Go-Live Guide

1) Microsoft HealthVault Solution Provider Agreement

Contact the HealthVault Business Development team to complete your Solution Provider Agreement. The agreement includes requirements for your privacy statement and handling of end-user data, and use of Microsoft trademarks. A fully executed final agreement is required prior to go live authorization onto the HealthVault platform.

To proceed, please email our Business Development team at hvbd@microsoft.com.

2) Application Review

There are several areas that we ask you to review prior to initiating the go-live process for your application.

Application Configuration Review
Use the Application Configuration Center to be sure you have all details added to your configuration.

HealthVault Integration and Branding Review
Schedule a review with the HealthVault team on your integration and use of HealthVault branding.

Customer Support Information
Provide application support contact information so that Microsoft Customer Support can refer your customers to the right place.

3) Application Discoverability

When you announce to the world that your application is now HealthVault enabled you may also want to take advantage of the HealthVault directory.

HealthVault Application Directory
List your solution in the healthvault.com web application directory.

Application Configuration Review

Start by opening your application configuration in the Application Configuration Center located at https://config.healthvault-ppe.com.

NOTE: If you don’t see your application listed on this page, you may need to either create a new ApplicationID or “claim” admin rights to your existing ApplicationID. 

• If you haven't created an ApplicationID, follow the process on the Generating and managing an ApplicationID page.
• If you have an existing ApplicationID and do not see it listed, follow the link and process on the Application Configuration Center home page to submit a request to associate your application id with your HealthVault account. After submitting the request, be sure to also follow the link to send an email requesting the action.

With your application configuration open, click through each tab and verify the following information:

On the Information tab
All information on this page is required and is presented to the consumer when they are requested to approve access to their HealthVault information for your application.

• Logo should be no larger than 120x60 pixels and 120 KB. 
  

  We recommend that the logo image be twice as wide as it is high. In the case where your logo does not match those dimensions, we suggest using the PNG or GIF formats and applying a transparent background. This will prevent any stretching/skewing and provide a consistent look across all page background colors.
  

• Application Name is used to identify the application.
• ActionUrl must be protected by HTTPS. The URL you enter in this field must begin with "HTTPS" (not "HTTP") to enable secure communication between all clients and servers. The page you specify in this field must be capable of understanding the targets that can be passed. Mandatory targets include Privacy and ServiceAgreement, both of these should be reachable by a consumer who is not signed-in, and AppAuthSuccess which is required for your HealthVault integration. For more information, see the Interacting with ActionURL how-to guide.
  
  

  Your Solution Provider Agreement will include requirements for privacy commitments and how you display your privacy statement in your application.

• Data Access Reason should make sense to consumer and should describe how their data will be used in your application.
• Description should accurately describe the functionality of your application. Suggested length is less than 200 characters.

On the Methods tab
The default set of methods selected are Basic Set and Hosted Web Application. These two method groups should be sufficient for most web applications. Some of the optional methods require additional review by the HealthVault team and/or additional terms in your HealthVault Solution Provider Agreement. 

• Basic Set - Selected and disabled by default. Common methods used by all applications.
• Hosted Web Application - Selected and disabled by default. This allows a web application (non-desktop application) to communicate with HealthVault.
• Application requires access to ConnectPackage methods - Optional. This method set allows access to connect to the HealthVault platform from back-end clinical systems.
• Application requires access to create an OpenQuery - Optional. This method allows your application to use OpenQuery. When selected, this item may require additional review.
• Application requires access to be Master (should remain checked for master app) for application provisioning -Optional. This method set allows a master application access to provision child applications and to get authorized connect requests for child applications. You must first request access to enable this option by following the request link on the Misc tab, and may require additional review. For more information, see the Master and Child Application IDs how-to guide.
• Application requires access to send e-mail through HealthVault - Optional. This method allows your application to send email to HealthVault account owners through the HealthVault platform. When this is selected, the Domain sending e-mail is required. This item may require additional review.

Online & Offline Access
By default, there is a single online rule created when you first create your application configuration. This rule can be edited to include the set of data types and level of access your application requires. You can also add new rules if you require different levels of access to different data types. The detail for each access rule is displayed to the consumer during the application authorization approval process. It is critical that these rules contain no more access to the consumers' HealthVault data than is required by your application.

• Rule Name - This is an optional field allows you to name your sets of rules for ease in programming. It is not displayed to the consumer of your application and is not required except when you have any rule set to optional (Is Optional = True). When there are any optional rules, then all rules must have a Rule Name defined.
  
  

  Note: If any rules have a Rule Name, then all rules must have a Rule name.

