Search This Blog

Monday, October 22, 2007


Microsoft’s new HealthVault is not such a bad idea if it didn’t portend yet another increase in the collection and selling of your sensitive data. I am not even implying that is what Microsoft has in mind, but the sale of medical related information is already big business in the junk mail industry. There are 1,403 “medical related” lists on the market representing every ailment from Alzheimers to ulcers, and each medication you take from Advil to Zoloft. There’s a new list on the market called MedTrackAlert Ailment eNewsletter where 500 thousand online consumers signed up for this free newsletter and asked for information on various health subjects, and now their names and e-mail and postal addresses are for sale. A physician does make his case for the HealthVault approach to accessible medical data: for doctors, as a patient, and if you provide health care for a family member. See article. That’s a good thing, but it never seems to stop there. First of all, the loss of your medical records by the institutions that hold them is running at a record pace. The VA breach of 26.5 million records, Ohio U., 60,000 student records, UCLA, over 800,000 records, and the list goes on. When you Google “medical data breaches” you get 234,000 hits. Second, the minute a new piece of consumer information is collected by most organizations, there is that immediate-impulse- mentality to get it ready to sell. This is demonstrated by a total of over 50,000 junk mail lists on the market, more specifically the 1,403 devoted to medical data. And there is also the alleged sale by the Albertsons food and drug chain of customer names and prescription data to pharmaceutical companies in 2004, which resulted in a lawsuit filed against the chain by Privacy Rights Clearinghouse. MS says of HealthVault, “The personal information will be stored in a secure encrypted database.” From a New York Times article. The question is, what level of encryption, and is it secure enough to ward off hackers. The TJX (TJ Maxx, Marshalls, etc. retail stores) customer credit card data was also encrypted, but at a level that allowed the crooks to steal it easily with a directional antenna while cruising the retail store’s parking lot. MS also says it isn’t expecting much information from the individual, but hopes the individual will grant permission for its release from doctors and hospitals. I haven’t signed up yet, which I plan to do just to find out the parameters of the program, but I did get some specifics from the initial stages of this process. They are: You control your HealthVault; You decide what information goes in or out of your record; MS won’t use your “health information for commercial purposes unless (they) ask and you say clearly that (they) may.” And there lies the problem, in that the complexity in any approval of the use of your name and personal data by an outside source can be confusing. It is hard to understand and digest on the spot, which is the position you are in when signing-on, or even eventually when you are contacted for approval. Trust me…data collectors always get what they want, and that is the reason we are in the identity crisis that exists today.

More on this later.

No comments: