The HealthITBlog

Healthcare Informatics and Technology

Comparison of Microsoft and Google PHRs

This posting is an assignment from my ongoing Informatics, the Internet and Future of Patient Care class.

Google Health and Microsoft HealthVault are Personal Health Record (PHR) services that allow people to store and organize their health records online. The following is a description and comparison of each service.

Creating an online medical record

Google and Microsoft allow a user to create their own online medical record and enter personal information. Basic personal information such as age, gender, medications, illnesses etc must be entered. Microsoft account creation differs in that it stipulates that the user’s data will reside in (software and services) located in the USA. While this may be true for Google, it is not explicitly stated. Secondly, when creating an account in the Microsoft PHR. the user does not have to disclose their gender and online videos are available to demonstrate ease of use.

Both services also allow medical records to be imported and partner with 3rd party companies that provide medical record import services. For example, retrieving a medical record from a hospital, converting it into the format required by Google or Microsoft and importing the data into the user’s medical record. A user can also upload files, for example scanned medical records, into their online medical record.

Both services require a username and password to sign-in, the same username/password combination can be used to access other Microsoft or Google services. Microsoft also provides support for a few openid providers  pip.verisignlabs.com, openid.trustbearer.com, myopenid.com and myvidoop.com.

Share an online medical record

Google and Microsoft allow the user to share their online medical record with a doctor, caregiver or family member. A patient can share their online medical record with a physician in order to provide up-to-date medical information to their physician or in case the patient is travelling and needs to share medical information with a new physician. An online medical record can be shared with another family member in case of emergency when the patient is unable to share their medical history themselves. Microsoft differs from Google in this feature, since Microsoft provides richer access controls or who can access a person’s online medical record.

Software engineering Application Program Interfaces (APIs)

Google and Microsoft offer interfaces for 3rd party companies to create software products that interface with the Google or Microsoft online health record service. For example, companies that convert paper medical records to online format, write a software interface that allows their software product to interface with the Google or Microsoft product.

Google Health API

The Google health API allows another software product to create new medical records that my contain CCR data or read data from an online medical record. Google Health API is available in Java, .net, php and python programming languages. Samples are here, developer guide and sample CCR.

Microsoft HealthVault API

The Microsoft API is more comprehensive than Google’s. There is an SDK (Software Development Kit) for creating software applications and DDK (Device Development Kit) for creating devices. An entire section of the MSDN (Microsoft Developer Network) is dedicated to HealthVault.  Unlike Google Health which is multi-platform, the Microsoft SDK is available on Windows platforms only and only supports the .NET programming language. Microsoft and Google allow third party applications to create a Continuity of Care Record (CCR); Microsoft’s guide and Google’s.

Privacy

Privacy concerns would hinder many users from using online Personal Health Record services. What are the concerns? That the online health record service could be hacked, data stolen and the health records used for nefarious purposes such as:

  1. Embarrassing users who have personal health details disclosed, such as STDs. or weight problems.
  2. Selling medical records to prospective employers who could screen candidates based on private medical data.
  3. Defrauding health insurance companies or medicaid by submitting false claims under a different name.
  4. That large companies like Google and Microsoft would collect user information for their own data-mining or statistical purposes.

HIPAA

HIPAA is a federal law that regulates doctors and health insurance companies, to ensure that patient information is kept private and secure. Microsoft and Google not hold designated record sets as defined under the U.S. Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (HIPAA), nor medical records as defined under state law.

If personal medical records are now controlled by the patient and stored in computer servers operated by Google or Microsoft, how can the user be comforted to know that their medical records are safe and secure from prying eyes? Standard HIPAA law does not apply to a PHR service from Google or Microsoft, as neither entity provides patient care. (The HIPAA law was written years before online PHRs became pervasive and should be revised to avoid confusion).

HIPAA aside, what about privacy of patient records?

