Just in time for HIMSS: new HealthVault features!

Believe it or not, there's more to my life than the Direct

Later this week I'll be hopping a plane to Florida to attend
the 2011 HIMSS conference. I'm
not much of a show-type person, but they had me cold at "minutes from Disney World" --- I'm staying at
the Beach
next to Epcot
and cannot wait to see the new "Magic,
Memories and You
" show --- they "paint" Cinderella's Castle with colors,
patterns and guest pictures taken throughout the day --- the videos online are
just stunning. So cool.

(Yes, for long term readers this all may sound
a bit familiar
. I'm nothing if not predictable.)

Anyways --- today I get a fun job --- talking about some
great new features we'll be rolling out for HealthVault next week before the
show. Our success depends on delivering great developer and end-user experiences,
and I am super-proud of the progress we've made with this turn of the crank.
Check it out!

Started" Wizard

We've done a pretty good job of making it easier to assemble
and keep your health information up to date automatically. Just as a sampling,
we've got connections to pharmacies like CVS
and Walgreens;
lab services like Quest;
a ton of home
monitoring devices
; clinical sources like Blue
and HealthVault
Community Connect
; services like Unival
and Zweena
that convert paper records; even the ability to fax information directly into
HealthVault with MaxEmail.

But for all this awesomeness --- it can be really awkward to
open a HealthVault account, only to find yourself staring at an empty record.  Where do you start? That's why we've created
the Getting Started Wizard.

Immediately after signup, the Wizard steps new users through
a few questions about which healthcare services they already use, and which
health topics are most relevant to themselves and their families. Based on the
answers to these questions, we walk them through establishing data connections
and even recommend HealthVault applications that may best serve their needs
(important note: these are not advertised or paid placements!). We think that
avoiding the "blank page" problem will really help users take advantage of HealthVault
services that best meet their needs.

PhoneFactor "Second Factor"

People have enough passwords to remember already. We aren't
interested in adding more to the list, which is why our goal is to allow users to
take advantage of credentials they already use every day. Today we do this by
integrating with Live ID and Open ID, and we expect to add more authentication
partners as appropriate for different global regions or user interests (teaser:
stay tuned for more news on this front in the coming weeks!).

But a person's health information is pretty sensitive, so
we've been researching ways to "up the ante" on all of these authentication
methods --- providing ways for our users to strengthen the security of their
accounts without compromising the convenience of using a password they

We're excited to have found a great solution in PhoneFactor. With this service,
HealthVault users can elect to receive a phone call at a number of their
choosing whenever there is an attempt to log into their account. If the attempt
is valid, they just press "#" on the phone and are granted access. But if it's
not, even with a stolen password the account is protected.

Pretty sweet, huh? By leveraging a device we all carry all
the time anyways, PhoneFactor has delivered a really powerful --- and really
convenient --- extra layer of security. Of course it's an optional add-on for
users, but I hope it gets pretty widespread use.

Experience Improvements

As silly as it may seem, one of the things that we've
struggled with ever since launch is how to make it really easy to sign up.
There are a ton of "brands" that the user is pushed through along the way ---
starting with an application like the American Heart Association's Heart360, then dropping into HealthVault
signup, and then dropping into
Windows Live ID signup. It's pretty dissonant and causes angst with both users
and partners considering relying on HealthVault as a core technology.

With this release, I think we've really nailed this. We've
been able to start using the same backend services that Xbox LIVE uses to combine what used
to be a bunch of pages into just one. Signing up for HealthVault now feels a
heck of a lot more natural and angst-free.

I love this kind of iteration --- the epitome of "just keep swimming" ---
it really makes a difference.

Blue Button Support

We announced support for
import of Blue Button files
last fall. Blue Button is a great program that
enables veterans and Medicare beneficiaries to download copies of their health
information. The downloaded files can then be added to HealthVault so the
information can be used with any of our dozens of partner applications.

With this release, we've taken the "preview" application we
built and integrated the functionality directly into HealthVault. So now Blue
Button files can be uploaded directly from the HealthVault Shell. Even better,
as part of the Getting Started Wizard we'll check if people have BB files
available and help get them uploaded if so.

For the nerds like me in the audience, we also did some neat
technical things with this feature. We expect that there will be rapid
evolution of the BB format, and lots of new companies choosing to provide BB
downloads. The code we wrote to parse the files is isolated from the rest of
the main HealthVault service --- so we can quickly iterate as new formats
become available without causing undue risk to the core functions of the
service. Nice!