• Permissions - This defines the level of access your application requires for the selected set of data types. Be sure to set this to the minimum set required for your application for each set of data types. If your application requires a different level of permissions across the set of data types, then you should create multiple rules that group the data types with the corresponding levels of permission.
  
  

  For example: if your application charts existing weight measurements and allows creation and editing of profile information, then you should create two rules with the first rule having Read permission for the Weight Measurement data type and the second rule having Create,Edit, Update,Delete (or All) permission for the Personal Demographic Information data type.

• Data Types - The set of data types your application requires to function. Be sure that you only select the set of data types that your application uses so there are no surprises for your consumer.
• Is Optional? - This allows you to create rules that do not require the consumer to approve access for them to be able to use your application. It is strongly suggested that all rules be marked optional beyond those that represent the core functionality of your application.
  
  

  For example: if the primary scenario of your application is to chart existing weight measurements and as a secondary scenario, it can allow editing of profile information, you should consider creating two rules with the first rule having Read permission for the Weight Measurement data type and not marked as optional and the second rule having All permission to the Personal Demographic Information data type and marked as optional.

• Why String - This is required for all rules and should be less than 160 characters. Each Why String should accurately describe why your application is requesting the specified access and how that information will be used if approved by the consumer. These descriptions should be a refinement of the Data Access Reason that you entered on the Information tab and are especially useful when you have set the rule to optional (Is Optional? = True). These descriptions are presented to the consumer when they are requested to approve access to their HealthVault information for your application.
  
  

  For example: Here are some samples that you can use to build your own Why Strings.
  

  Permissions	Data Types	Is Optional?	Why String
  Read	Blood Pressure Measurement	False	Fabrikam Health needs to read your Weight Measurements to be able to create your personalized Weight Tracker report. It does not modify any measurements.
  All	Personal Demographic Information; Basic Demographic Information; Personal Image	True	You should allow this access if you want to be able to update your profile information through the Fabrikam Health application.

  
  

PublicCert
The public key for your security certificate (.CER) is required to be uploaded in order for your web server to communicate with the HealthVault platform servers. It is strongly recommended that you upload a 2048-bit version for increased security although a 1024-bit version can be used if necessary. During development, you will want to upload the public certificate for your development server and when you are ready to go live with your web application, the public key representing your production web server must be sent to the HealthVault team as part of the go-live process. You can learn more about creating and uploading a security certificate in the Generating and managing an ApplicationID how-to guide.

Misc
This collection of options allow for additional customizations for specific scenarios.

• Automatic user sign-in / Automatic user sign-in duration - Optional. These two options combine to allow consumers to bypass the sign-in process when returning to your application. To enable this feature, you must select Yes for Automatic user sign-in and specify a duration in seconds until the automatic sign-in expires.
• Client Token (GUID) - Optional. The ID representing your application.
• Change Application Type to Master - The default application type is a web application with online auth rules. Use this radio button to turn on Master Application functionality for this application. For more information, see the Master and Child Application IDs how-to guide.

When you are ready to schedule your application configuration review, contact hvbd@microsoft.com

HealthVault Integration Review

This is a simple review of your application with the HealthVault team to go over some of the functional and design points of your application. Before scheduling this review you should have already created and reviewed your application configuration (see the previous section) and completed your application development. During this review, you will be asked to demo your application and point out the HealthVault integration. Here are some guidelines you can use to make sure your application is ready for review:

• Your application should not need to ask a new consumer to enter information that is already in their HealthVault record.
• Your application should make it clear to the consumer if any information is stored outside of their HealthVault record.
• Confirm that data entered or updated using your application is stored in the correct data types in HealthVault. 
• Data entered from other applications should also be usable by your application. One way to test this is by using the X-Ray application by Get Real Consulting.
• Verify that your application configuration information is correct and accurate.
• Review your Privacy Statement and Terms of Use to make sure they are completed as described in your partnership agreement.
• If your application uses the HealthVault SDK then it must use a non-Beta version of the SDK. The first non-Beta version of the HealthVault .NET DLLs is version 1.0.2145.4504.
• If your application refers to the HealthVault consumer support content, use the following links:
• http://support.microsoft.com/healthvault - The HealthVault support site for consumers that includes email support & forum links
• https://account.healthvault.com/help.aspx?topicid=HelpDirectory – The help content for HealthVault accounts
• https://account.healthvault.com/help.aspx?topicid=ConnectionCenterHelp – The help content for HealthVault Connection Center

