locked
Lab / Test Results coming from Solutions Provider RRS feed

  • Question

  • Hi,

    Is it possible for users / patients to modify lab or test results coming from solution providers?
    Wednesday, February 24, 2010 1:41 AM

Answers

  • Yes.  In HealthVault data is "owned" by patients.  Any data in their HealthVault record can be modified / deleted by the patient.


    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, February 24, 2010 4:01 AM
  • Even more important to note is that all changes are carefully tracked in the audit history, and any application reading or displaying data can easily see who most recently modified an item, and who created it.  So if lab results are written to a record, and the patient modifies those results, this is easily detected by applications reading that data.
    Friday, March 5, 2010 7:24 PM
  • You can consider using Digital signature feature available in HV for signing items so as to authenticate the source (so that the doctor can feel more confident about the authenticity of a report)

    http://blogs.msdn.com/healthvault/archive/2008/04/14/new-pb3-feature-digital-signatures.aspx

    But HV does not mandate that all items be signed (for good reasons).

    HTH
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Marked as answer by maxdrive Monday, March 8, 2010 5:15 AM
    Monday, March 8, 2010 5:04 AM

All replies

  • Yes.  In HealthVault data is "owned" by patients.  Any data in their HealthVault record can be modified / deleted by the patient.


    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, February 24, 2010 4:01 AM
  • Even more important to note is that all changes are carefully tracked in the audit history, and any application reading or displaying data can easily see who most recently modified an item, and who created it.  So if lab results are written to a record, and the patient modifies those results, this is easily detected by applications reading that data.
    Friday, March 5, 2010 7:24 PM
  • Hi Lowell,

    Ok, here's a scenario, a third party data provider sends lab results to patient who has HealthVault account. The patient receives the result when he/she check online thru HealthVault. Here you're saying that the patient is able to modify / delete the data sent by the data provider and everything is tracked in an audit history. So, what if a Doctor who happens to examine a patient and this Doctor has an application that will get all results  of a patient stored in his/her HealthVault account, How would the doctor know or validate that all the results are true? By looking at the audit history? We're talking about results direct from a laboratory and not manually inputted by patient. I can't imagine a Doctor giving advice to a patient by a false result in this case. Deleting a result i guess is more safer than modifying the result.
    Monday, March 8, 2010 1:50 AM
  • You can consider using Digital signature feature available in HV for signing items so as to authenticate the source (so that the doctor can feel more confident about the authenticity of a report)

    http://blogs.msdn.com/healthvault/archive/2008/04/14/new-pb3-feature-digital-signatures.aspx

    But HV does not mandate that all items be signed (for good reasons).

    HTH
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Marked as answer by maxdrive Monday, March 8, 2010 5:15 AM
    Monday, March 8, 2010 5:04 AM
  • Hi Rajesh,

    Thanks for the info. I'm also evaluating Google Health and this feature is not possible if data is coming from data providers. Anyway, I like HV more because of its richness in functionalities and active community.

    Regards,
    Monday, March 8, 2010 5:14 AM
  • The audit history is the primary place to look for this, yes.  THe option of a digital signature offers the ability for applications reading data to double-check and verify that the audit history is accurate, in a way that Microsoft can't fake.  Digital Signatures allow data providers to ensure that data consumers can verify the data source independent of HealthVault and Microsoft.  The audit history can be used by itself to verify sourcing, but you have to trust the Microsoft is representing things accurately.  No one can modify the audit history, and you can't make changes without it showing up in the audit history.

    In the scenario above, the doctor would use an application to view the patient's lab results, and the application would use the audit history information to show the doctor who/what created and most recently modified each item.  If the data source signed the data, the digital signature verification info can be dispalyed by the app as well, in addition to the audit log.  The audit is the primary, the digital signature is an additional feature on top of the audit log.

    Monday, March 8, 2010 7:38 AM