Microsoft often does the wrong thing. But that does not mean they have to. There are three requirements for behaving ethically as a PHR host.
- You must release all of the sourcecode to your PHR under a license that qualifies as both “Free (as-in-Freedom-not-price) Software” and Open Source.
- You must allow for the export of all data in a standard format like CCR.
- If you are going to allow “partners” to use proprietary code, (which you should not) you must inform your consumers that the medical data given to those partners could become locked.
Pretty simple. By releasing sourcecode, Microsoft would ensure that the software could be run without Microsofts help. That means that Microsoft might go away in two hundred years or so, but the HealthVault software would not. By allowing your consumers to download their data in a standard format you would ensure that the data would not be trapped in a proprietary format.
Recently Microsoft has released two licenses that were approved as open source licenses. These would be ideal for use in this environment.
Will this happen? I think it has a snowballs chance, but perhaps, if Microsoft does not listen, Google might.