients permission to exchange information rather than just doing it...which is what happens today. If you're worried about the CIA looking into your health information this isn't going to make the problem any worse. Perhaps a little medication might alleviate your stress on that...

Anonymous? (1)

DoofusOfDeath (636671) | more than 6 years ago | (#20855833)

The HealthVault searches are conducted anonymously

What does this mean? I hope it doesn't mean that there's no record of who it was that peaked into your medical records.

More features (1)

Impy the Impiuos Imp (442658) | more than 6 years ago | (#20855857)

Let's not forget the best feature of all: They'll give the government a back door into it, in exchange for the government backing off on the anti-trust lawsuits, just as was done for a backdoor remote control into Windows.

Nah.

Just kidding.

Go on about your business.

Great (1)

richardellisjr (584919) | more than 6 years ago | (#20855859)

Now not only Microsoft bad for the help of my computer but bad for my health as well. What's next my car... oh wait they're trying to get in there also, stereo - nope trying there, phone - ditto. I know, Microsoft isn't bad for health of my dog - yet. I can see it now microsoft dog, won't do what you say, will eat all of my documents not created in word or excel, will help burglars by opening the door for them and will need to be kicked every couple of days because it turns blue and keels over.

Next Doctors visit might go something like... (5, Funny)

EvilSpudBoy (1159091) | more than 6 years ago | (#20855863)

Doctor: I've examined you, and reviewed your MSMedicalHistory(tm) and it looks like you are in fine health, though I see your blood pressure is slightly higher than last time.

Patient: Well, work has been a bit stressful, should I worry?

Doctor: Not at all. It is still good for your age. Have you tried Halo 3?

Patient: huh?

Doctor: Video games are a great stress reliever. If you don't have an Xbox 360 with Halo3, I can put in an order for one for you. Have you had any other problems?

Patient: Sometimes I get a headache from staring at the computer too long.

Doctor: Hold on -- there, I've adjusted your screen resolution and font size on your home and work computers.

Patient: Umm.....

It's about time (1)

businessnerd (1009815) | more than 6 years ago | (#20855871)

I've been wishing for a system like this, but on a much more mandatory basis for some time now. It is one reason I am in favor of a universal health care system, where all hospitals, clinics, doctors, etc. have access to a single health care information system. Anyone who's been to an emergency room can see the benefits of such a system. Instead of playing 20 questions with the emergency room docs and hoping you don't leave out anything important, they can instantly download your file. They don't' have to request it from your doctor and they get an instant snapshot of your health records. What are you allergic to? Did you have surgery recently? Were there any complications with said surgery? The point being that if I am on vacation and need medical assistance, the doctors will have all of the same information my personal doctor has. Given equally skilled doctors and equally equipped facilities, I will get the same quality care.

Of course, there are some downsides, but they are mostly the tin-foil-hat-wearing kind. A central database of your health records could be infiltrated, thus compromising your privacy. There are a lot of people who would want to know how healthy you are, but it's really none of their business. This could be potential employers, political competitors, etc. Security would have to be a number one priority of such a system. Unfortunately, you can never be 100% secure. That's why I'm unhappy Microsoft had to be the one with the initiative. Any Slashdotter worth his salt is aware of Microsoft's security track record. And of course all of those electronic documents will be in a proprietary format (and yes OOXML might as well be proprietary). But at least maybe someone else who knows how to do it right will decide to compete. At least the issue is being raised.

Big, Broken Brother Microsoft (0, Flamebait)

Doc Ruby (173196) | more than 6 years ago | (#20855907)

Even if these records were under my own control, on a my server, behind a firewall I control, in my home connected over my home broadband, or some other system where I control physical and network access to it, I still wouldn't trust Microsoft to control it.

Microsoft has proven that it should be trusted with info only when absolutely necessary, like when you're already locked into its OS/software monopoly. The CIOs of those healthcare corps already know that: it's not just common knowledge, but they're spending $millions every year coping with Microsoft server and desktop insecurities in their orgs. Their disregard of the certainty that Microsoft will leak this data just says that they have no respect whatsoever for the privacy and safety of their patients - and those patients' families.

I expect this whole project is another way for Microsoft to get even more info to profile all Americans (and visitors) in every way. Probably some payback for Bush leaving them their monopoly that has to do with Bush wiretapping us. Together, Microsoft and the Federal government will have all our personal info, right down to our DNA and psychological tests.

