The exact definition of a personal health record (PHR) is still evolving, but personal health records hold the promise to make patients the stewards of their own medical data. PHRs may contain data from payer claims databases, clinician electronic health records, pharmacy dispensing records, commercial laboratory results and patient self-entered data. They may include decision support features, convenience functions such as appointment making/requesting referrals/medication refill workflow, and bill paying. However, most PHRs are not standards-based and few support an easy way to transport records among different PHR products.
The current landscape of PHRs includes four basic models:
Provider Hosted Patient Portal to the clinicians's Electronic Health Record - in this model, patients have access to provider record data from hospitals and clinics via a secure web portal connected to existing clinical information systems. Examples of this approach include MyChart at the Palo Alto Medical Clinic, Patientsite at Beth Israel Deaconess Medical Center, and MyChart at the Cleveland Clinic. The funding for provider-based PHRs is generally from the marketing department since PHRs are a powerful way to recruit and retain patients. Also, the Healthcare Quality Department may fund them to enhance patient safety since PHRs can support medication reconciliation workflows.
Payer Hosted Patient Portal to the payer claims database - in this model, patients have access to administrative claims data such as discharge diagnoses, reimbursed medications, and lab tests ordered. Few payer hosted systems contain actual lab data, but many payers are now working with labs to obtain this data. Additionally, American's Health Insurance Plans (AHIP) are working together to enable the transport of electronic claims data between payers when patients move between plans, enhancing continuity of care. The funding for payer-based PHRs is based on reducing total claims to the payer through enrollment of patients in disease management programs and enhancing coordination of care.
Employer Sponsored - in this model, employees can access their claims data and benefit information via a portal hosted by an independent outsourcing partner. An example of this is the collaborative effort of Pitney Bowes, Wal-Mart, Intel and others to offer Dossia, an open source application which enables patients to retrieve their own data. The funding for employer-based personal health records is based on reducing total healthcare costs to the employer through wellness and coordination of care. A healthy employee is a more productive employee.
Vendor hosted - several vendors are releasing products in 2007-2008 to serve as a secure container for patients to retrieve, store and manipulate their own health records. Microsoft's HealthVault includes uploading and storage of records as well as a health search engine. In a recent New York Times article, Google is reported to be offering similar features in late 2007. The business model for these PHRs is generally based on attracting more users to advertising-based web-sites, although the PHR itself may be ad free.
All of these models will be empowered by data standards for demographics, problem lists, medications, allergies, family history, the genome, labs, and text narrative. The Health Information Technology Standards Panel ( HITSP ) completed an initial set of interoperability specifications for demographics medications, allergies and advanced directives in 2006. In 2007, it completed problem lists, labs, and text narrative over networks and on physical media such as thumb drives and DVDs. In 2008, it will complete family history and the standards required to securely transmit genomic information. These standards will be used as part of Commission on Certification of Health Information Technology ( CCHIT ) certification criteria for electronic health records and personal health records over the next 3 years.
Another aspect of interoperability is interfacing home monitoring devices such as glucometers, scales, blood pressure cuffs and spirometers to personal health records. At present, most patients using these devices must manually type results into PHRs or call them into a provider because of the lack of uniform data standards in devices, EHRs, and PHRs. In 2008, HITSP will identify standards to ensure vital signs and glucose monitoring devices are interoperable. Continua is building a great foundation for this process by working with IEEE, HL7 and other SDOs to identify the most appropriate standards to support device interoperability and to identify gaps in current standards. HITSP and Continua will work collaboratively on standards selection in 2008 and beyond.
Privacy and Security are critical to health data exchanges between PHRs and EHRs. Privacy is the policy which protects confidentiality. Security is the technical means to ensure patient data is released to the right person, for the right reason, at the right time to protect confidentiality. The US currently lacks a uniform private policy for clinical data exchange. Local implementations are high variable and some organizations use opt-in consent, others use opt-out. The personal health record can help address this lack of policy. By placing the patient at the center of healthcare data exchange and empowering the patient to become the steward of their own data, patient confidentiality becomes the personal responsibility of every participating patient. Patients could retrieve their records, apply privacy controls, and then share their data as needed with just those who need to know. Since policies are local, the security standards built into PHRs need to be flexible enough to support significant heterogeneity.
HITSP has selected the security standards for the country which include audit trails, consent management, role-based access control, federated trust, and authentication. Personal Health Record vendors and device manufacturers will be empowered by these standards, which outline best practices for securing patient identified data transmitted between systems. Once patients trust the security of the network used to exchange data, adoption of personal health records and data exchange among payers and providers will marketly increase. Eventually, PHRs could also hold consent information, recorded via the HITSP Consent Management Interoperability Specfication, that can provide an easily queriable source for patient health information exchange preferences.
The evolution of today's paper-based, non-standardized, unstructured text medical record into a fully electronic, vocabulary controlled, structured interoperable document shared among patients and providers will be a journey. Standards are key and recent work in this area now provides the foundation for personal health records. Security technology exists today that is good enough. Early experiences with PHRs demonstrate high patient satisfaction, reduced phone volume to provider offices and less litigation by patients sharing medical decisionmaking with their clinicians. The time to implement PHRs is now and the only barriers are organizational and political, not technological.