Healthvault Implements OpenID

Techcrunch is reporting that Microsoft Healthvault has implemented OpenID via Trustbearer and Verisign:

Over 16 months after first declaring its support for the OpenID authentication platform, Microsoft has finally implemented it for the first time, allowing for OpenID logins on its Health Vault medical site. Unfortunately, Health Vault will only support authentication from two OpenID providers: Trustbearer and Verisign. Whatever happened to the Open in OpenID?

The rationale behind the limited introduction is that health is sensitive, so access should be limited to the few, most trusted OpenID providers. It certainly makes sense, but it also serves to underscore one of the problems inherent to OpenID: security.

The text-based passwords found scattered across the web simply aren’t very good for protection. We’ve heard countless tales of hacked or phished passwords leading to identity theft – what happens when a user’s entire web presence (including financial and health data) is tied to a single password? It’s a recipe for disaster.

To remedy the issue, a number of companies have come up with different ways to improve security. Trustbearer requires users to provide a physical ID “token” to verify their identity (users can order a $40 USB stick if they don’t already have one of the acceptable ID cards). Vidoop offers a free browser-based image authentication system that uses advertising to generate revenue. And so on.

Link

Kaiser Pilots Microsoft HealthVault

From SF Gate:

Kaiser Permanente and Microsoft Corp. on Monday announced a partnership that the two giant companies hope will push forward the effort to digitize medical records and safely transfer sensitive health data.

Kaiser’s 156,000 employees will be eligible for a pilot program connecting the Oakland health maintenance organization’s health records with Microsoft’s HealthVault, a free, Web-based medical database the technology giant launched in October.

Should HIPAA Extend to Include HealthVault and Google Health PHRs?

Interesting commentary on the New England Journal of Medicine article about new commercial PHRs published in the NYT:

In an article in The New England Journal of Medicine, two leading researchers warn that the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records.

The authors, Dr. Kenneth D. Mandl and Dr. Isaac S. Kohane, are longtime proponents of the benefits of electronic patient records to improve care and help individuals make smarter health decisions.

But their concern, stated in the article published Wednesday and in an interview, is that the medical profession and policy makers have not begun to grapple with the implications of companies like Microsoft and Google becoming the hosts for vast stores of patient information.

The arrival of these new corporate entrants, the authors write, promises to bring “a seismic change” in the control and stewardship of patient information.

Link