Privacy Rights Clearinghouse
HealthVault is Microsoft's new service for storing, managing, and accessing a patient's medical information. www.healthvault.com  It operates as an online encrypted service. The service offers a voluntary opportunity for medical records to be collected by aggregating information from various sources including health-care providers, insurance companies, and compatible medical devices (such as blood pressure monitoring devices).
Because medical records are among the most sensitive type of personal information, we at the Privacy Rights Clearinghouse have some concerns about this service.
The HIPAA Privacy Rule applies to three categories of "covered entities" -- health care providers, health plans, and health care clearinghouses. It is unclear at this time whether Microsoft will be considered a covered entity under HIPAA. Therefore, it is possible that consumers may not have any privacy rights under the HIPAA law if they utilize the HealthVault service.
Microsoft may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Microsoft services or members of the public.
At this time, few health care providers are participating in HealthVault, so its utility is somewhat limited. However, if Microsoft is successful in recruiting the majority of health care providers into HealthVault, its usefulness is significantly increased. The flip side of this is that HealthVault has the potential to become a de facto national medical record. And with that distinction, it has the potential to be abused and become the source of significant privacy violations.
For consumers interested in compiling a complete medical history, we recommend utilizing alternative methods of aggregating your medical records. For additional information, please see our Alert: "For a Complete Medical History, Compile Your Own Health Records but be Cautious about Storing Them Online" at www.privacyrights.org/ar/keepmedfile.htm