HealthVault Branding Review

Microsoft will conduct a visual review of all HealthVault branding included in your application. You can download available brand assets for HealthVault Solution Providers while building your application. Before this review, make sure you have reviewed the HealthVault Go-Live Branding Checklist online or in the HealthVault SDK. Here are some areas typically covered in the branding review:

• Logo use – Only use approved branding elements and graphics that are available through the HealthVault SDK.  These graphics include buttons for "Copy FROM HealthVault", "Copy TO HealthVault", "Sync WITH HealthVault" and a label for "Stored In HealthVault". Additional information can be found here.
• Describing HealthVault – The Go-Live Branding Checklist provides approved copy messaging for your application.  For detailed description of what HealthVault offers end users and how to use HealthVault, your application should link directly to www.HealthVault.com.
• Privacy Statement – You are not required to use the Microsoft HealthVault privacy statement in your application.  However, if you reference the HealthVault privacy statement, provide the following link: www.HealthVault.com/privacy and do not copy/paste any of the text from the Microsoft HealthVault Privacy Statement.
• HealthVault Trademark – Remember to consult the Go-Live Branding Checklist for instructions on correctly using the Microsoft HealthVault name, how graphics can be used, and suggested descriptive text.

Customer Support Information

• HealthVault operations and customer support teams will want to know the number of users that you expect at launch and your expected growth pattern.
• A security/privacy contact in case the HealthVault team needs to escalate an urgent issue to you.  This can be an issue with your site or an issue with HealthVault.
• Customer support contact info: phone, email, web.  The HealthVault customer support agents may refer users your way if they contact HealthVault customer support about an issue that is specific to your app.
• HealthVault customer support contact info to give your users:

Web: http://support.microsoft.com/healthvault
Forums: http://social.technet.microsoft.com/forums/en-US/categories/
Email is through a form on the web site above

When you have this information, contact hvbd@microsoft.com

HealthVault Application Directory

The Application Directory on the HealthVault website is a great place to educate potential users about your new application when you are ready announce that it is available for use. On the website, there are two categories of applications where we may display your listing:

• Personal - The Personal Web Application Directory is for applications where consumers can immediately start using the application.  It's okay for your application to require a subscription fee.  Applications that require the consumer to live in a certain region or to be a patient of a certain doctor are not listed here.
• Industry - Any application may be listed on the Industry page.

If you want your application to be included in one or both of these directories, the following elements are currently included on directory pages and will be needed when you are ready to be listed.

General Requirements

• Partner Logo - 100x50 pixels - The logo will be placed in the device/application directory as well as the device/application details page.

• Company Description - 300 characters (including spaces) - This is a short description of the company to be placed in the application/device directory.

• Company URL - URL to be listed on device/application directory as well as the device/application details page.

• Try It Now URL - URL to be listed on application/device directory and partner details pages.

Web Applications Requirements

• Application Screenshots - 150x100 pixels - The screenshots are placed in the top right portion of the application details page. The maximum screenshots an application can have is 3.

• High Resolution Application Screenshots - 1024 pixels wide - High resolution screenshots allow the HealthVault team to highlight and focus on your application. The screenshots should have a fixed width of 1024 pixels, and may be whatever height is needed to show the entire application page.

  High resolution screenshots should be saved in one of the following formats:

  • JPG - 72 dpi (screen resolution), highest available quality setting
  • PNG - 72 dpi (screen resolution), uncompressed

• Application Screenshot Labels - 50 characters (including spaces) - Brief labels for application screenshots.

• Application Short Description - 300 characters (including spaces) - Description of the application that is placed in the top left portion of the application details page.

• Application Long Description - Unlimited length - Description of the device that is placed in the bottom portion of the application details page. This string should be in HTML.

Device Requirements

• Device Photo(s) - 80x80 pixels - The device photos are placed inside the top right portion of the device details page. The maximum device photos a partner can have is 4. The rest have to be put in more device column.

• High Resolution Device Photo(s) - 500x500 pixels - High resolution device photos allow the HealthVault team to highlight partner devices.

  High resolution device photos should be saved in one of the following formats:

  • JPG - 72 dpi (screen resolution), highest available quality setting
  • PNG - 72 dpi (screen resolution), uncompressed

• Device Labels - 20 characters (including spaces) - Short labels for devices. Should be model numbers/names.

• Device Short Description - 300 characters (including spaces) - Description of the device that is placed in the top left portion of the device details page.

• Device Long Description - Unlimited length - Description of the device that is placed in the bottom portion of the device details page. This string should be in HTML.

• Device Driver URL(s) - URL to be listed on partner details page

When you are ready to be listed in the HealthVault application directory, contact hvbd@microsoft.com