Sounding Board: A Personal Health Record Primer

MDNG Primary CareApril 2008
Volume 10
Issue 4

With the field of PHRs now significantly expanding to include providers, payers, employers, and information technology industry giants, such as Microsoft and Google, public awareness and attitudes regarding PHRs have changed.

HRs, as well as public awareness and attitudes regarding them, have been rapidly evolving. A2005 consumer survey titled “Electronic Personal Health Records: A Survey of Consumer Attitudes and Usage” revealed that more than 50% of the respondents had never heard of PHRs; after a PHR was described to the respondents, 82% were unsure if they would use it. A survey conducted by the Markle Foundation in the same year demonstrated that only 60% of respondents supported the creation of secure online PHR services.

With the field of PHRs now significantly expanding to include providers, payers, employers, and information technology industry giants, such as Microsoft and Google, public awareness and attitudes regarding PHRs have changed. More than 95% of respondents to a December 2006 Markle survey said it is important for physicians to be able to access to all of a patient’s medical records in order to provide the best care. A similar number of respondents wanted individuals to be able to access all of their own medical records to manage their own health. A November 2007 Wall Street Journal Online/Harris Interactive Health-Care Poll found that, “A sizable majority of Americans believe electronic medical records have the potential to improve US health care and that the benefits outweigh privacy risks.” The poll also revealed that a vast majority of Americans want access to their health information, with 91% of those polled saying “patients should have access to their own electronic records maintained by their physician.”

It is likely, therefore, that many practicing physicians will be asked by their patients about PHRs. We’ve prepared a PHR primer to help physicians answer questions from curious patients.

Although there are many types of PHRs offered on the market, there are several key elements all have in common. PHRs:

  • Empower healthcare consumers.
  • Include comprehensive healthcare data pertaining to the consumer/owner.
  • Are a lifelong record.
  • Are universally accessible over the Internet.
  • Are managed and controlled by the individual/proxy.

Are secure and the privacy and confi dentiality of the health information is protected. Th e Healthcare Information and Management Systems Society (HIMSS) defi nes PHRs as:

  • Universally accessible, laypersoncomprehensible lifelong tools for managing health information, promoting health maintenance, and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools.
  • Owned, managed, and shared by the individual or his or her legal proxy.
  • Secure to protect the privacy and confi dentiality of the health information it contains.
  • Not a legal record unless so defi ned and therefore subject to various legal limitations.

The PHR is a lifelong record that includes all health information from all sources for an individual. Th e secure electronic transfer of personal health information (PHI) is necessary to achieve this. As electronic PHI from providers, pharmacies, payers, and others is made available for electronic exchange with third-party PHRs, individuals may choose to send their information to them. However, it is important to note that these third-party PHR vendors are not covered by HIPAA regulations, and therefore do not have to comply with standardized requirements regarding the privacy, security, and data usage of the PHI that is sent to them under federal or state regulations.

Healthcare consumers should have the right to control the movement of their data to such third-party PHRs, but they also should have the right to know that currently there are no established federal privacy, security, and data usage standards such as HIPAA governing such entities. Th ere are also no regulations requiring periodic oversight and audits to ensure that such entities comply with their own stated privacy, security, and data usage standards. Ideally, HIPAA regulations could be extended by Congress to also apply to all third-party PHR vendors. In the interim, or if HIPAA regulations are not extended, it is recommended that:

  • The public should be educated regarding any potential implications surrounding the exchange and usage of PHI in the context of a PHR.
  • All PHR products should clearly, simply, and concisely list their security, privacy, and data usage policies and make them available in a consumer-friendly fashion.
  • Standards be established for the electronic data exchange and the privacy, data usage, and security for PHI with non-HIPAA-covered PHR products.

There should be disinterested third-party validation and periodic audits to ensure PHR products’ compliance with their stated policies. When patients ask about electronically transferring their personal health information to third-party PHRs, physicians should educate them regarding HIPAA regulations and remind them that third-party PHRs are not covered by HIPAA. Physicians should also advise patients to carefully review the PHR’s terms and conditions of use and encourage them to make their own informed decision regarding proceeding.

Mary P. Griskewicz, MS, FHIMSS, is the director of Ambulatory Health Information Systems for HIMSS. MDNG editorial board member Holly Miller, MD, MBA, is vice president and CMIO at University Hospitals, a community-based system that serves patients at more than 150 locations throughout northern Ohio. She currently serves as chair of the HIMSS PHR Steering Committee.

Related Videos
© 2024 MJH Life Sciences

All rights reserved.