HealthVault Frequently Asked Questions What is HealthVault? Microsoft HealthVault is a new personal health platform that lets you gather, store, and share health information online. With HealthVault, you control your health records. You can share your health information with family, friends, and health care professionals, and have access to online health management tools. You can store health information for your family and even your pets in one HealthVault account; each person's information can be stored and accessed separately in their Health Record. You can choose to share specific information (or all information) with: other people (such as your doctor or personal trainer, for example) programs that add data to your Health Records and use data from the Health Records to provide health information or services to you.   Sharing your health information with people and programs can help you meet your health-related goals. For example, you can share health information: to co-manage the health of a family member to use products and services that can improve your health to consult with your health care provider to provide fitness information to coaches and trainers   How does HealthVault help keep the information in my Health Records private? Health can be one of the most personal, private, and emotional aspects of people's lives. People who trust the confidentiality of the health care system are more likely to seek treatment and in turn, live healthier lives. Yet, there can be tremendous value in connecting health information to service providers, helpful technology, and information systems that support decision making. Putting you in control of your health information while providing tools to help manage privacy can help deliver that value. Our privacy efforts are built on four core principles, augmenting Microsoft's corporate privacy policies: The Health Records you create in HealthVault are controlled by you. You decide what information goes into your Health Records. You decide who can see and use your information on a case-by-case basis. We do not use your health information for commercial purposes unless we ask and you clearly tell us we may. In addition to the core privacy principles listed above: We do not use the data in your HealthVault account for advertising – without your explicit opt-in consent. Microsoft has established stringent privacy guidelines for Microsoft HealthVault– designed in consultation with consumer privacy advocates. HealthVault Privacy Statements Our privacy commitments to you are made in the privacy statement for HealthVault. Our goal is to be clear and to avoid jargon and legalese wherever possible. HealthVault users will see prominent notification of any changes to the privacy statements. We audit our privacy practices to help our efforts to meet our privacy goals.   How secure is HealthVault? Our security measures are designed to help deliver on our privacy promises. Microsoft HealthVault was built with security as one of our fundamental goals. Design Microsoft aspires to the highest standards of security to safeguard consumer health information from theft, loss, or damage. The Microsoft Secure Development Lifecycle is applied to the development of the platform, and HealthVault has had extensive security testing from internal and external parties, including penetration testing by “white hat hackers.” Microsoft HealthVault allows you to manage access not just by other people, but by programs you use as well. Combined with data encryption and other security measures built into Microsoft HealthVault, these access rules help keep you in control of what happens with your personal information. Operations HealthVault servers are located in controlled facilities, in physically separate locked cabinets. Traffic in our datacenters runs on  a virtually separate network. All health information transmitted between HealthVault servers and and program providers' systems, is encrypted. When we back up data, the media is encrypted.   Who can access my data stored in HealthVault? You (and other custodians you may invite) control access to your data. You can share access with another HealthVault user, with permissions you define. You can also allow HealthVault programs to access the data; the program requests authorization for specific activities, which you can allow or deny. Refer to the privacy statements of those programs for information about their privacy policies and about how your information will be used by those programs. You and the other Custodians who may be invited, are the only ones who can give permission to other users to view or change any data in HealthVault. Other users you share access with can authorize no more than their own level of access to HealthVault programs. Important: If highly sensitive information is stored in health records you manage, you need to consider carefully who you share the information with.   Can I store the health information for more than one person in HealthVault? Yes. You can create a separate Health Record for everyone whose health information you control. For example, you can create records for your family members and pets. With separate records, you can manage the data for each person separately.   How does data get in or out of HealthVault? Health information is added to HealthVault through HealthVault programs. Some programs also read or copy data from the Health Records. Programs perform specific tasks, such as logging and graphing your exercise statistics. Custodians have control over which programs can access a health record, and can review what data, if any, programs can read from each Health Record, and whether or not programs can add or change data. You will find a directory of HealthVault programs onthe HealthVault Web site.   What programs work with HealthVault? You will find a directory of HealthVault programs onthe HealthVault Web site.   How do I sign up for HealthVault? It's easy to sign up for HealthVault. Just go to www.healthvault.com . You will need a Windows Live ID, which you can create at the same time you sign up for HealthVault.   How much does HealthVault cost? HealthVault accounts are free.   What can a custodian do? Custodial access is the highest level of access. You automatically have custodial access to any record you create. A Custodian of a Health Record can: View and change everything in the record, including: the record profile (postal code, birth date, and so on) information about which people and programs the Health Record is being shared with the history of all changes to the record, including health information that has been deleted Delete the record completely from HealthVault Grant to others any level of sharing access to the record, including custodial access Revoke anyone's access to the record, including other Custodians, and including the Custodian who granted them custodial access in the first place. Important: Because anyone with access could violate your privacy, and a new custodian could even cut off your access to your own Health Records, we urge you to consider carefully before you grant Custodian-level sharing access to your records. Share Custodian-level access only with a person you are sure will treat the Health Record with as much confidentiality as you do.   Why Is a Record Read-Only? A record may be marked Read-Only in the Health Records list if HealthVault administrators are investigating suspicious activity in the record. To resolve the issue, please contact Customer Service   How do I reactivate suspended records? A record may be suspended if HealthVault administrators are investigating suspicious activity in the record. To resolve the issue, please contact Customer Service   Why does HealthVault collect personal information? To create a HealthVault account, you must provide personal information such as name, date of birth, e-mail address, gender, and postal code, along with additional optional information such as ethnicity and language. This information is used to create your first Health Record (the record for yourself). You can choose whether to share this information with programs to obtain certain services. When you create a Health Record, HealthVault collects personal information about the person the record is for. Custodians can choose whether to share this information with programs to obtain certain services. About the information requested when creating health records: The Nickname, Photo, and Relationship are used to help you identify the record when you see it in the Health Records list. First name and Last name are shared with other users and programs that you authorize to access the record. Street address information is optional, but if you fill out any address fields, you must fill them all out. Important: If you share a record, the other user will be able to see all the information provided, on the Profile tab for the record. Anyone with Custodian-level access will be able to edit the information.   Someone invited me to share a Health Record. What do I need to know? If you received an invitation to share a Health Record in HealthVault, here is some information you should know. Important: Some of the information stored in Health Records may be highly sensitive, so please respect the privacy of the record holders. A Custodian of the Health Record that was shared with you has granted you one of three sharing levels. View the health information (time-limited access) View and modify the health information (time-limited access) Custodian access to all information (no time limit) (see more information below) When you follow the link in your sharing invitation, you will see a message indicating which level of access you were granted. The person who invited you to share the record has also specified what information you have access to. You may be limited to a certain type of information (such as aerobic exercise sessions, for example) or you may have access to all types of health information in the record. (Custodians always have access to all information in the record.) Finally, the person who invited you to share the record may have set an expiration date for your access to the record. (Custodian access never expires.) Access becomes active only when you accept the invitation. If you do not accept the invitation within 3 days, it will expire. If for any reason you need a new invitation to share the record, contact the person who invited you. Important Information About Custodian-Level Access Custodial access is the highest level of access. A Custodian of a Health Record can: View and change everything in the record, including: the record profile (postal code, birth date, and so on) information about which people and programs the Health Record is being shared with the history of all changes to the record, including health information that has been deleted Delete the record completely from HealthVault Grant to others any level of sharing access to the record, including custodial access evoke anyone’s access to the record, including other Custodians, and including the Custodian who granted them custodial access in the first place.