Patient Privacy Rights Prepares Report Card on PHRs (Personal Health Records)
Posted Dec 03 2009 11:11am
This report card was based on what was determined to be privacy protection. Below I have listed the comments about using an employer or insurer PHR as stated on the report card you may be giving up some privacy with others having access with waivers or surveys that come with using the program. According to the study, No More Clipboard seems to be the only one receiving an “A”, with Microsoft HealthVault coming in second and the rest you can see from the image below. You can visit the links for each PHR and see the individual grading areas.
There’s also an FAQ section on how the results were obtained and areas of privacy to be aware of. BD
From the website – about employer or insurer provided PHRs (warning)
“Using an employer’s or insurer’s PHRs means sharing personal health information with that employer or insurance company. You aren't guaranteed any control over your private information. Sharing this information puts your employment, insurability, and credit at risk.
Employer and insurer PHRs offer enticing health quizzes that gather and share much more information than you would typically provide including alcohol and drug use, sexual history, eating and exercise habits. Often employers and insurers offer incentives for you to fill out surveys, health assessments, or participate in disease management programs. Employers and insurers can directly access your PHR, enabling them to gather MORE information about your health.
We cannot officially grade PHRs offered by any employers or insurers because access is limited to employees and enrollees. However, we did obtain copies of the form privacy policies for two employer or insurer-based PHRs. Very clearly, they control the use and disclosure of your health information, not you. Here is a sample of what we found in the policies:
Your employer and your group health insurance plan "may use and disclose your protected health information (PHI)."
"the Plan may use and disclose your personal Health Information furnished…by you, your employer, the Plan or any 3rd party"
The PHR "discloses to the Plan or to your employer the fact that you registered…, that you have completed a health risk assessment or that you have participated or are enrolled"
The PHR "limits access to Personal Information to you, the Plan, and any third-party vendor that provides services on behalf of the Plan" along with…all its affiliates. (There may be many third-party vendors and affiliates, with hundreds or thousands of employees who can access your health information!)
“We may use your Personal Health Information (PHI) for certain health care operations—for example,…determining premiums and other costs”
“Your PHI can generally be used or disclosed for research without your permission if an Institutional Review Board (IRB) approves such use or disclosure”
“We may use or disclose PHI to contact you to raise funds for our organization”
Keep in mind that your personal health information can be used broadly under HIPAA without your consent (See FAQ).”
A "PHR" is a Personal Health Record. PHRs can collect and store official records, labs, tests, and claims data directly deposited by providers. They can also store other health-related data such as heart rate, glucose levels, medications, allergies, exercise habits, lifestyle, sexual history, personal notes and other data you create. The term 'PHR' implies you control this type of electronic health record - because its 'personal,' it's yours. But that is simply not true of all PHRs. How much control do you really have? Think twice about who you allow to see, use, or control your most sensitive, personal health records, from DNA to prescriptions. Patient Privacy Rights (PPR) did our best to decode PHR privacy policies and spell out what control you have over your information. PPR makes no recommendations on specific PHRs. The Report Card is our opinion based on the information available on these companies' websites.