Great! A service I can trust! (1)

Eggplant62 (120514) | more than 6 years ago | (#20855921)

Given Microsoft's track record in the last 20 years for security flaws, I don't think I'll be participating with this one. I'd rather my personal and medical data be safer locked in a nice, strong FILE CABINET, thank you very much.

Might be deadly for Microsoft (0)

Anonymous Coward | more than 6 years ago | (#20855941)

Imagine this scenario: the Microsoft designed system breaks. Huge number of health records, - which are protected by strong legistlation - are exposed. This opens up a possible and probable class action suit against the cash rich company. Since the health record of lawyers, judges, potential jurors are exposed, Microsoft can not bank on any support from this corner. Depending the number of exposed patient records, Microsoft may loose very quickly all the cash and more they have.

Microsoft has repeatedly shown that (1)

gillbates (106458) | more than 6 years ago | (#20855967)

It understands neither security, nor the enterprise market. The thought that they could be responsible for securing my health history is particularly troubling.

Yes, I understand that a lot of healthcare providers use MS products internally. However, gaining access to that information requires a concerted attack against a particular target, rather than just "listening" on a wire for healthcare info... The difference is that attempting the first is a crime, while even succeeding in the latter is not. Knowing Microsoft, they're going to leave holes in their scheme somewhere, and crackers will have exploits ready soon. Knowing Microsoft's lawyers, their licensing/contract with the provider will absolve them of any responsibility whatsoever.

I mean, think about it: if Microsoft cannot prevent their OS from being cracked and pirated (which they do value), how could they possibly have the means and motive to protect my health information (about which they could care less)?

Very troublingt indeed.

Sued to death (1)

Joebert (946227) | more than 6 years ago | (#20855987)

Microsoft better not botch the security on this one, there's alot of people whom don't look at medical records as numbers that can just be reset in a database & make things all better.

interoperability? (1)

Cajun Hell (725246) | more than 6 years ago | (#20855999)

Why do I have a feeling that no one will ever be able to implement a medical records application, which is simultaneously able to interoperate with HealthVault, and also not run on MS Windows?

As a customer, you have to be fucking crazy (and downright hostile to your stockholders), to want more MS lock-in. Auditors, if any of your people don't look terrified by this, start looking for kickbacks. By trying to start a new monopoly, Microsoft is actually doing a wonderful thing: showing you exactly which employees are trying to rip off your company.

This WOULD HAVE BEEN a first post, but... (1)

darkonc (47285) | more than 6 years ago | (#20856013)

I spent too much time ROTFL at the concept of a secure Microsoft product -- especially a first-release.

Oh -- and it uses your Windows Live ID All of your medical, financial and communications information under one Microsoft password (if MS has their way).
It's enough to give me a heart attack.

Microsoft Secure (oxymoron anyone?) (1)

GuyverDH (232921) | more than 6 years ago | (#20856027)

C'mon - I don't even trust MS to write a secure operating system - let alone a healthcare information system.

Better watch it MS - HIPAA will not be your friend, and you'll probably find that you end up paying more in fines than you'll ever make in revenue.
You have to meet all kinds of restrictions and security levels that Windows today just hasn't been able to meet.

security-fix Tuesdays? (0)

Anonymous Coward | more than 6 years ago | (#20856033)

So will there be data "leaks" around the 16th of each month
while Microsoft refuses to hurry a patch until the first Tuesday of each month?

Ooooh this will be good (1)

CoffeeIsMyGod (1136809) | more than 6 years ago | (#20856043)

he personal information, Microsoft said, will be stored in a secure, encrypted database.

Its said that if you think encryption is the solution to your problem you don't understand your problem. Where are they going to put the access keys? How will they authenticate users? What does encryption have to do with any of this, anyway? I think they have bigger challenges, like actually enforcing access control.

Who decides? (1)

doas777 (1138627) | more than 6 years ago | (#20856091)

Who decides who can access MY personal Medical history? I'm the only person who should have that right. not my doctor, not my insurance company, not my government, and most definitely not Microsoft. I am wondering how long it will take for my info to appear in the database, since I'm certainly not going to approve the transfer unless under duress.

