NY Times: Kaiser Backs Microsoft Patient-Data Plan:

Kaiser Permanente, the nation’s largest nonprofit health maintenance organization, is endorsing the drive toward consumer-controlled personal health records in a partnership with Microsoft.

The partnership, announced Monday, will begin with a pilot project open to Kaiser’s 156,000 employees, which will run until November. If successful, the product linking Kaiser’s patient information with Microsoft’s Health Vault personal health record service will be offered to Kaiser’s 8.7 million members in nine states and the District of Columbia.

The article waxes on about how portability is a problem, and how this will solve all of those issues.

A more cynical -- and in my mind realistic -- view is that Kaiser moving its records accomplishes goals that allow it to get around HIPAA. Microsoft becomes a provider of services for storage of medical records, so there is no issue with Kaiser sharing. Once Microsoft has the records, the vulnerabilities lie with Microsoft's technologies, the users, and the service providers who sign up with HealthVault.

Microsoft gets data it can sell, Kaiser lightens its burdens of protecting records, and users are exposed to errors not only by Kaiser, but now also by Microsoft, Microsoft's partners, and themselves.

Ms. Silvestre said Kaiser had also looked closely at Google, but had been particularly impressed by Microsoft’s technology for protecting the privacy and security of personal data.

One of the really disappointing things about HealthVault is that it's still using usernames and passwords. What's more, it makes release of and access to information very easy to the record holder, which means it's more likely that individuals will errantly release their own records. Microsoft is leading the way on safe, user-centric identity technology, and to date, none of it has been applied to HealthVault, so far as I'm aware. The responsible thing would be to wait on services like HealthVault until the identity picture is fixed. Instead, people are so eager to jump on board, they'll gladly put the privacy of medical records at risk.

HIPAA isn't keeping pace with technological change, and systems like this, structured to provide workarounds, only show how feckless it is.