Greetings. Microsoft is rolling out their centralized medical records project -- with the somewhat misleading name HealthVault -- and it's time for consumers to start paying attention to what's going on in this sector -- Google is working along similar lines as well. (Why do I call the HealthVault moniker misleading? Keep reading.)

There is a vast market assumed for centralized recording of every aspect of your medical life, initially through free accounts where you would input the data yourself, but as quickly as possible the intention is to move toward having doctors, hospitals, pharmacies, and everyone else involved in your medical treatment entering the data directly. The federal government is also a big booster of the centralized medical data idea -- a fact that might be enough to give one pause in and of itself.

The selling points for such projects seem obvious enough. Instant access to your medical data for emergencies or other purposes, ease of seeing test results and (in theory) correcting errors, and so on. All good stuff.

But what's not obvious from the sales pitches are the downsides, and they could be serious indeed.

The term HealthVault is misleading because we know by definition that such services will be anything but a vault when it comes to privacy. You can almost hear the conversations at Microsoft where they tried to come up with a name that gave the impression of security, Fort Knox, and impenetrability. And of course, Microsoft is making all the usual claims about encryption, safety, and the same promises we always hear about centralized data systems.

But the big risk in centralized medical data -- arguably the most personal data about any of us -- isn't about whether the servers can be hacked or the communications eavesdropped (though these are real issues, to be sure).

The most serious problem is that once medical data is in a centralized environment, there are essentially no limits to who can come along with a court order (or in the case of the government, as we know, secret orders or illegal demands that can't usually be resisted) for access to that data. Service providers typically have no choice but to comply. The only way to prevent this is for the data to be encrypted in such a way that even the service provider cannot access it without your permission, even with a court order staring them in the face. As far as I know, none of the systems currently in development or deployment take that approach to encryption -- but I'd love to have someone inform me that such techniques would be used. That would change the equation considerably.

Who might want access to your medical data? Insurance companies obviously, and one might expect them to lobby hard for such access, in the name of "reducing fraud and insurance costs" of course. Many employers would also love to get access, to help weed out medically expensive employees and applicants.

Perhaps more ominously, broad "fishing expeditions" by the government -- for research, investigative, and other purposes -- become far easier when medical records are centralized. It's very difficult to abusively search or gather such data in a broad manner when it consists mainly of manila folders in cabinets at your doctors' offices.

But once this data goes online centrally, it's one of those "bingo!" moments for those who would just love to pry into the medical histories of consumers and citizens.

Frankly, if people want to use such centralized systems voluntarily I have no serious objection. However, my gut feeling is that most people signing up won't have a clue about the negative ramifications of these services -- certainly the services themselves won't be trumpeting such shortcomings and risks.

And worse, over time it seems likely that the service providers -- possibly in conjunction with government agencies at various levels, will move to make such use a default condition (that is, it applies unless you opt-out), and ultimately pressure everyone toward a mandatory approach.

There could be a useful role for such centralized medical records services, but only in an environment of laws and related broad privacy protections that simply don't exist now, and don't appear to be forthcoming anytime soon. In their absence, using centralized medical records services at this time, except in very special and limited circumstances, would appear to be unwise and is not recommended.

--Lauren--

Blog Update (October 5, 2007): More Regarding the Online Medical Records Trap