Google and Microsoft inform users know what information is collected when users use the respective PHR services. Standard web surfing rules apply such as the use of cookies to track and personalize the user experience. These cookies do not collect and distribute personal health information. Neither entity sells or distributes user information without explicit acknowledgement from the user first; both companies may disclose health information if required by law – example a subpoena by a court. All fair and well but databases, software and servers must be maintained by Google and Microsoft employees. This begs the question: Can information be seen or used internally by a Google or Microsoft database administrator, software engineer or employee in a similar role?   Google’s response from their privacy policy:

Employees in particular job functions may have access to patient information without patient authorization as reasonably necessary to carry out duties relating to treatment, reimbursement, or health care operations, such as to communicate about health benefit plans or to recommend alternative treatments or therapies.

A limited number of employees in particular job functions may have access to user information in order to operate and improve Google Health. Users consent to this limited internal use when they sign up for Google Health.

Both Microsoft and Google stipulate that user deleted data will still be available in backups for up to 90 days.

Microsoft privacy controls are similar to Google, how Microsoft’s access controls are more granular. With the Microsoft PHR, roles can be created that provide, View-only access (time-limited access), View-and-modify access (time-limited access) and Custodian access (no time limit). (Access becomes active only when the recipient accepts the invitation). Custodian access is the highest level of access. A custodian of a health record can:Read the record, Change the record, Delete the record, Grant to others any level of access to the record, including custodian access, Revoke the access of anyone to a record, including other custodians, and including the custodian who granted them custodian access in the first place.

Microsoft has a developer security policy, as does Google. Microsoft further stipulates that HealthVault servers undergoes extensive security, penetration and testing by “white hat hackers”. Furthermore, HealthVault servers are located in controlled facilities in physically separate locked cabinets, HealthVault traffic in our data centers runs on a virtually separate network, all health information transmitted between HealthVault servers and program providers’ systems is encrypted and HealthVault data is encrypted upon backup. Google does not explicitly state that the same measures are in place.

My assessment – Online PHRs and the future patient care

Privacy and security: Realistically, I am not concerned about a data breach and possible sale of a medical record to defraud medicaid or an insurance company. The possibility and technology has existed for decades for these crimes to occur. Personal health data today is stored in online databases at hospitals, clinics and insurance companies. While this may be disconcerting to new users of a Google or Microsoft PHR, it is in essence no different from data stored by other services. For example, information in your bank, investment and credit card accounts is viewable by employees at the respective financial institution. Secondly, medical data stored in databases at insurance companies, medicaid and hospital/clinic EHRs can be viewed by employees with appropriate access. Most accounts of data theft come from employees breaking with company protocol and copying data to laptops or detachable disk-drives which are subsequently stolen from parked cars or homes. This site tracks such incidents, note how many incidents there are of stolen laptops (lots!)…. Try find one incident of a database breach???

User entered data: A physician or healthcare provider who is presented with medical records entered by a user might ask him or herself, “how can I trust this data to be accurate?” A legitimate question-  would an obese patient enter lower weight, might a diabetic patient enter lower blood sugar? In order to make data in a user PHR reliable and trustworthy, that data should be flagged as “user entered”, “entered by physician”, “imported from existing medical record”. A physician would then be able to make a clinical decision based on the data provided.

Benefits of an online PHR:

  1. Medical records are coalesced from a variety of sources into one comprehensive record. This is useful since electronic exchange of medical records between providers is a long-way-off.
  2. Patients have direct access, control and view to their medical record.
  3. Users can control medical records on behalf of others such as an ill-parent or minor child.
  4. Patients can grant access to care providers of their medical record, for example when traveling beyond the realm of their current medical provider, and the patient visits a new physician, that physician can see the entire patient medical history.

The future: I think online medical records are here to stay and a force to be reckoned with. Medical care providers must become comfortable with the data entered into PHRs; users must become comfortable with PHR providers such as Microsoft and Google that their personal medical history will be safe and secure. American’s fear of the power of large companies and government to spy on common citizens, probably harkens to the fear of big brother.

March 15, 2010 Posted by | Health Information Technology | , , | 5 Comments

HIMSS 2010 – day one

At the opening reception, Sunday night, I finally met Martin Pellinat CEO of VisionTree, with whom I have had many conversations as I participate in the Clinical Groupware Collaborative (CGC).

Similarly on the first day, I met the team from Resilient Networks, another CGC member company.

Needless to say networking opportunities abound at HIMSS.

