Evaluation of Personal Health Records Pilots for Fee-for-Service Medicare Enrollees from South Carolina
Contract No: HHSP23320045020XI
NORC Project #6488
Prepared for:
Ms. Suzie Burke-Bebee
U.S. Department of Health and Human Services
Office of the Secretary
Assistant Secretary for Planning and Evaluation
Prepared by:
NORC at the University of Chicago
4350 East West Highway, Suite 800
Bethesda, MD 20814
Executive Summary
The Office of the Assistant Secretary for Planning and Evaluation (ASPE), in close collaboration with the Centers for Medicare and Medicaid Services (CMS), has contracted with NORC to conduct an evaluation of a pilot demonstration project to introduce Personal Health Records (PHRs) to Medicare fee-for-service (FFS) beneficiaries. The pilot study represents one component of a diverse set of CMS Health Information Technology (HIT) initiatives. This pilot is being implemented in the South Carolina service area by QSSI, an information technology (IT) solutions contractor.
The PHR demo titled ‘My Personal Health Record, South Carolina’ (MyPHRSC) was launched in early 2008. As part of the evaluation of the PHR demo, NORC developed this literature review and environmental scan to explore current definitions of what a PHR is, assess the usability and utility of PHRs, and to identify best practices for developing PHR standards and features.
To date, little work has been done to examine what, if any, assistance may be needed to help elderly and disabled populations use PHRs. Due to the potential of PHR technology to improve health care services, additional insight is needed to identify PHR features and functions that will encourage PHR adoption by consumers. This review is intended to contribute to the overall development of PHRs by providing a current-state, panoramic snapshot of many key aspects of the PHR field. The report will inform policy efforts to identify best practices for developing PHR features and standards that will encourage PHR adoption by consumers–especially FFS Medicare beneficiaries.
Methodology
In compiling this document, NORC used three approaches to gather up-to-date information about PHR development and implementation. First, we conducted a review of the existing published literature, gray literature, and various official government documents. Second, NORC completed discussions with sixteen key informants who are involved with and otherwise knowledgeable about PHR development efforts, product design, standards, and usability/utility (see Appendix B for list of key informants). Finally, NORC submitted a draft of the literature review to a fourteen-member expert panel, and incorporated their comments into the document.
The sixteen individuals who took part in key informant interviews contributed a broadened perspective on how other organizations are currently sponsoring and delivering PHR functionality. Initial key informant interview participants were identified through the use of referrals from key Federal and other contacts. Subsequent interview subjects were identified by asking the initial subjects to recommend individuals who are known for their expertise on PHR development and implementation. Key informant interview participants were asked to share their views about their own PHR efforts as well as current Medicare PHR efforts.
NORC staff considered data from each of these three sources in crafting the analysis in this document. We synthesized and incorporated findings into the literature review and environmental scan through an iterative process of mapping data to the project’s research questions.
Findings
In synthesizing lessons learned from the literature review and key informant discussions, this analysis focuses on issues in four key areas: (1) PHR definitions, attributes and models; (2) consumers and PHRs; (3) standards for PHRs; and (4) potential impacts of PHRs. Select findings of the review are presented below.
While the findings of the report provide a broad current state analysis on the PHR field, to the extent possible the specific needs of the Medicare population have been researched and documented. When developing PHRs for senior citizens such as Medicare FFS Beneficiaries, a number of factors must be taken into account including the demographics of the population, their levels of computer and health literacy, and their predominant health issues. Medicare beneficiaries are more likely to have impaired vision and mobility, as well as other health problems that can impede their use of PHRs.[1] They may also face challenges in reading and comprehending information in PHRs due to levels of literacy and health literacy.
PHR Definitions, Attributes, and Models. Although there has been a groundswell of interest in PHRs, consensus has not yet been reached on a commonly accepted definition of a PHR, and many proposed definitions remain vague. One definition of a PHR, as proposed by the Markle Foundation states: ‘A PHR is an electronic application through which consumers can access, manage and share their health information, and that of others for whom they are authorized, in a private, secure, and confidential environment.’[2]
There has also been significant debate among experts on the different models for PHRs and how they should be structured, what functions they should deliver, or how they can be of greatest use. While a broadly accepted taxonomy of PHR models has not been established thus far, the different ‘flavors’ of PHRs that exist today include:
- Institutional/IDN provider portal
- Populated from claims data
- Individual provider portal
- Untethered–USB, desktop, PDA
- Service oriented
- Population oriented
- Condition oriented
- Health 2.0 sites
- Network/Interconnected PHRs
Given the rapidly evolving PHR market and the entry of organizations like Microsoft and Google, it is likely that the PHR landscape will be dramatically different 5-10 years from now.
