Little over a week ago I had a post that discussed the recent release of the World Privacy Forum report on PHRs. In that particular post I hit Microsoft pretty hard for not extending their tight privacy policies to the numerous partners that were signing on to HealthVault. I based that comment on a conversation several months previous, shortly after the release of HealthVault, when during a briefing I asked about this issue was given a response basically saying that their partners were independent companies, had their own businesses to run, could define their own policies, blah, blah, blah.
Obviously, was not impressed and took Microsoft to task when the aforementioned PHR privacy report was published.
Of course, Microsoft contacted me immediately to tell me that I had it all wrong, that indeed they were requiring partners to adopt the excellent HealthVault privacy policies in order to participate in the HealthVault ecosystem and that this was a part of their standard Terms & Conditions (T&C) sheet.
I responded: “Prove it.”
At first, Microsoft was reluctant to send me a copy of the privacy requirements in the T&C. Thn, out-of-the-blue, during my briefing with Microsoft at this week’s HIMSS I was told that I would be receiving the document post-haste. Well, guess what, they not only decided to share the document with me, but have posted the T&C privacy requirements within the HealthVault Development Center for anyone to view.
It is an impressive privacy document that clearly gives the consumer control of their records. It requires the partner to take numerous steps to insure privacy including among others, adopting HealthVault privacy policies, using explicit opt-out policies, prominently displaying their privacy policies on all web-pages and informing the user know of any changes that are made to policies. Here is a direct link to that partner privacy policy page.
Good example of full disclosure that others would be wise to emulate.
Speaking of which, have yet to see Google’s privacy policies for Google Health, though Schmidt yesterday did clearly state that Google takes privacy very seriously. Well…
Prove It!
[…] had their own businesses to run, could define their own policies, blah, blah, blah.” Article John Moore, Chilmark Research, 29 February […]
[…] for the industry and a mechanism to implement them and police them. (Please refer to later post, Microsoft Comes Clean on Privacy, which commends Microsoft for taking a pro-active stance on this […]