Friday, May 14, 2010

Re: Personal Health Records May Not Be So Personal

When I saw the "Personal Health Records May Not Be So Personal" article I had high hopes at the level of detail they went into. But I was simply disappointed at the lack of detail in the article. I guess and hope that the detail in their actual research is more complete. Their first failing is that they only looked at 'tethered-PHR', explicitly excluding standalone PHR. A tethered-PHR is when a patient is given some form of access into their doctors EHR. This is not the same as a standalone PHR that has multiple data sources and other value. A tethered-PHR has only access to the information that the one EHR provides. This is not a bad functionality, but when it comes to the topic they wanted to investigate it is too limiting.

Overall, the PHR concept itself needs some major maturity. Until more patients try it out and many iterations happen the concept of what a PHR should be is still very 'alpha'. I did like the list of PHR features that they identified. The very small number of people using a PHR (7%) are a vocal minority that are truly interested in participating in the management of their data. I have played around with my provider's Tethered-PHR, and the other standalone PHR. I am motivated to try these tools, but I must simply not be sick enough to get any value out of these tools (not that I am complaining).
Researchers assessed the following 10 PHR policies at each organization:
  • Patient proxies enable PHR access;
  • PHR access for minors;
  • Patient views of electronic health record clinical notes;
  • Patient views of EHR diagnosis list;
  • Patient control of information access;
  • Research using self-entered data;
  • Third-party PHR Web advertising;
  • Emergency, "break the glass" access;
  • Normal lab results PHR availability; and
  • Clinical response to patient e-mails.

I would like to respond to a specific thing that was said:
Reti [Shane Reti -- an author of the report and a physician at Beth Israel Deaconess Medical Center] noted that other commercial PHR products, such as Google Health and Microsoft HealthVault, actually lead the field when it comes to patient-centered functions. He said that because such firms are not considered covered entities under HIPAA, they are not bound by the same privacy and security regulations. Reti said that Google and Microsoft still comply with HIPAA regulations, but they "are able to be more creative and move quicker because they don't require the same sign offs and double checks of HIPAA." More
This is NOT so much because they are 'covered entities', as that they are a healthcare provider and are bound by 'Medical Records Regulations'.This does not change the rational that Google Health and Microsoft Healthvault can move faster because they likely don't have as many 'sign offs and double checks'. I am just pointing out that these sign offs and double checks are far more likely a reaction to medical records and torte law. Of course, the standalone PHR vendors will eventually do something stupid, and will over time add checks and double checks. They simply are less burdened by the costs of their mistakes.