Microsoft, Google Face Off On Healthcare

Microsoft and Google are taking their rivalry to the doctor's office, running competing services that allow people to store their medical records online for access by family members and healthcare providers.

Google Health and Microsoft HealthVault are similar approaches: They let patients input their own medical data either by typing it in or by giving permission for the vendor to get the information from a healthcare provider or insurer with which it's partnering. Google Health and Microsoft HealthVault then provide tools for those partners to give the patient personalized health advice and other services built around the person's records.

These "personal health records"--PHRs for short--complement electronic medical records. Both types of records contain a lot of the same information on the patient's conditions, test results, prescriptions, and other medical data. But PHRs are compiled and controlled by the patient, while EMRs are compiled and, for the most part, controlled by the doctors, hospitals, and other healthcare organizations.

Google's Approach

Google Health aims to let consumers "get more directly involved in their healthcare," said Roni Zeiger, product manager for Google Health. "Medicine continues to become more complicated, doctors have less and less time to spend with patients in the exam room, and each of us as a patient has greater responsibility to take care of ourselves and our loved ones."

Google has been a leading player in e-health simply because searches on healthcare topics have always been popular. When people get sick--or think they getting sick--one of the first things they do is go online for information.

"What I hear from a lot of my doctor friends is that people are often coming in with a pretty big pile of questions that they've gotten from reading online or elsewhere," said Zeiger, who's a practicing doctor. "Sometimes those are well-informed questions, sometimes less so. Part of our mission is to narrow down the 20 pages worth of questions to perhaps one page of more informed questions."

That's good for the patient, and it also lets doctors see patients more quickly without compromising quality of care. And sometimes patients find treatments in their research that their own doctors aren't aware of.

Google Health, which was launched last year, provides an interface where users can type in data. Users can also give Google Health permission to access data held by various healthcare companies. For example, more than 100 million people in the U.S. can give Google Health access to electronic copies of their prescription histories at a pharmacy or pharmacy benefit manager, such as CVS Caremark, Walgreens, and Medco Health Solutions.

Google Health lets people organize all relevant health information in one safe place, Zieger said.

Partnering Up

Google is teaming with other organizations that can use its PHRs to offer personalized information and services. For example, the American Heart Association--with your permission--will check your blood tests imported from another partner, Quest Diagnostics, to find out your cholesterol level, blood pressure readings, and correlate those with other health data, such as whether you have diabetes. It then can compile all the information to determine your ten-year risk for a heart attack, and what you can do to lower the risk.

Another example: Google Health partner MDLiveCare, which offers video consultations with doctors, let a patient click a button on the MDLiveCare site to import all of his or her medical history from Google Health. That way the doctor has some background on the patient's medical condition.

Cleveland Clinic, a not-for-profit academic medical center, lets patients export their records into Google Health. Beth Israel Deaconess Medical Center, a Harvard Medical School teaching hospital, has linked its PatientSite patient portal to Google Health. Other partners that are letting Google import medical and drug prescription information, with a patient's permission, include Allscripts, and Blue Cross Blue Shield of Massachusetts.

Google Health is free to consumers and partner organizations. Google expects that, as more people use Google Health services, they'll do more searches, which will increase the company's ad revenue.

Microsoft HealthVault's mission is similar to Google Health. "Your health information is fragmented," said George Scriban, senior global strategist at Microsoft Health Services Group. An person's medical records are scattered among every doctor who's ever seen them, every pharmacy that's filled a prescription, labs, employers--even devices, like diabetics' glucometers, for people managing chronic conditions. The situation is exponentially complicated for parents managing health records for their entire families. "All of these are records you need on a reasonably frequent basis, if not every day. You need a place to keep it all," Scriban said.

Like Google, Microsoft HealthVault is partnering with other companies. It has created a set of APIs and interfaces to HealthVault data repositories that let third parties communicate with HealthVault. Some of these third parties are just engaged in data exchange. But in a lot of cases, organizations like the Mayo Clinic, American Heart Association, and American Cancer Society have written applications using HealthVault medical records. "It's a storage service, but it's also a platform," Scriban said. "It provides personalized and individualized guidance just for you."

