Microsoft HealthVault Explains Privacy Considerations with Facebook Integration

Last week on the Family Health Blog, the Microsoft HealthVault team announced it would let users sign in with Facebook, and also explained the privacy considerations around the move:

For many folks, Facebook is the Internet --- the social networking juggernaut has become the starting point for an incredibly broad swath of online activity, and “health” happens there all the time .

With this release, we’re acknowledging Facebook’s central role in people’s lives by allowing users to sign into HealthVault using their Facebook credentials. It’s important to note that this does NOT mean that HealthVault information will show up on your wall! Today, data only moves from Facebook to HealthVault, not the other way around --- we use your name, birthdate, etc. from Facebook to populate the HealthVault signup form, but that’s it.

Note that there may be great opportunities to create native Facebook applications that include HealthVault data … we just want to be sure folks understand that it is not happening now, and would only ever happen with explicit, separate user opt-in.

The Facebook team has been really supportive of our moves in this area. We have been super-impressed with the seriousness with which they’ve responded to recent security issues . It is also a perfect complement to our recently-announced “second factor” account protection option --- if they like, users can log in with their Facebook credentials but get an extra security boost by having HealthVault call them on their mobile for confirmation before granting access.

-- David Burt, CISSP, CIPP