Microsoft and Google are in the process of providing their own Health Records management services. These services will allow people to manage, maintain, and share their medical records via an online website. First of all I have to say I'm not quite sure that I'm ready to take the leap into this service. My primary concern being security and privacy of my records. I must admit the concept is pretty appealing. While playing around with both products, I have seen a couple of differences between the two from a security standpoint. Frankly Google just scares me sometimes. This is obviously my opinion but I think Microsoft has learned some hard lessons over the past 10 years on security and they've gotten pretty dang good at it. Lessons that Google has not had to deal with (yet). So here are some examples to back up my opinion.

 

Passwords and Account Management

Microsoft HealthVault and Google Health both use a centrally managed account concept for access to the system. Microsoft HealthVault uses Live ID, while Google uses your Gmail id. I personally would recommend creating a unique ID for either system. Use one that is just used for access to the records management site. I don't feel comfortable with the idea of typing the same password into both a system holding my medical records and my favorite social networking site. Now for the differences between the Live ID access method and the Gmail account access method. For example, Microsoft HealthVault does a pretty good job at protecting me from my own ignorance (or laziness) around password management. If I logon to HealthVault with a password not deemed strong enough, it requires me to update that password before proceeding. This password must be at least 7 characters and include a combination of upper case, lower case, numbers, or symbols. Gmail does not have this "Strong Password" requirement. I was able to use the password "DustinHannifin" as my password for Google. HealthVault gave me this nice error message:

HealthPost_44

 

Sorry Google...you gotta require us end users to "do the right thing" when it comes to private information such as medical records.

 

Secondly, I can (and I would recommend this)  configure my Live Account password to expire and force me to change it every 72 days. Again Google does not have this option. Another win for HealthVault.

HealthPost_45

 

Site Time-out

Ok I thought this one would be common sense by now. I guess I was wrong. I decided to go to lunch without logging off of either service. When I came back ~30 mins later HealthVault was sitting at this screen:

HealthPost_46

 

Google, on the otherhand, was still logged on and accessible. I was able to pick right up from where I left off. Maybe Google Health does have a time-out feature but I haven't seen it kick in yet. Again I have to dock Google points on this one.

 

Since both sites still carry a "Beta" logo I'll refrain from anymore criticisms of either service at this time. However I will state that I am disappointed to see what I call security weaknesses in Google's product.