News Stay informed about the latest enterprise technology news and product updates.

Personal health records not measuring up in privacy, say advocates

The government calls for greater use of personal health records as part of electronic health record systems, but PHRs fall short in data control, privacy and security.

Data privacy is a critical element for patients and developers of electronic health records, but one advocacy group says some EHRs are not designed for consumers to control their own information.

The Patient Privacy Rights Foundation recently launched a “report card” on personal health records (PHRs), scoring several vendors on various criteria. The group looked at various state and federal laws, fair information practices and its own data-control principles to determine whether the PHRs allowed consumers to have control over who saw their information and incorporated privacy policies that were easy to read and understand.

Of the five PHRs that the privacy group studied, only one --- -- received a grade of A for its policies; the others fared more poorly. WebMD LLC received a C for its PHR, as did Metavante Healthcare Payment Solutions’ CapMed, which is intended for emergency information.

Microsoft Corp.’s HealthVault and Google Health received, respectively, a B and D. The programs and partners that offer those two applications to consumers received failing marks for not providing as much security as the platforms themselves, according to the report card.

Personal health records are one component of an integrated electronic health system that includes electronic health records, interoperable information exchange and real-time patient information access. The federal government, in developing meaningful-use criteria for electronic records, plans to require providers to incorporate PHRs into wider electronic systems by 2013.

But incorporating such systems without data controls and privacy policies leaves patients vulnerable to providers, insurers and other parties that might abuse their information, according to Patient Privacy Rights. “Technology is not an impediment” to privacy, but existing systems and laws don’t go far enough to ensure that patients control that technology, according to Ashley Katz, executive director of the privacy organization, who presented the results of the report card during a teleconference last week.

The report card is a means to further dialogue about the steps needed to reach a secure, trusted system, said Deborah Peel, a physician who founded Patient Privacy Rights, during the teleconference. “We think it’s critical for the public to understand how the electronic system works.”

While some physicians have been more reluctant to adopt EHRs, patients are turning to personal records as a way to track chronic conditions, medication history, allergies and immunizations, as well as to monitor weight and cholesterol, said Jeff Donnell, chief marketing officer at Fort Wayne, Ind.-based NoMoreClipboard. Consumers can take that information to doctors and provide reports of conditions to help their physicians make care decisions.

Technology is not an impediment [to privacy].

Ashley Katz, executive director, Patient Privacy Rights Foundation

The company, spun out of electronics health records developer Medical Informatics Engineering Inc., has found that people like to have input into the functions designed for the PHR product, Donnell said. “People are pretty active in sharing their information with doctors.”

NoMoreClipboard operates on an informed-consent policy that allows patients to control their information and determine who will have access to various components of the record. “Ultimately, it is about the patient,” Donnell said.

As electronic records are adopted, the junction at which EHRs and PHRs meet could provide a wealth of information for both patients and providers, and lead to better care, he added. Patients can decide what information to send from the PHR and doctors can decide how much of that information should flow into the EHR.

And as the government rolls out incentives and requirements for doctors to implement EHRs, the motivation to allow for information flow between electronic and personal health records will grow, he said. That “will drive them to be more open to receiving information electronically.”

Let us know what you think about the story; email Jean DerGurahian, News Writer.

Dig Deeper on Electronic health records privacy compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.