This is another one for the developers in the audience.
Until now, HealthVault has been exclusively a request-based service. That is
--- you talk to us; we don't reach out to you. This generally works really
well, because having a bunch of interleaved communications over a distributed
network like the Internet gets really complicated really fast. But it does have

In particular, until now applications that wanted to serve
as "guardian angels" by looking at new data coming into a record --- say, a
service that checks for interactions each time a new medication is added, or a
chronic care service like Kaiser
that delivers home monitoring results to clinical staff --- have
had to continuously "poll" HealthVault for these changes, asking every hour or
so, "anything new? How about now? Now? Now? NOW?" Obviously this is really

That's where eventing comes in. With this new feature,
developers can say --- hey, any time changes are made to records I'm authorized
to access, please let me know by calling this URL back at my site. Even cooler,
they can provide filters so that they're only called when information they care
about changes or is added ... just medications, for example.

Applications can ask for notification on other types of
events as well --- for example, if a user "de-authorizes" a record for an
application, it can get a proactive notification. (
Whoops, my bad! This didn't make the cut for this release ... consider it a preview! ---Sean, 2/14)

Eventing takes advantage of a pretty big enhancement we made
to the platform originally to manage signature validation for medical images
uploaded to HealthVault --- I love it when code we build for one purpose is
robust and flexible enough to be used for another!

Language Support, aka China here we come!

Microsoft is full of acronyms and abbreviations... "CJK"
stands for Chinese, Japanese and Korean --- the languages that traditionally
were super-scary for developers because they used the so-called "double-byte"
system to represent text strings. There were so many characters in these
languages that the traditional 8-bit "byte" couldn't describe all of them. But
space was at a premium, so rather than just use more space for every character,
a complex system was created that used a variable number of bytes for each
character, and they had to be processed in sequence to make sense. Many a
1980's college computer science major was flummoxed in their Microsoft
interview by the infamous "double-byte delete" problem.

Anyways, I digress. These days we all use Unicode, which
just takes us back to a simpler model in which (most of the time) every
character is just two bytes. Much easier! However, these languages still pose
some unique challenges for localization --- number formats, units of measure,
etc. --- and some healthcare variations such as the "vocabularies" used to
represent medical knowledge.

Bottom line, this work enables us to launch in China, as
we announced
a few months ago. This is so awesome --- the Chinese are
building hospitals like they are going out of style, but there is a desperate
need for healthcare to reach across the country and into rural areas. As part
of national health reform, China has specifically called out availability of citizen-focused
health tools as a key goal. HealthVault is perfectly set up to help solve these
very real problems in China --- I can't wait to see this start to happen.


There's at least one more teaser to come pretty soon, but
they won't let me talk about it --- so I guess I'm done for now ... whew! Another
great release, it is so gratifying to see this team keep pumping out
high-quality improvements, each one of which gets us that much closer to the
tipping point for broad-scale individual engagement in the healthcare system.

2011 is already turning out to be an awesome year!



Comments (6)
  1. The HV login page only shows the OpenID icon and then requests you to enter the OpenID endpoint. I don't imagine my mom being able to get into through that system. There should atleast be an icon for Google, Yahoo to tell people that you can login using these emails and we should fill in the details of the endpoint URL.

    Lastly, Facebook and Twitter are quickly becoming the preferred choice of many for authentication. The new hot startups like Quora are only using these for auth. You can think about adding support for them as well.

    Just my $.02.

  2. Sean Nolan says:

    Hitesh — agree, to-date OpenID has been a feature focused on folks who know what they want already — we plan to add a logo-roster as usage grows in that area. Interestingly — we do not current accept Google or Yahoo creds because they haven't (in the past, I haven't checked lately) supported https:// openid endpoints. We're always re-evaluating that list though.

    As for the other credential types you mention — my lips are sealed for now. 🙂

  3. Sting Tao says:


    I try to use my msn messenger account for signin, and I see the following message:

    There was a problem creating your HealthVault account. Please review the following issues:

    Your request did not include a required identity code.

    Please contact your provider with this information and ask the provider to send you a new request with a valid code.

    Please hint what went wrong?

    Sting Tao

  4. Sean Nolan says:

    Sting —

    You're probably trying to log into healthvault.com from a country outside of the United States? Because we license HV internationally, the instance in the United States is only available to folks here in the country. Once an account is created, it can be accessed from anywhere (e.g., if folks are travelling) — but creation has to happen within the borders.

    Not the best error message, I will grant you. 🙂 I'll file a bug on that.

    If you just want to give the HealthVault interface a spin and see what it's like, our developer site at account.healthvault-ppe.com can be accessed from anywhere in the world. Of course, you can't use that system for real personal information, but it will give you a sense of the platform at least.

    Hope that helps!


  5. Sting Tao says:

    Thanks for the info.

    I will look at the developer site. If in the future I'd like to integrate with HV with our app and services, who is the BD to contact?

    Thanks again! Your response is fast and accurate.

  6. Sean Nolan says:

    Great! You can get in touch with our business development team by emailing hvbd "at" microsoft.com — that will get you started. Thanks!


Comments are closed.

Skip to main content