Microsoft HealthVault

From Clinfowiki
Revision as of 14:40, 13 November 2007 by Ser001 (Talk | contribs)

Jump to: navigation, search

On October 4, 2007, Microsoft(R) Corporation released Microsoft HealthVault [1,2]. Although HealthVault is potentially very important for the development of personal health records (PHRs), HealthVault is not a PHR. Instead, HealthVault is a platform that could service numerous personal health applications (PHAs). Microsoft's plan for a secure, interoperabile platform appears more robust than previous failed PHR efforts from vendors, but broad user and developer acceptance of the platform remains speculative.

Integration with PHAs, medical devices, and electronic health records (EHRs)

Currently, the HealthVault interface has minimal functionality. Users can set up accounts and self-enter a medical history. Microsoft, however, has already partnered with a number of medical device vendors to allow information to be uploaded to HealthVault. The end user achieves device integration by going to the Connection Center on the HealthVault website. Devices include monitors for blood pressure, heart rate, and glucose from manufactures including Omron, Microlife, Lifescan, and Polar.

To encourage integration of additional medical devices and PHAs with HealthVault, Microsoft provides developers with a free software development kit (SDK) and has published the APIs for HealthVault. The HealthVault API is accessible from programming environments including Microsoft .NET, Win32, Java, and PHP [4]. HealthVault currently supports only Web applications, but support for client applicaions is being considered for the future. Microsoft does not host third-party applications that have HealthVault interfaces. Instead, developers host their own applications and create their own business models.

One of the most exciting aspects of HealthVault is Microsoft's explicit commitment to creating data exchange interfaces that are compliant with standards such as the HL7 Continutiy of Care Document (CCD) and the related ASTM Continutiy of Care Record (CCR). This provides the potential for true interoperability among PHAs and electronic health records (EHRs). However, it is well recognized that standards such as these accomodate a great deal of latitude in encoding data. Thus, two systems can be entirely compliant with CCD and CCR and still have very limited ability to parse each other's content.

Microsoft's entry into the arena is likely to set more restrictive de facto standards for encoding data, much as Microsoft Word has become a de facto standard for encoding word processing data. This is a double edged sword. Microsoft's more restictive standard could become a lingua franca among PHAs, devices, and even EHRs. On the other hand, Microsoft's history of incorporating, then modifying, extending, and co-opting standards (such as Java) brings Microsoft's ongoing commitment to community-derived terminologies and messaging framerworks into question.

Security issues

To ensure private and secure storage, Microsoft houses HealthVault "in the same secure data centers that run other Microsoft online services, but ...HealthVault traffic [is isolated] onto a virtually separate network servers [are located] in physically separate, locked cages" [5]. All data is encrypted on transmission, even inside the data center. A "minimal access data model" is used to constrain the data that is shared with other people, PHAs, and devices.'

Authentication is provided by Microsoft LiveID (the successor to Microsoft Passport). Third-party applications can use the software development kit (SDK) to inherit authtentication-protected pages. The authorization configuration of applications must be approved by Microsoft before the application goes live, to ensure that the data exchange is limited to the minimal set of data required by the application.

Authentication is relatively straightforward when HealthVault is used as a standalone PHR. It is straightforward to see how a patient can enter his or her own medical history, supplement it with data from a monitoring device such as a blood pressure montior, and use a third-party application registered with Microsoft to get personalized advice based on these data.

Authentication necessarily becomes more complicated for true interoperability, such as exchanging data with a health care organizations's electronic health record (EHR). The health care organization would need patient users to register their HealthVault with their own systems in some manner. Interaction could then occur in one of several ways:

  • the health care organization could accept LiveID as authentication
  • the health care organization could require its own authentication for patient users and require a seperate sign-in to LiveId for online access to HealthVault information
  • the health care organization could require its own authentication for patient users, and arrange for offline access to HealthVault information

Business model

Microsoft has explicitly stated that HealthVault was not developed as a philanthropic endeavor: it is intended to be an application with a sustainable business model. Microsoft plans to monetize HealthVault based on its search engine (HealthVault Search). Queries may be directed based on personal health content stored in HealthVault. However, since some patients will be sensitive about receiving disease-targeted commerical content, users will be given the option of not passing on health information to HealthVault search.

HealthVault is currently only available for users in the United States.

What HealthVault may mean for PHRs

Bert Van Hoof from Microsoft's Consumer Health Soultions discussed HealthVault as part of a late-breaking topics panel at the Americal Medical Informatics Association (AMIA) Annual Sympsoium in Chicago on November 12. Several times, panel and audience members remarked that Microsoft has done more in one week to promote interoperable personal health records than advocates have been able to do in five years. As the proverbial 800 pound gorilla, Microsoft is one of the few organizations with the market dominance and clout to to get notice from a mulitude of users and developers, which is undoubtedly good for advocates of PHRs. On the other hand, it is understandable that Microsoft's enormity, its commercial interests, and its history of clumsy early releases of products may engender concern and scorn. Nonetheless, if Microsoft is truly committed to supporting a PHA application platoform for the long haul, HealthVault will be a landmark in the history of patient-centered health information technology.

We will learn more about the impact of another 800 pound gorilla, Google, in the PHR field when specifics about Google Health are released in early 2008 [5].

References

(1) HealthVault site: http://www.healthvault.com/

(2) HealthVault press release: http://www.microsoft.com/presspass/events/healthvault/default.mspx

(3) http://www.microsoft.com/presspass/events/healthvault/docs/HealthVaultFS.doc

(4) http://blog.seattlepi.nwsource.com/microsoft/archives/123039.asp

(5) http://www.informationweek.com/news/showArticle.jhtml?articleID=202404027


Stephen E. Ross MD University of Colorado - Denver School of Medicine