A great idea from a world class company! (1)

GnarlyDoug (1109205) | more than 6 years ago | (#20856141)

Given Microsoft's proven track record on ethics, reliability and security, I daresay you would be hard pressed to find a better candidate to providing life-critical services such as this one. I will rest easy knowing that my medical files as secure, that they will always be available to my doctors when needed, and that all that information upon which my very life my depend will be properly stored without mistake.

Typical (1)

FranTaylor (164577) | more than 6 years ago | (#20856153)

Pure vapor. Again, Microsoft sees other people making money, gets mad, issues a vaporware press release. This one sounds like it may have taken an hour or so to write. If there ever is a finished product, you just know that it won't even resemble what they are talking about here. Go back and read old Microsoft press releases if you doubt me.

Re:Typical (1)

CoffeeIsMyGod (1136809) | more than 6 years ago | (#20856283)

But I saw a screen shot! Its gotta be true.

The summary quote seems contradictory... (1)

Overzeetop (214511) | more than 6 years ago | (#20856159)

quoteth the summary:

Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it.
Pretty simple, I get to say that nobody sees it.

The HealthVault searches are conducted anonymously and will not be linked to any personal information in a HealthVault personal health record.
Whoa, there, I thought that the individual set the permissions, but there can be anonymous access to the data therein? So which is it?

Re:The summary quote seems contradictory... (1)

Larry Lightbulb (781175) | more than 6 years ago | (#20856327)

You decide who can see your information and know it's yours; the anonymous part means they don't know it's yours, which could be useful in large studies rather than indivudual treatment.

Incomplete health records... (0)

Anonymous Coward | more than 6 years ago | (#20856213)

"Its privacy controls are set entirely by the individual, including what information goes in and who gets to see it"

That is not entirely true, neither the part about what information goes in, nor I suspect the controls being entirely set by the user.

#1 while patient provided family history is generally accepted at face value, patient provided personal medical history is taken with a grain of salt (hence the need for portable medical records)

#1b patient provided details of current medical conditions (other than reporting symptoms) are treated as suspect (more than a few grains of salt) unless they can be verified by trained medical personnel. This is because patients can mix up or forget details, read too much into their condition via google searches, or perhaps just be a hypochodriac. (Also when you get a consult, the doctor usually wants any films, scans, reports and results from the first doctor. What you have to say is less important)

#2 You may give the hospital permission to export your records, but they probably won't do it. *NO* medical information is released (except to insurance companies, etc.) unless your doctor approves each piece of data individually. Not even to you. Usually they just write a letter giving you a summary, if that. Maybe give approval for HbA1C, or Cholesterol. Part of the reason is some doctors are pricks, and they can charge for an office visit if you are forced to come in so they can tell you your lab results are normal. The main reason is cover their ass, though. Your medical record is a legal document. Imagine a missed cancer diagnosis for 6 months, you can get a lawyer to sue, and subpoena your medical record, but why would you if you had no cause to suspect? And you're not going to have access to that record unless you sue. Hospital workers can be fired for looking at THEIR OWN medical records. And good luck with EVER getting to see your own psychiatric record, if that is applicable to you.

#2b Because of #2, medical providers are unlikely to deliver medical records carte blanche to an outside records service that is available to the patient unless they can also restrict what the patient sees.

Google is more secure than MicroSoft Vault (1)

peter303 (12292) | more than 6 years ago | (#20856257)

Get my point?

VA (not MS!) VISTA? (3, Interesting)

xanthines-R-yummy (635710) | more than 6 years ago | (#20856305)

As someone in the healthcare field, I've found that the VA has the best electronic record keeping system. It's logical, complete, reliable, and relatively easy to use. Why can't the government just lease that out? Or does it violate some kind of law regarding competition? Does anyone know how MS Vault is going to compare? I guess the VA system probably has weaker encryption, but I don't know that for sure. Here's the home site if you don't know what I'm talking about:

http://www1.va.gov/CPRSdemo/ [va.gov]

Let me guess... (1)

iMachias (1160301) | more than 6 years ago | (#20856315)

It's going to be built on Microsoft Access, right?

"Permission", eh? (0)

Anonymous Coward | more than 6 years ago | (#20856331)

Microsoft does not expect most individuals to type in much of their own health information into the Web-based record. Instead, the company hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like ...

Permission: signed form. (Number five in a stack of eight routinely given to patients to be treated for pretty much anything, with no mention made whatsoever on consequences and options for not agreeing, not that 99% of the patients will ever read anything that is said on the forms anyway.)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...