Over 900 companies and 30 000 people at one convention took me a few hours to comprehend and absorb. I attended a very informative session on Telehealth and mobile devices; followed by session presented by Kaiser Permanente on patient portals (or tethered PHRs).

The exhibit hall is enormous thus I only managed to visit one quarter of the companies present.

The evening ended with dinner and a concert by Grammy award winner Colbie Caillat at the Georgia aquarium, courtesy of MEDecision.

March 1, 2010 Posted by | Health Information Technology | , , , , | Leave a Comment

PHRs: tethered and untethered at HIMSS in chilly San Francisco

If  Mark Twain quipped “The coldest winter I ever spent was a summer in San Francisco”, then he was definitely not around this December week.

But attendees were very warmly welcomed by Microsoft with quite a delicious repast served up before the Northern California Chapter of HIMSS met to discuss Personal Health Records. Robert Half International, Axolotl and a few other vendors were on hand to greet us as we started the meeting. A short recap:

1. The Microsoft presentation showcased NewYork Presbyterian hospital (NYP) as an example  deployment of the Microsoft Amalga HIS. Amalga integrates various components of a hospital system and of course HealthVault.   The presentation described several steps which I will summarize as follows:

  • Continous Care Records (CCRs) are exported from the NewYork Presbyterian system, on Amalga, to HealthVault. How can the patient be sure the data was not modified/compromised en-route? Firstly the CCRs are digitally signed and secondly there is an uneditable audit trail in HealthVault.  The final point is central to me, because my basic issue with patient entered data in PHRs is “what is stop a patient modifying data or deliberately or unintentionally altering their health record?”
  • Does the patient own their health data? In the above example, the patient grants NYP consent to send the CCR to their HealthVault record. The HealthVault patient ID is linked to the NYP Enterprise Master Patient Index (EMPI)
  • HealthVault acts as a transport layer of loosely coupled applications.  Kryptiq polls Amalga and imports new CCRs  into the patient’s HealthVault account.

Bottom line: integration in healthcare environments is difficult, Amalga, HealthVault and Kryptiq attempt to simplify the process.

2. We also were privileged to hear from epatientdave (his blog) .  After a moving story of his successful fight against kidney cancer, Dave described participatory medicine. In essence the patient and physician co-operate in the healthcare of the patient. Patients are empowered s they areeducated on their conditions and treatments by reading websites and interacting in peer support groups online. The patient thus makes an informed visit to their physician discussing the various treatment options. Key to this process is, patient access to their data: your healthrecord, your PHR. Without access to their own patient, the patient cannot engage the broader community to discuss diagnoses and treatments.  It is a difficult question, who owns the data the patient, the physician/medical institution or even perhaps the insurance company? Dave referred us to the Journal of Participatory Medicine and the Society of Participatory Medicine (a project of e-patients.net) and a book  “The Innovator’s Prescription.”  Oh, for a fascinating view of the human body in colour and detailed video, view this.

3. Dr Albert Chan presented the PHR of the Palo Alto Medical Foundation (PAMF) As I am patient at PAMF I was able to gloss over this presentation, suffice to say the patient portal provides an excellent way for patients to view their Electronic Medical Record maintained by the PAMF. Patients can also make appointments online, pay bills, view test results and email their physician.

I got in the final question, humorously tagged “inflammatory” by one of the panelists,  at the end of the  discussion: “If a patient is allowed to enter data into their PHR, what is to stop a patient from modifying or entering incorrect data (for example a patient could remove diabetes from the their healthrecord)? ” This is a hot topic because medical institutions can use this scenario to provide patients with read-only/view-only access to their PHR. This question is partly answered above “provide an uneditable audit trail of who entered/modified data in a patient’s record”, but is an ongoing discussion.  I also took home the last raffle prize, a 2006 Kathryn Hall Cabernet Sauvignon, which a few attendees tried unsuccessfully to persuade me that it is plonk and “leave it behind”. Sorry fellow HIMSS members, it is in my rack at home awaiting a festive occasion.

Courtesy of Vince Kuraitis I offer this view of a PHR

December 8, 2009 Posted by | Health Information Technology | , , , , , , , , | 1 Comment

   

Follow

Get every new post delivered to your Inbox.