While organizations such as American Health Information Management Association (AHIMA) and Office of the National Coordinator for Health Information Technology and the National Alliance for Health Information Technology (ONC-NAHIT) are working to define PHRs in terms of their use, objectives, and ownership rights, other organizations such as the Robert Wood Johnson Foundation (RWJF) have defined criteria for the functional components and platforms of PHRs. In fact, the PHR industry has gone to great lengths to separate a PHR definition from the description and characteristics of functionality and data sources. The National Committee on Vital and Health Statistics (NCVHS) proposed using the term PHR to refer to a health or medical record that includes clinical data, and the term ‘personal health record systems’ (PHR-S) to refer to multi-function tools that include PHRs among a battery of functions.
PHRs may encompass a number of functions, providing consumers with the ability to control their information, manage their health through decision support tools, interact with their health care providers, and authorize access and use of their health information through a designated proxy or care manager.
Findings of this review suggest that consumers have diverse expectations and needs for PHRs. Accordingly, certain health information and supporting features and functions may be more relevant to some users than others. In particular, health status may play a role in the functions that Medicare beneficiaries desire in a PHR. Although only a subset (15%) of community-dwelling, elderly patients require care from a geriatrician or geriatric services, many of those seniors have multiple, chronic conditions. By age 75, the average older adult has between two or three chronic conditions, and some have ten or twelve chronic conditions.[3] Thus the elderly and disabled may require different functions and features of a PHR than other consumers.
PHRs can be customized by offering specific, health-related information modules; providing templates for creating individualized care plans, or by offering a fully specialized PHR. There is no ‘one size fits all’ PHR and it is likely that there will be different flavors of PHRs to support unique user needs. To some extent consumers’ expectations and needs are being met by a variety of organizations including independent software vendors developing stand-alone solutions, providers/Integrated Delivery Networks making available PHRs that are closely tied or tethered to their existing systems, or health insurers or employers offering claims-based PHRs.
Consumers and PHRs. In order for PHRs to gain widespread adoption, consumers must be made aware of the availability and advantages of using PHRs, and they must be taught how to use them. Recent research on public attitudes suggests that although only a small percentage of the population has used a PHR, consumers are interested and willing to use PHRs. Additionally, those with chronic conditions reported the highest interest and most urgent need to use PHRs.
Although consumers express interest in PHRs generally, consumers cite major concerns around the security and confidentiality of information contained in PHRs, and this may affect whether or not consumers decide to use a PHR. However, these concerns vary depending on the PHR sponsor. For example, one study indicated that consumers are more likely to use a PHR if it is recommended by a provider. Although some studies suggest that consumers would be particularly concerned about the security and privacy of an employer-based PHR, others suggest that when financial incentives are provided consumers are significantly more willing to use these PHRs. Consumers also seem to suggest that the convenience of access to their information would outweigh their concerns.
PHRs may be particularly useful for Medicare beneficiaries. Early research indicates that improvements have been observed in care management for various chronically ill and disabled populations that have used PHRs. For chronically ill and disabled patients PHRs assist with medication reminders, better tracking of special diets and enhanced communication with providers. For cognitively impaired patients, PHRs which contain health event reminder functions (such as reminders for health care visits or daily medication regimens) and tracker tools may assist consumers with memory problems. In one study, generally healthy consumers reported forgetting to ask health related questions during provider visits that they had intended to discuss. Thus, PHRs could result in more productive interactions with providers.
State, regional, and national efforts that offer social marketing campaigns to encourage PHR use may help raise awareness of their value. Consumer perspectives must be taken into consideration when defining the attributes of PHRs. NORC’s discussions with PHR experts indicated that a user-centered approach to developing PHRs seeks to align the conceptualization and design of PHRs with consumers’ needs. Taking into account the consumer’s viewpoint will create PHRs that are valuable and easy to use. User-centered designs ensure that consumer perspectives are incorporated into PHRs, greatly impacting their successful adoption and use.
There has been a limited amount of work thus far to measure PHR usability. In addition, usability guidelines specific to PHRs have not been developed and traditional usability theory and existing guidelines have limited applications to PHRs because PHRs vary so widely in terms of configuration and features and functions which they offer. However, web usability guidelines have been written for aged, disabled and limited literacy populations, and these may be helpful in developing PHRs which meet the needs of Medicare beneficiaries.
Today there are no standardized measures for PHR utility. According to experts, potential measures of PHR utility include the number of consumers consistently using their PHR; the number and types of data elements or functions that are accessed and consistently used; and the overall quality improvement of the consumer’s health through PHR use.
