HRs, as well as public awareness and attitudes regarding them, have been rapidly evolving. A2005 consumer survey
titled “Electronic Personal Health Records: A Survey of Consumer Attitudes and Usage” revealed that more than 50% of the respondents had never heard of PHRs; after a PHR was described to the respondents, 82% were unsure if they would use it. A survey conducted by the Markle Foundation in the same year demonstrated that only 60% of respondents supported the creation of secure online PHR services
With the field of PHRs now significantly expanding to include providers, payers, employers, and information technology industry giants, such as Microsoft and Google, public awareness and attitudes regarding PHRs have changed. More than 95% of respondents to a December 2006 Markle survey
said it is important for physicians to be able to access to all of a patient’s medical records in order to provide the best care. A similar number of respondents wanted individuals to be able to access all of their own medical records to manage their own health. A November 2007 Wall Street Journal Online/Harris Interactive Health-Care Poll
found that, “A sizable majority of Americans believe electronic medical records have the potential to improve US health care and that the benefits outweigh privacy risks.” The poll also revealed that a vast majority of Americans want access to their health information, with 91% of those polled saying “patients should have access to their own electronic records maintained by their physician.”
It is likely, therefore, that many practicing physicians will be asked by their patients about PHRs. We’ve prepared a PHR primer to help physicians answer questions from curious patients.
Although there are many types of PHRs offered on the market, there are several key elements all have in common. PHRs:
Empower healthcare consumers.
Include comprehensive healthcare data pertaining to the consumer/owner.
Are a lifelong record.
Are universally accessible over the Internet.
Are managed and controlled by the individual/proxy.
Are secure and the privacy and confi dentiality of the health information is protected. Th e Healthcare Information and Management Systems Society (HIMSS) defi nes PHRs as:
Universally accessible, laypersoncomprehensible lifelong tools for managing health information, promoting health maintenance, and assisting with chronic disease management via an interactive, common data set of electronic health information and e-health tools.
Owned, managed, and shared by the individual or his or her legal proxy.
Secure to protect the privacy and confi dentiality of the health information it contains.
Not a legal record unless so defi ned and therefore subject to various legal limitations.
The PHR is a lifelong record that includes all health information from all sources for an individual. Th e secure electronic transfer of personal health information (PHI) is necessary to achieve this. As electronic PHI from providers, pharmacies, payers, and others is made available for electronic exchange with third-party PHRs, individuals may choose to send their information to them. However, it is important to note that these third-party PHR vendors are not covered by HIPAA regulations, and therefore do not have to comply with standardized requirements regarding the privacy, security, and data usage of the PHI that is sent to them under federal or state regulations.
Healthcare consumers should have the right to control the movement of their data to such third-party PHRs, but they also should have the right to know that currently there are no established federal privacy, security, and data usage standards such as HIPAA governing such entities. Th ere are also no regulations requiring periodic oversight and audits to ensure that such entities comply with their own stated privacy, security, and data usage standards. Ideally, HIPAA regulations could be extended by Congress to also apply to all third-party PHR vendors. In the interim, or if HIPAA regulations are not extended, it is recommended that: