Fred Trotter wants to talk to you about Microsoft’s new Health Vault (MHV).

He hopes that by publishing his concerns that he might be able to draw some attention from the medical community to what the free software community is saying about MHV. “Its something of a blind date,” he says “but I strongly believe the two of them should definitely meet!”

Specifically, Trotter wants to examine the implications of a proprietary software personal health record (PHR) on software freedom and his concerns about the ownership, privacy and security of the medical information put in it. He writes,

“The ideals of software freedom are that users should have control of software, rather than companies controlling users through software. It may seem like a trivial point to my geek readers, but without control of software it is not possible to have control of data.”

His arguments span a number of issues:

• MHV fails in its commitment to maintaining the longevity of medical information across future generations (the seven generations test, he calls it), a commitment that is vitally necessary to understanding of DNA and its relevance to medical conditions over time, for example;
• A private, for-profit, corporation is an inappropriate storehouse for records that future generations will need;
• Microsoft has a long history of standards abuse and “famous” for incorrectly implementing standards and creating new incompatible “dialects”;
• Portions of medical records operate under different disclosure rules based on whether they reveal a persons HIV status, for example. How can this kind of complexity be managed he asks?

“Medical records belong to the patient, except when they don’t. They should be accessible to the patient except when they shouldn’t. The records of minors are always open to their guardians except when they are closed. Segmenting data in order to protect portions of health information is currently an intractable problem of free-text analysis. Tagging patient records with critical information is difficult. Trust is far more complex than is first seems. Finally, patients should be allowed to “control” their own record, except when that control would allow them to do something that would invalidate the record.”

And finally, he argues that the publicized attestations as to the privacy and security of health information in MVH have not been really validated. “What matters” according to Trotter, is not what Microsoft, or anyone says, but “what the software actually does and the only way to determine this, one way or another is to read the source code.”

The mistake he argues, is that we, the medical community, are assuming the issues with MHV and PHRs are legal/medical and ethical ones rather than legal/medical/ethical and technical problems.

We may want to take a listen to what he has to say.