Role of the Personal Health Record in the EHR (2010 update) - Retired

Editor's note: This update replaces the July-August 2005 practice brief "The Role of the Personal Health Record in the EHR."

Health information technology will be integral to the US transformation to a safer, more efficient, consumer-driven healthcare system, and the personal health record (PHR) will be a valuable asset to individuals and families, enabling them to integrate and manage their healthcare information through secure, standardized tools. It is imperative that patients, healthcare providers, and payers continue to work together to develop a PHR model.

Background

In September 2002, the Markle Foundation established Connecting for Health, a public-private collaborative whose purpose is to "bring greater visibility and coordination to the many government, provider, and industry efforts to speed up the adoption of electronically connected health information systems."¹ Phase 1 of the project included a recommendation to engage the American public in this endeavor, with a more specific objective of developing PHRs.²

Phase 2 of the collaborative project included the formation of the working group on policies for electronic information sharing between doctors and patients. The working group reported several findings, including:

• PHR development should be accelerated.
• PHRs will help increase consumer health awareness, activation, and safety.
• There is no single pathway to a universal PHR.
• A common data set is a vital starting point.³

AHIMA Initiatives

In 1996, AHIMA's Board of Directors charted the future course of the association and health information practice. As part of the Vision 2006 project, several task forces were established to clarify future roles and skills.⁴ One identified role was the patient information coordinator, a precursor to the role HIM may assume with the PHR. The duties of this role include:

• Ensuring the timely transfer of patient information among healthcare providers
• Showing patients how to manage their personal health histories
• Showing patients how to access computer-based information resources

MyPHR.com

In October 2003, AHIMA launched myPHR (www.myPHR.com), a guide to understanding and managing personal health information for the general public. The site defines a health record, provides instructions on accessing health information and compiling and keeping a PHR, and explains privacy rights. Since its inception, the site has broadened its consumer resources to include healthcare literacy, sample PHRs, and blogs. myPHR also features the most recent and relevant news on health information from a variety of industry sources so that consumers can stay informed on a variety of healthcare issues. The site continues to educate the public regarding PHRs, with 8,800 average visits a month, reaching as high as 11,000 visits in some months.

Consumer Education

In March 2005, AHIMA produced a public education presentation kit titled "Your Personal Health Information: How to Access, Manage, and Protect It." The kit provides HIM leaders with complete materials for an hour-long presentation to the general public. It includes a video, a PowerPoint presentation, a handout, and fliers for advertising the event.

In January 2008, AHIMA launched a new campaign called "It's HI Time, America!" and included national radio and television public service announcements. A documentary focusing on real-life stories aimed at assisting consumers in relating to the necessity of managing their PHRs also was developed. At the same time, AHIMA reorganized the myPHR Web site to offer a comprehensive menu of peer-reviewed PHR information and step-by-step guides for creating a PHR with forms in English and Spanish.

Definition of the PHR

The PHR is an electronic, universally available, lifelong resource of health information needed by individuals to make health decisions. Individuals own and manage the information in the PHR, which comes from healthcare providers and the individual. The PHR is maintained in a secure and private environment, with the individual determining rights of access. The PHR is separate from and does not replace the legal record of any provider.

Attributes of the PHR

An AHIMA 2005 work group developed the following PHR resources, all available online in the AHIMA Body of Knowledge at www.ahima.org:

• A complete description of attributes
• A list of common data elements in a PHR
• Emerging HIM roles and responsibilities with the PHR
• Presentation models for community education

Types of PHRs

The future PHR is an electronic application, as noted in the preceding definition. However, at this time, most individuals maintain their PHRs in one of the following formats.

Paper Based. These are the files that most consumers have around their homes in folders filled with information from doctors, insurance companies, pharmacies, and hospitals. Some have created PHR forms and developed lists of emergency contacts, drug sensitivities, doctors, immunizations, and medications either in written form or on personal computers.

Personal Computer Based. Consumers also store health information on personal computers, typing or scanning information into generic software or specific applications. Desktop-based solutions in general lack the ability to exchange information easily between consumers and healthcare providers (e.g., they do not provide direct Internet access). Healthcare providers do not have direct access to the information contained in the desktop PHR nor the ability to update that information.

Web Based. Other services allow consumers to maintain their information in private online accounts, which they access by logging in with a unique user name and password. Web-based platforms do not require software other than a Web browser. They may include secure e-mail, document sharing, and videoconferencing for home consultations.

In most cases, Web-based solutions provide around-the-clock access to a person's medical information from any Internet-connected device. For that reason, these solutions serve as excellent information sources in an emergency. Consumers or their caregivers have the option to fax information directly into the PHR repository. Examples of this type of PHR are My PersonalMD (www.personalmd.com).

Hybrid Desktop/Web Based. The typical hybrid solution allows individuals to maintain their PHRs on their personal computers and provides an upload facility to a secure Web server. The Web server provides around-the-clock access to the information. The access is primarily read-only, with the update capability restricted to the individual's personal computer. In most cases, individuals are allowed to upload all or part of their medical information as they desire. An example of this type of PHR is SynChart (www.synchart.com).

Portable Devices. "The capabilities of portable devices are expanding rapidly and may lead to a whole new generation of PHR applications," notes Connecting for Health^5. Consumers currently have the ability to store their health information on smart cards, personal digital assistants, mobile phones, and memory devices that plug into personal computers.

In most cases, portable devices are used as an add-on feature to a desktop-, Web-, or hybrid-based PHR application. For example, CapMed offers a proprietary "Personal HealthKey" device (www.capmedphr.com/choose_capmed.asp) that fits on a key chain. Information is downloaded to the device, which when connected to a PC's universal serial bus port automatically launches a program contained in the device and displays the individual's medical information.

