Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

HHS Logo Eagle IconU.S. Department of Health and Human Services

Testimony by C. Peter Waegemann for July 24, 2002 NCVHS Workgroup onNational Health Information Infrastructure Hearing

Testimony

National Committee on Vital and Health Statistics

Regarding

Personal Health Records

C. Peter Waegemann
Executive Director, Medical Records Institute
Chair, Standards Committee ASTM E 31
Former Chair, ASTM Subcommittee on Personal (Consumer) Health Records
Chair, US TAG for ISO TC 215 on Health Informatics
Chair, ISO TC 215 Task Force on Consumer Interests

Chicago, IL, July 24, 2002

Thank you for inviting me to testify. 

Worldwide, there are currently some 10 million personal health records.  The e-Health movement of 1999-2001 brought patient empowerment.  Through the Internet, patients can look up health information on as many as 40,000 web sites worldwide.  One principle of the information society is the recognition that any person should have an interest in his health, rather than leaving matters of health to the medical profession.  This means that a responsible individual should

  • Have a copy of  all of health information ever created about her by all her providers
  • Understand – at least in general terms – the content of her health history
  • Use any resource to learn more about health matters that may affect her
  • Be a partner to the caregiver giver (rather than having a child/parent relationship with the caregiver).

This should not only be for an adult’s own health, but for her his children or his elderly relatives for whom he is responsible.

Five Types of Personal Health Records

There are different types of personal health records. 

1. Off-line Personal Health Records

The idea of a personal health record is not new.  For decades, public health services in many countries have been giving parents of newborn infants a booklet to record early health data.  Millions of parents routinely start a paper-based patient record for their children.  Of course, the vast majority of individuals do not keep the information up to date. 

Also, as adults, some people are interested in their own health records and ask their providers for copies, which they keep in file folders.  And since 1995, commercial software has been available for individuals who want to record their health information on their personal computer.

Of course, these off-line applications are only used by a limited number of people, except the Children’s Health Booklets, which are issued in large numbers, although many are not kept up-to-date or are not continued after the child grows out of infancy.

2. Web-based Commercial/Organizational Personal Health Records

The Internet makes it possible to store one’s health information on a (more or less) secure web page.  This means that accessibility is almost unlimited geographically.  Wherever there is telephone access through a wired or wireless telephone connection, a person can access the information or authorize a practitioner or pharmacist to access certain information from the website of choice.  There are four types of providers of this service:

  • Commercial organizations that derive revenue from sponsors or from data mining
  • Commercial organizations that charge the person a fee for maintaining the information
  • Professional organizations that provide this service to their members or other affiliates (for a fee or as a service bundled with other charges and benefits)
  • Local, regional, or national health organizations that provide this service to specified population groups.

Because this is an immature industry, there is much fluctuation within it.  A number of companies have gone under, and new ones continue to start.  Of interest is the regional trend.  From 1997 to 1999, most of the companies were based in the United States.  In 2001, most providers of this service report that the growth is larger outside of the US, particularly in Europe and Asia.

3. Functional/Purpose-based Personal Health Records

These are web-based personal health record systems that are offered in connection with a related service.  The service may be an interpretation of a health record and/or the legal advice regarding a person’s care situation.  The most common function is that of providing emergency or health services to business people outside the geographic boundaries of their primary healthcare provider.  A typical service may maintain the health record for the purpose of being able to arrange health care in any country in the world, or in order to arrange emergency health care (including helicopter transportation to the nearest provider facility) for a client. 

4. Provider-based Personal Health Records

Increasingly, providers, i.e., hospitals, clinics, and health plans make some of a patient’s health information available on the website.  This service is usually part of the care provided, and there is no charge.  Such information typically includes

Appointment information

In most cases, appointments are posted on the website for patients to look up.  Some providers offer an automated system by which patients can make appointments.  However, in many cases this requires blocks of time reserved for emergency cases and other practitioner needs.

Medication information

Patients can see a listing of their medication(s) with potential links to web information regarding how to use it.  They can check on potential side effects and related information. 

Allergies

It is very helpful to patients to have a listing of their allergies, which can be shared with practitioners.  In a number of cases, when patients see the list of allergies derived from their medical record, corrections can be made, or, allergies can be added that were not obvious beforehand.

Lab Results or other Test Results

Beyond this basic information, providers experiment with posting additional parts of the medical record on a patient-specific and patient-secure website that ultimately can contain most of the medical record information. 

