Microsoft Raises the Bar for Privacy in Electronic Health Record Solutions

EMBARGOED FOR RELEASE UNTIL 10:00 A.M. EST, OCTOBER 4, 2007

For Immediate Release October 4, 2007
Contact: Ashley Katz, Patient Privacy Rights or 512.732.0033

Download as PDF

PatientPrivacyRights.Org, a national consumer watchdog group, works with technology giant Microsoft to put consumers in control of their electronic health records.

Austin, TX – Earlier this year Microsoft sought advice from PatientPrivacyRights.Org about building privacy protections into their new consumer health platform, HealthVault. Today Microsoft’s HealthVault system goes “live” and proves that technology can give consumers complete control over who can see or use the information in their health accounts. HealthVault proves that privacy is not an obstacle to building useful and safe technology to improve health.

Fifty years ago today, the Soviets launched Sputnik in space and provided a wake up call for Americans, changing what we thought was possible and jolting industry. The privacy protection in HealthVault is Health IT’s Sputnik. Microsoft proves that privacy works in real-world electronic health systems and it cannot be ignored. “Consent is essential for consumer trust and participation in digital health systems,” says PatientPrivacyRights.Org’s founder, Dr. Deborah Peel. HealthVault requires consumers to give informed consent before any use or disclosure of personal health information.

“Corporate claims to offer privacy mean nothing unless they are willing to take the same steps Microsoft has taken in building HealthVault,” says Peel. Microsoft has committed to independent third party audits to verify their pledge to protect privacy. “Audits are essential,” says Peel. “Technology companies have got to do better than telling consumers to just ‘trust us.’ Consumers shouldn’t trust anyone but themselves to decide who can see and use their sensitive health information.”

Microsoft was very receptive to concerns about the unchecked loss of consumer control of personal health information and the abuse of Americans’ rights to health privacy. Microsoft is the first major multinational technology corporation to collaborate with PatientPrivacyRights.Org and use the 2007 Privacy Principles created by the bi-partisan Coalition for Patient Privacy as the basis for the consumer controls of the health data stored in HealthVault.

Microsoft’s use of the Coalition’s strong principles ensures that consumers alone control the personal health information they store in HealthVault accounts. No one: not insurers, employers, hospitals, application partners, advertisers, data miners, or even Microsoft will access consumers’ electronic health accounts without consent. Microsoft’s application partners are held to the same privacy standards as HealthVault. Partners are prohibited from data mining or data aggregation contractually and by technical design, and no onward transfer of data is permitted without explicit informed consent. Advertisers are contractually required to protect any data transferred from HealthVault, and HealthVault’s privacy policies are simple and easy to understand.

In advance of the launch, Microsoft presented the security and privacy features of HealthVault to the Coalition for Patient Privacy. A number of issues were raised, and Microsoft pledged to continue to improve HealthVault’s protections and features and address new concerns as they emerge with the Coalition going forward.

Finally, Microsoft’s new health search engine allows people to search for health information anonymously. Search information may be saved to your Health Vault account where your searches are kept private and secure. Today, virtually all health sites data mine whatever you read and study, and sell that along with your identifying information. So at last it’s possible to search without fear that someone will know about what your concerns are.

PatientPrivacyRights.Org founder, Dr. Deborah C. Peel, will stand with Microsoft in Washington, D.C today at a press conference to announce the launch of HealthVault. PatientPrivacyRights.Org applauds Microsoft’s implementation of the most stringent existing standards for privacy in HealthVault. Microsoft’s willingness to incorporate the Coalition’s strictest privacy standards is truly revolutionary and sets a new, very high bar for the entire industry.

Microsoft’s HealthVault gives Americans a private, secure, trusted place for collecting and storing their personal health information. No consumer should trust any digital health system or technology product that does not follow the same best practices for privacy and security that HealthVault has put into action. PatientPrivacyRights.Org looks forward to standing with other technology corporations as they step up and employ best practices for privacy and security.