2010 Environmental Scan

The PHR is different from an electronic health record (EHR). The PHR is intended to be an electronic lifelong individual record maintained by the consumer. The consumer owns, manages, and documents information within the PHR by obtaining it from multiple healthcare providers. It can include individual specific information such as allergies, family histories, and medications.

An April 2010 survey from the California HealthCare Foundation found that PHR use continues to be low; however, it noted that PHR use doubled in the past two years. The report found that one in 14 Americans say they have used a PHR. Even more important is that consumers with online access to their health information pay more attention to their health.⁶

Widespread adoption, use, and integration of PHRs and EHRs is required in order for the two technologies to reach their fullest potential of positively affecting the healthcare industry. The industry can point to few success stories such as My HealtheVet (www.myhealth.va.gov).

My HealtheVet is the gateway to veterans' health benefits and services deployed by the US Department of Veterans Affairs. Deployed at all VA medical centers across the United States, veterans have access to VA benefits, resources, a personal health journal, and prescription refills. In addition, access to online appointment viewing and limited health record information now is at the fingertips of hundreds of thousands of veterans.

To continue on the path of success, the healthcare industry must continue to support PHR and EHR integration at organizational, state, and federal levels. At these levels, much-needed funding for technology development specific to PHR models and integration can provide incentives for healthcare providers to merge patient information together. Advocating for the education of consumers, providers, and vendors on the short- and long-term goals of PHRs is also essential. Patients are no longer willing to be left out of medical decisions. Navigating the complex healthcare system of primary care providers; referrals to specialists; and the many hospitals, freestanding ambulatory surgery centers, and clinics requires a well-coordinated effort. PHRs can assist patients in being active and educated participants in their healthcare decisions.

Current Privacy Initiatives for PHRs

Personal health information companies such as Google and Microsoft have received plenty of attention in recent years for their Web-based PHRs. Both companies maintain that HIPAA privacy and security rules do not apply to them. In December 2008, the Office for Civil Rights provided guidance on PHRs and the HIPAA privacy rule. At that time, the Office for Civil Rights stated that the only PHRs subject to the privacy rule are those that a covered healthcare provider or health plan offers. PHRs that fall outside the scope of the privacy rule are those offered by an employer (separate from the employer's group health plan) or those made available directly to an individual by a PHR vendor that is not a HIPAA covered entity. 

In February 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. Title IV of ARRA, the Health Information Technology for Economic and Clinical Health (HITECH) Act provided the industry with legislation that affects both personal health information platform companies and PHR companies. On July 14, 2010, the Centers for Medicare and Medicaid Services released a proposed rule that would modify the definition of a business associate. The proposed modifications suggest that the business associate term conform to the "statutory provisions of PSQIA, 42, U.S.C. 299b-21, et seq., and the HITECH Act. In addition, modifications are made for the purpose of clarifying circumstances when a business associate relationship exists and for general clarification of the definition."⁷ These modifications, if finalized, will recognize PHR vendors as business associates.  

In cases in which the PHR vendor and the covered entity have a contractual arrangement primarily to facilitate the transmission of health information into or out of an individual PHR and in which the individual patient has sole control over the information, the PHR is considered to be independent. Furthermore, if the patient can move PHR information from one covered entity to another, the PHR is, again, considered to be independent; the vendor may not be considered a business associate under HIPAA and is thus exempt from the privacy and security rules.

In situations in which the PHR is offered to the patient as a part of the covered entity EHR, health plan's EHR, or patient portal into the covered entity or health plan health record, the vendor may be considered a business associate and, therefore, responsible for meeting all HIPAA privacy and security rules. In this situation, the covered entity or health plan must treat the PHR as an extension of its own EHR, especially if the intent of the PHR is to assist and benefit the covered entity or plan. These relationships support industry conclusions that the PHR does not belong to the patient and, therefore, is not a stand-alone independent PHR. HIPAA recognizes that covered entities contract with outside companies to perform many healthcare-related functions on their behalf using identifiable information. Under the HITECH Act, business associates are now responsible for ensuring that privacy and security rules are followed, and they are subject to enforcement and civil and criminal penalties for noncompliance.  

There is no doubt that the next five years will shine a spotlight on the relationship between PHRs and EHRs. The consumer-driven movements in healthcare, such as PHR adoption, patient portals, and health literacy, will continue to drive EHR adoption. Concurrently, ARRA incentives for adopting health IT and the goal of providing every American with an EHR by 2015 will continue to spur the healthcare industry to adopt new technologies and functionalities designed to improve the state of healthcare delivery. The continued use and integration of PHRs will play a pivotal role in the transformation of healthcare.

Notes

1. Connecting for Health. "Connecting Americans to their Healthcare: Final Report" 2004. Available online at www.connectingforhealth.org/resources/wg_eis_final_report_07 04.pdf.
2. Connecting for Health. "Achieving Electronic Connectivity in Healthcare: A Preliminary Roadmap from the Nation's Public and Private-Sector Healthcare Leaders" 2004. Available online at www.connectingforhealth.org/resources/cfh_aech_roadmap_072004.pdf.
3. Ibid.
4. AHIMA Vision 2006
5. Connecting for Health. "Connecting Americans to their Healthcare."
6. California HealthCare Foundation. "Consumers and Health Information Technology: A National Survey." April 2010. Available online at www.chcf.org/publications/2010/04/consumers-and-health-information-technology-a-national-survey.
7. Department of Health and Human Services. "Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act; Proposed Rule." Federal Register 75, no. 134 (July 14, 2010). Available online at www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/nprmhitech.pdf.