Confidentiality Issues with Personal Health Records
Personal Health Records (PHRs, also referred to as Electronic Medical Records or EMRs) are on the rise across the United States. As noted in earlier Dark Daily e-briefings, doctor’s offices and hospitals are not the only players implementing PHR solutions. Even major employers (see Corporations Take Electronic Health Records into their Own Hands) are taking active steps to provide their employees with PHRs.
As use of PHRs becomes widespread and it becomes familiar to patients, it is only natural that they will want assurance that their personal medical history, kept in an electronic form, can be kept private and secure. Many health care facilities report difficulties in selecting a PHR vendor because the standards for what constitutes a PHR have yet to be determined. At this point, there is little to guide them. According to President Bush, every American should have an electronic patient health record by 2014.
Recently, the American Health Information Management Association ventured to offer a definition: “The personal health record is an electronic, universally available, lifelong resource of health information needed by individuals to make health decisions. Individuals own and manage the information in the PHR, which comes from healthcare providers and the individual. The PHR is maintained in a secure and private environment with the individual determining the rights of access. The PHR is separate from and does not replace the legal record of any provider.” The industry is not embracing this definition wholeheartedly because the definition declares that PHRs are individually owned and maintained. Of course, laboratory executives and pathologists will recognize the threat this represents to the longstanding practice of the laboratory maintaining a repository of laboratory test data.
One company that has embraced the concept of a personally-owned PHR is CareGroup Healthcare System in Boston, MA. The group operates a Web-based PHR called PatientSite that provides patients access to their medical records as well as other personal and general medical information. “Patients love to have access to their data, but very few patients put their own information in,” says John Hamalka, CareGroup’s Chief Information Officer. This is probably the result of inertia or apathy on the part of the patients, coupled with concern about the security of the data they input into their patient health record.
CareGroup’s PHR advises patients, “Please remember that, if you have medical insurance, you have likely signed a release giving your insurance company permission to request your medical records. In sending messages via PatientSite, please use discretion if there is information that you would not want to see appear in your permanent medical record.” Healthcare underwriters may come to love and embrace PHRs because PHRs will save them a significant deal of money when they are trying to underwrite a new application for healthcare. Soon, a chronological record of healthcare information for each potential insured should be available in that person’s PHR. For patients with pre-existing medical conditions that they are trying to cover up, the PHR makes information too available to insurance companies. For patient’s seeking insurance at large, however, better access to information for insurers should bring down the cost of insurance applications, and, perhaps even insurance premiums.
Another example of a healthcare system embracing the concept of the personally-owned PHR is PeaceHealth system in Bellevue, Washington. It developed a community-wide PHR to serve chronically ill patients. PeaceHealth’s PHR system enables patients to limit access to all or part of their information for each provider in the community who is a member of their “care team.” The site also produces an audit trail that patients can use to view a list of anyone who has accessed their records. Giving patients the ability to control access and see who accesses their PHR will undoubtedly make PHR system development costs higher, but may provide the level of security that patients need to embrace and use PHRs.
Laboratory data will be among the first types of data contained in PHRs. Dark Daily suggests that laboratories pay attention to patient confidentiality issues with PHRs as they will likely prove extremely important as to how soon PHRs transition from being an American healthcare goal to an American healthcare reality.
Related Articles:
Environmental Scan of the Personal Health Record (PHR) Market
(see section 4.0)