New York Presbyterian Hospital links HealthVault with its patient portal, and Johns Hopkins University's School of Medicine, EMR provider Allscripts, and others are partnering with Microsoft for Internet services.

HealthVault offers the same channels for inputting health records as Google Health: If healthcare providers are partners with Microsoft, then individuals can give HealthVault permission to access the records. Alternately, patients can type in the information themselves. Compatible devices such as glucose meters, blood pressure cuffs, and pedometers can send information to HealthVault.

Also, Unival, which provides EMR services, lets healthcare providers fax records to them, and then Unival transmits those faxes to HealthVault, where they're stored digitally. "It's not machine-readable, but at least it's in one place," Scriban said.

Big Differences

So far, Microsoft and Google's health offerings look pretty much the same, offering the same types of services, and in some cases even with the same partners, such as the American Heart Association.

But they're really very different, said John Moore, analyst at Chilmark Research. "Microsoft has been putting enormous investment into HealthVault and into its health solutions group," he said. "The same cannot be said of Google. Google has been more of a hands-off approach, letting it grow organically. Every now and then they announce a partnership and someone who has joined the ecosystem."

Microsoft is also ahead on allowing biometric devices to feed into HealthVault, using its Connection Center software for Windows. Google has partnered with the Continua Health Alliance to achieve the same goal, but so far with fewer compatible devices, Moore said. "Right now, I think there's one device on the market," he said.

Likewise, staffing levels are different. Microsoft has more than 550 people in its Health Solutions Group. "If you look at Google it's not more than 18 people, I bet," Moore said.

"Microsoft is taking more of a structured and clinical approach. Google Health is more of a loose-knit health and wellness platform," Moore said.

Microsoft and Google are both going after the big pot of stimulus money set aside for healthcare spending, in the U.S. American Recovery and Reinvestment Act of 2009 and elsewhere, which totals $44 billion, Moore said. Some of that money is targeted at getting physicians, practices, and hospitals to provide personal health records by 2013, and healthcare providers may be able to qualify for that money by partnering with Microsoft or Google.

Dossia, a consortium of employers offering PHRs for their employees as part of health benefits is a potential competitor to Microsoft and Google, but it's taking a very different approach. Dossia performs the same function as HealthVault and Google Health--but only if you're an employee or family member of one of the companies in the alliance. So far, only Wal-Mart is live on Dossia. Other members, like Intel, Pitney Bowes, and Vanguard Health, are likely to go live in 2010. All told, Dossia covers 8 million employees and family members. "It can be a fairly substantial platform if employees sign onto it," Moore said.

The biggest obstacle to PHR adoption is consumer and healthcare provider resistance, said Dr. Paul Abramson, a San Francisco doctor.

"Patients are confused, they don't see how this relates to healthcare," Abramson said. "If you go into an ER, they're not going to log into Google Health to get your records. There's no integration to any live, real-time health systems that are used clinically." In hospitals "no one thinks to ask the patient if they have a Microsoft HealthVault account when we access records," he adds.

PHRs will take off when they're better integrated with medical practitioner systems, Abramson said. "Right now, it's pretty much a novelty."

HealhVault is the more flexible solution, said Abramson, who is also a former professional programmer. He's consulting on developing Hello Health a Web-based medical practice app that will synch with Microsoft HealthVault and Google Health.

HealthVault stores any kind of XML-based patient data in its Repositories, Abramson said, letting you import an XML file, store it, and then retrieve it from elsewhere. The service can be used as a data repository and pipeline between e-health systems, even if it doesn't understand all the data it's storing, he said. Google Health, on the other hand, takes the XML files, strips out the subset of data it can understand, and discards the rest. It stores basic information like diagnoses, medications, and allergies, but it doesn't understand or store a broad range of additional information that might be useful to a medical practitioner, including family medical, social, and psychological histories, Abramson said.

