HealthVault: Abusing vs Implementing Standards.

Microsoft, of all the companies that might consider creating a PHR, is especially problematic. Microsoft has a long history of standards abuse.

Lets consider a parallel issue to the “personal health record”, personal email. I use gmail and have used yahoo mail in the past, but for this example lets pretend that I used Hotmail, a Microsoft Product. Hotmail users trust Microsoft to protect and store potentially sensitive personal email data. I currently have at least a gigabyte of personal messages on my mail account. At this rate I will have at least 100 gigs of messages assuming I die of old age. What if my wife (who will likely outlive me given that she is younger and averse to simple sugars, cholesterol, sodium and saturated fats in a way that I am not) wanted to ensure that my emails survived Microsoft’s eventual demise? After inheriting my password, my wife could download everything via Hotmail’s POP3 service. She could download my emails to a proprietary package like Outlook, or better yet, a GPL email application. She could transfer them to another service that she trusted, like gmail.

By leveraging Hotmail’s POP3 interface she would be taking responsibility for the continued storage of my emails, and ensuring that my great-grandkids could know for certain exactly how many time the Nigerians contacted me with a special offer because they trust me so much.

But what about my “HealthVault” account? How could my wife ensure that my great-grand kids know about last months cholesterol results? Knowing my cholesterol history is going to be vastly more relevant to them, then the time and place of last week’s LAN-party. To make this possible Microsoft would have to export the data in a format vastly more complex than POP3, perhaps something like the Continuity of Care Record CCR.

The problem with formats like CCR is that they are not strong standards and suffer greatly from the dialect problem. The dialect problem is when the “implementations” of a “standard” differ enough to make them incompatible. When a person from Australia, England, and the US speak English to each other they typically understand each other, because the dialects of English are close enough that they are compatible. Alternatively French, Spanish, and Italian technically could be considered “dialects” of Latin, yet obviously speakers of these languages cannot, without translation, understand each other completely. CCR and the other electronic medical languages are currently suffering from the dialect problem. Show me two HL7 implements and I will show you two systems that cannot communicate without “translation” work. (BTW the FOSS way to solve this problem is with Mirth, which is an HL7 router) Protocols that suffer from the dialect problem so much that they typically cannot communicate effectively without extensive configuration can be thought of as “weak standards”. Protocols that are not impacted negatively by the dialect problem are “strong standards” (a good example of a strong standard is the TCP/IP protocol and FAX protocols)

Microsoft is famous for incorrectly implementing standards and creating new incompatible dialects. Microsoft has done this even when it goes in the face of a previously strong standard. Then they use their monopoly position to push adoption of their own dialect of a standard. Adoption of the Microsoft dialect then increases the reach and influence of the Microsoft monopoly, which increases Microsoft’s ability to enforce their own dialects, etc etc. In fact when concerning a previously strong standard, this has been famously called Microsoft’s embrace, extend and extinguish strategy. If you have no idea what I am talking about then Google for the history of Microsoft’s implementations of Java, Kerberos and Javascript.

Not only has Microsoft not committed to implementing and not abusing a standard import and export format, it is making moves to create a proprietary standard in the place of CCR. HealthVault already has a MSDN page where you can learn how to “interface” with the Microsoft PHR. Microsoft intends to create a community of “Programs” within Healthvault by which third parties can further process medical data. Those programs will interface with Healthvault in a fashion that will create a “de facto standard” that Microsoft will abuse. (For more on this research the history of the Microsoft Word format, which is a good example of a Microsoft format that became a de facto standard which Microsoft subsequently abused) .

HealthVault: Failing the seven generations test

(note: This is the first of my “week of HealthVault” articles.)

HealthVault, the new Personal Health Record (PHR) from Microsoft, along with Googles coming PHR offering, fail the seven generations test.

I did not come up with the idea of “seven generations”, pay attention the next time you go to the grocery store and you might notice a brand of laundry detergent called seventh generation. The company behind the product got their name from a suggestion by a Native American employee that they follow the principles that lead the Six Nations Iroquois Confederacy . The council of the Iroquois considered how any decision would impact the next seven generations. Lets see how the principles apply to health IT.

My mother died of ovarian cancer. My grandmother took a drug while my mother was in utero that increase the chances that my mother would get ovarian cancer. Any consideration given to my mothers genetic propensity to get cancer must take into account this environmental influence. My daughters and grand-daughters will inherit my genes, and perhaps some risks for ovarian cancer that my mother passed on to me. As my granddaughters make life choices based on their genetic propensities, they must take my grandmothers medical records into consideration. My grandmothers medical record will remain relevant for at least five generations.

Lets consider DNA. Our understanding of DNA is only relevant in the context that DNA causes health conditions in the real world. We will not be able to understand DNA sequences fully until we have compared them to medical records over the course of several generations. My great-great-grandchildren need copies of both my medical records and my DNA sequence. Until we can pass these kinds of insights to our progeny we will not have realized the potential for DNA research.

How long should we be keeping our electronic medical records? We should ensure that they are available for the next seven generations. Assuming one generation lasts for 100 years, that means 700 years of storing digital records. Many academics think that a “generation” should be defined as 20 years but this does not work here. If I develop arthritis in my 20’s that fact is medically relevant for my great-great-great-grandchildren in their 90’s. 100 years is a whole life-time and also makes for easy math. In any case, all of my points are still relevant if one counts a generation as 20 years or 50 years instead of 100.

A private, for-profit, corporation is an inappropriate storehouse for records that the next seven generations will need. Corporations do not last long enough. Consider the Dow Jones Industrial Average. Of the original 12 companies that made up the index, only one is still listed: GE. Some of these original companies were taken private, some were merged, some were destroyed. That is the course of the largest companies in the United States over the course of a little more than 100 years. The Honorable East India Company was founded in 1600 and dissolved in 1858. In 1700, however, it was one of the most trusted companies in the world, with a monopoly on par with Microsoft’s. Now the East India Company is no more. Someday Microsoft will go away too. Perhaps Google will buy it in 150 years, perhaps it will go bankrupt in 200 years. In any case Microsoft will not be in business in 700 years. If Google had released its PHR first, this article would have been about them. The Google “do-no-evil” motto is probably the best corporate motto I have ever heard of! Further it is obvious that Google takes this very seriously, as evidenced by their refusal to offer email service in China, a decision that will eventually cost them billions, but separates them from Microsoft and Yahoo. They still censor in China, but at least Google is thinking about the problem in the right way; from a moral perspective.

However, the Google motto is not “do no evil for the next 700 years”. This not about “which” company is acceptable for the stewardship of medical records. NO company is qualified. Even Google will not be around in 700 years.

But this is still Microsoft we are talking about, which all things being equal, is especially bad. Microsoft has a history of abusing standards, and using those abuses to enable and extend its monopolies. In short they have a history of “being evil” in exactly the sort of way that we cannot afford to have impact our healthcare records.