5. Partial Personal Health Records

Some 40,000 web sites have detailed health information for consumers.  Most of the sites get their revenue from data mining and advertising.  In many cases, an individual has provided not only identification but also detailed health information in order to access the information or to benefit from the website.  For instance, a diabetes patient may have to provide detailed health information in order to participate in a website.  This way, patients create a mostly disease-specific partial health record that is usually available to them at the website but may also be used by the website provider for other purposes, such as marketing. 

Each of these personal health records is very different from the “official” provider-based health record.  Except for the records described in (4) above, it is not created by the caregiver or healthcare provider but by the patient herself, or by another organization that is often not related to the care process.  The practitioner community has not always welcomed personal health records.  Some of the more traditional practitioners have indicated some resentment and distrust of these personal health records. 

Issues

  • Privacy, Security and Fairness

Substantial problems have occurred regarding privacy, security, and fairness.  In response to these issues, the ASTM Subcommittee E31.26 has created the standard “Personal (Consumer) Health Record – Specification for the Relationship Between a Person (Consumer) and a Supplier of an Electronic Personal (Consumer) Health Record”.  This standard guide addresses the relationship between a person (consumer), organization, custodian (or other authorized representative) and the managing (storing) organization (such as a web site or other organization). However, personal (consumer) health records that are created by healthcare providers or health plans are not within the scope of this standard.

Quotes from the national standard:

The PCHR Supplier shall disclose its policies for establishing authorization to create, maintain, or access a PCHR for an individual other than the Consumer and its policy for allowing the Consumer to rescind such authorization by clearly identifying:

  • the entity collecting the data (PCHR Supplier);
  • the uses to which the data will be put
  • the recipients of the data
  • the steps taken by the data collector to ensure the confidentiality, integrity, and quality of the data..

The PCHR Supplier shall also identify applicable Consumer rights, including any choice respecting the use of the data, the ability of the Consumer to contest inaccuracies;, the availability of redress for violations of the practice code,, and how such rights can be exercised..

Such a disclosure shall be clearly stated, shall be posted in a prominent location, and shall be readily accessible from both the site's home page and any Web page where information is collected from the Consumer. It gives Consumers meaningful and effective notice of what will happen to the personal information they divulge.

The PHR supplier shall state its policies regarding its sharing and use of information from an individual’s PHR. (e.g. Are there any conditions under which individually identifiable information is made available to or used by third parties?)  PCHR Suppliers shall also state their policies regarding access to the Consumer’s PHCR by others than the Consumer, e.g., how a child’s record is handled when the child reaches the age of majority, and how an individual gains authorization to serve as custodian to a parent’s record when that parent is no longer competent to do so himself or herself.

6.1 Choice/Consent

The PCHR contains both Personal identifier information (PII) and individually identifiable health information (IIHI).  The standard for PII is generally used as opt-out, meaning that a Consumer must specifically request that such information is not shared. 

For IIHI, PCHR Suppliers shall allow Consumers to choose if and how any personally identifiable information collected from them may be used. These choices shall be presented in a manner requiring that the Consumer give specific permission for use of such data. Options for secondary uses of information shall be provided, i.e., uses beyond the PCHR storage and management application. Such secondary uses may be internal, such as placing the Consumer on a sponsor’s or other organization’s mailing list in order to market additional products or promotions, or external, such as the transfer of information to third parties.

  • Correctness

A PCHR Supplier shall provide the Consumer with the ability to access data within the PCHR in order to verify its correctness and/or to contest its accuracy and completeness.  Access policies shall describe the turnaround time related to such requests (time from request to access), shall specify associated charges, and shall include instructions for contesting and correcting inaccurate or incomplete data.

  • Trust and Use

This is a major issue with many providers.  Can a personal health record be trusted?  Would practitioners use it for their decision making?

  • Integration

Integration is a major issue as almost no system allows interaction with provider-based medical records. 

Change in the Personal Health Record Field

With the bursting of the dot com bubble, many organizations providing personal health records went out of business or merged with other companies.  Therefore, it is estimated that the number of personal health records in active use has shrunk from 13 million to a little less than 10 million. 

However, there are some international projects trying to establish continuity of care by a commercial electronic health record service that is based on an integrated personal/provider record.  It remains to be seen whether such organizations will succeed in the future. 

For more information, contact C. Peter Waegemann at peterw@medrecinst.com.