The Mayo Clinic is partnering with Microsoft on its PHR system, the Mayo Clinic Health Manager. Launched in April, it integrates with HealthVault, storing medical records, immunizations, and information on conditions being managed such as allergies. It also makes recommendations for health based on the patient's personal medical history.

Mayo Clinic partnered with Microsoft because of Microsoft's reputation and expertise. "They tend to be frontrunners in the things that we do," said Michael Greenhalgh, senior manager of product management for Mayo Clinic Global Products and Solutions. "We had a shared vision. We were looking to make things better in the health field." Mayo is looking to improve the service by increasing the range of conditions it covers.

Mayo is also looking to partner with Google Health on a future project, the details of which haven't been worked out yet, Greenhalgh said.

Privacy Concerns

Neither Google Health nor Microsoft HealthVault is covered by the U.S.'s chief health privacy regulations, Health Insurance Portability and Accountability Act (HIPAA). "This is because Google doesn't store data on behalf of health care providers. Instead, our primary relationship is with the user," according to an e-mailed statement from a Google spokesman. But both companies say that patient privacy is paramount.

"Although Google Health is not covered by HIPAA, we are committed to user privacy and have in place strict data security policies and measures, and ensure that users control access to their information," Google said.

Google explained its privacy policy with regard to Google Health in a May, 2008 blog post. The company said it doesn't sell health user information, and has "strict data security policies and measures in place to limit access to sensitive information and to protect against data breaches."

The Google Health Privacy Policy, on the company's Web site, is short and in plain English. It gives users control of their information, says that the user is by default the only person who can view and edit information, but can choose to share with others. Users can completely delete their information at any time, and immediately. Users can also revoke sharing privileges at any time.

Microsoft uses four privacy principles for HealthVault: The user owns and controls information they create. The user gets to decide what goes into the records, and what leaves it. And "Microsoft is just the steward of this information. We work on your behalf. We won't commercialize it unless we ask and you consent," Scriban said. The company won't use the information to deliver targeted advertisements, and consent to share information must be given on an individual basis; users can't give permission to share information to a whole class of entities, like all doctors, for example.

But Phil Cox, principal consultant at SystemExperts, a network security consultancy, said security at both Google Health and HealthVault is lousy.

For starters, both services use generic credentials, the Windows Live ID and Google ID, which have had security violations in the past. Also, the data being protected in a PHR repository is much more sensitive than the e-mail and calendaring information the Windows and Google credentials mainly protect, Cox said.

Both companies "place the security burden on the user, and have specific language in their respective use agreements that hold them harmless for any breach of data caused by a compromise of a user account," Cox said in an e-mail. Given the security issues with generic credentials, "I worry that individual users will have little recourse if their information is compromised. I do think this will cause some very interesting legal challenges."

He said he believes that both services will eventually be brought under HIPAA rules, which might cause Google and Microsoft to drop the services rather than bring them up to regulatory standards.

Google and Microsoft plan to evolve their services to a complete data repository of health information, which would be a "HUGE collection of highly sensitive data" with "inadequate" protection, Cox said.

He added, "One last concern I have is over the language that basically states there is no guarantee of accuracy or timeliness of information, and that they can drop the service at any time. With those two 'stipulations,' I do not see how any user will take them seriously. I certainly would not rely on the service, and if I can't rely on it, why use it."

But analyst Moore said he believes the privacy and security concerns for services like HealthVault and Google Health are overblown. Sure, a major security breach of either of those services, should they become popular, would be a disaster. But the companies will use top-of-the-line security to protect data. And right now the data is scattered around small physician practices and hospitals, which have data breaches regularly. "I am of the opinion that your records will actually be safer and more secure than what is happening today," Moore said.

Both Microsoft HealthVault and Google Health are vying to become the chief repository for personal health information. They appear similar on the surface, but have differences underneath, and privacy and security are ongoing issues for both. Individuals will have to take the pulse of both services and decide for themselves.