ActionUrl, Privacy and Terms of Use
As many of you know, the HealthVault platform asks each application to register a single ActionUrl that understands a variety of redirect targets. These redirects are generally used in scenarios where the application first redirects to the HealthVault Shell in order to accomplish some platformy task like App AuthZ or Record Picker and then the Shell wants to redirect back into the application once this task has been completed by the user. We require that this URL is specified in advance rather than at run-time for security reasons – the HealthVault Shell will only redirect to URLs that have been reviewed by our HealthVault Go-Live Team.
Some HealthVault applications do not have a web server upon which to host there ActionUrl. For example,
- PatientConnect applications tend not to have any UI of their own
- SODA applications run on fat clients, not on the web
But the HealthVault Application Authorization process for these (and all) types of applications must include a way for the user to read the relevant Privacy Statement and Terms of Use before authorizing data sharing. This is part of Microsoft’s Privacy Promise to our end users. So for these types of applications, we allow the developer to load the entire body of each legal statement into their HealthVault Application Configuration and then the HealthVault platform can display this statement directly to the user when needed.
Our Application Configuration Center does not currently make this part clear, but the platform only uses these hardcoded statements if no ActionUrl is specified in the application configuration. If a non-empty ActionUrl is in the config then the HealthVault platform will ignore the statement fields.
Note that we plan to change this behavior in our 1003 release, currently scheduled for March 2010. After 1003 the platform will use the hardcoded statement in situations where both a statement and an ActionUrl are available.
We apologize for any confusion that this state of affairs is causing. If you have questions on this topic, please ask on our Developer Forum or use the Comments below.
EDIT: You can learn more about the HealthVault Shell Redirect Interfaces in this article on MSDN.