Microsoft's HealthVault Initiative Takes on Securely Storing Health Care Data

I recently ran across HealthVault, a new initiative from Microsoft. It's an intriguing concept with multiple ties to database technology. So what is HealthVault?

Microsoft says its new health information product lets customers securely store health data online, including notes from doctor's visits, lab reports, and test results—pretty much anything related to your health that a health provider, lab, or medical device can serve up.

"People are concerned to find themselves at the center of the health care ecosystem today because they must navigate a complex web of disconnected interactions between providers, hospitals, insurance companies, and even government agencies," said Peter Neupert, corporate vice president of the Health Solutions Group at Microsoft. "Our focus is simple: to empower people to lead healthy lives. The launch of HealthVault makes it possible for people to collect their private health information on their terms and for companies across the health industry to deliver compatible tools and services built on the HealthVault platform."

It's hard to know where to start my commentary about HealthVault because I've got several seemingly contradictory thoughts. On the one hand, I love the idea. On the other hand, I hate the idea. There's lots of wiggle room in between, don't you think?

First, I'll tackle the easy stuff. Do we care about HealthVault as database professionals? Sure, if HealthVault takes off, it would be perhaps one of the largest software as a service (SaaS) data-centric offerings available. Also, health care systems produce voluminous amounts of both structured and unstructured data (can you say database?) with complex search requirements (can you say query?). Some of the most interesting data-mining work being performed today is happening in the health care space. The Health Insurance Portability and Accountability Act (HIPAA), which is a really fine and nifty set of compliance rules that are even more fun than Sarbanes-Oxley, imposes complex security regulations. HealthVault touches on numerous topics of great interest to database professionals.

Tackling the problem of data management in the health care space has been one of the industry's Holy Grails for more than a decade, if not much longer. The massive amount of paper that becomes part of a person's health records raises health care costs dramatically in various ways, makes it harder for us to seek medical care, and occasionally leads to dangerous situations when doctors don't have consistent and complete information about their patients. It would be wonderful if Microsoft could really make HealthVault work. Heck, if we can create a truly paperless health care system, world peace might not be such an impossible goal after all.

Now to address the twin elephants in the room: Is HealthVault too much like Big Brother? And can Microsoft and its products be trusted to protect the data?

Embedding the word "vault" in the product name demonstrates that Microsoft understands that security is an important component of this offering. I have to imagine that Microsoft knows consumer confidence in the product's security is crucial to the success of HealthVault. After all, HealthVault doesn't add any value if no one uses it, and people won't use it if they don't trust it to secure their data. I browsed the HealthVault Web site looking for information about the technical security models it relies on, but I didn't really see much. I'm sure the information is there somewhere. Let's assume Microsoft's implementation is rock solid. Do you trust it? Having Facebook tell your friends about the diamond you bought your wife for Christmas is bad enough; do you want some overly aggressive privacy decision maker accidentally telling your friends about that rash on your—um, well, never mind—that you got on that unfortunate night out on the town? Is that an exaggeration of the risks? Probably. But it's not just Microsoft. Do you trust that all of the parties involved with HealthVault won't have their systems compromised? Even if you trust Microsoft and the third parties involved with HealthVault, do you trust yourself well enough to ensure that your PC security is kept up to date at all times?

To be fair, my concerns aren't just about Microsoft. It's rare that a single week goes by without hearing about some major security breach that's happened somewhere in the world. Are consumers ready to trust their most personal and private data to SaaS? Are you? I think HealthVault is a great idea. The implementation might be brilliant. The database technology aspects of the product are rich and intriguing. Microsoft deserves credit for trying. However, I suspect that Microsoft has a long uphill battle to get any strong consumer involvement.

For more information about HealthVault, check out A colleague of mine forwarded me an interesting article about HealthVault from "The Economist" magazine, which you can find at You'll also find several interviews about HealthVault and third-party support information at


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.