Standards for PHRs. Standards (a set of rules that ensure that personal health information can be easily stored, accessed, shared, exchanged, and understood by health care providers, payers, regulators, and consumers[4]) are recognized as the key to realizing the value of PHR technology. Standards provide the basis through which different EHRs, claims and other data sources will be able to populate a PHR.
There are a number of entities involved in developing standards for PHRs and standards are currently available for data transfer, semantic interoperability, security and portability. One key informant suggested that between 70 and 80 percent of the standards developed for EHRs are relevant and potentially transferable to PHRs. Standards for semantic interoperability are becoming increasingly available, as are a number of security standards for authentication, consent, confidentiality, accountability, and non-repudiation. Organizations such as Integrating the Healthcare Enterprise (IHE) and Health Level Seven (HL7) have been, and are continuing to develop portability standards for plan-to-plan transfer of information.
While a number of standards for PHRs have already been developed, there are some important gaps that will need to be addressed to support development and use of PHRs. Currently there is no uniform standard to protect privacy of personal health information stored in a PHR. There are several other gaps in the PHR standards development space, most notably in the following areas: standards for patient-initiated changes to their health information; uniform privacy policies for PHR service providers; standards that address when a consumer’s proxy or care manager accesses, uses, and controls the account holder’s PHR; standards for consumer entered information into PHRs; and definitions of the rights and legal responsibilities of all parties involved with PHRs. PHRs are now being offered by entities that are not covered by HIPAA and are thus not required to comply with HIPAA regulations. Privacy policies and security standards for these entities will need to be developed.
There are also areas of overlap in the standards development area today. These areas include PHR portability standards, conditions and diagnosis standards, and consents standards. Despite the many areas of overlap as well as gaps in standards for PHRs, there are a number of standards organizations that are looking at issues of PHR privacy and security, and interoperability and portability. AHIMA is currently working on a project for ONC-NAHIT to explore the different initiatives and their areas of overlap.
Potential Impacts of PHRs. Findings from key informant discussions suggest that PHRs could have significant implications for providers and the wider health care system. For example, implementers of PHRs will need to carefully consider the optimal process for integration and application of PHRs into the workflow of routine clinical practice. While some providers recognize the potential utility presented by PHRs – particularly in the areas of patient engagement and chronic disease management – others are more resistant to change, and are concerned about the impact on workflow, PHR data accuracy, and lack of reimbursement for PHR-related work. Kaiser Permanente has found that providers are resistant to PHRs before using them, but after having used the PHRs they report positive impacts on relationships with patients, and that their initial fears of things like receiving overwhelming amounts of emails from patients were false. Many providers reported a reduced number of emails from patients with continued use of the PHR. Thus, PHRs may produce benefits for providers such as better communication with patients. Overcoming initial preconceived notions regarding the utility of PHRs may be a significant factor in improving provider adoption of PHRs.
A number of major employers have embraced PHRs and the broader idea of patient access to records and communication channels. Currently, empirical evidence of return on investment, quality improvement and improved efficiency is scant. Nonetheless, many expect that PHRs will positively affect these aspects of the health care system. Numerous experts believe that PHRs will increase patient empowerment, improve medical record keeping, and increase communication between patients and providers. Furthermore, many experts believe that improved medical record keeping as a result of PHR use could lead to reduced health care costs through a reduction in unnecessary hospital visits and tests, and fewer medication errors.
The present PHR evaluation seeks to establish an understanding of PHR utility for Medicare beneficiaries in order to address potential impacts. However, additional PHR implementations and research will be necessary to better understand how providers can effectively incorporate PHR technology into the provision of care, and how PHRs will more broadly impact health care system.
Chapter 1. Introduction
What are Personal Health Records (PHRs)?
Personal Health Records (PHRs) are the focus of widespread interest as a tool for improving consumers’ ability to manage their health and health care interactions in a variety of settings. There exists tremendous diversity in the functions offered by PHRs and there is no universal definition of what constitutes a PHR. One definition as proposed by Markle states that, “ A PHR is an electronic application through which consumers can access, manage and share their health information, and that of others for whom they are authorized, in a private, secure, and confidential environment.”[5]
The vision for and potential of this tool have not crystallized into a solid foundation of understanding about what technical and functional attributes make PHRs easy, attractive, and worthwhile for consumers to use. While PHRs have existed for nearly a decade, consumers have not rushed to start using this new technology and the literature indicates a relatively low level of adoption.[6] Even as the PHR market evolves, many questions remain about what characteristics are most important to ensure their usability and utility; what standards and methods should be used to develop them; and how PHR adoption and integration into consumers’ overall health care experience can be supported.
There is no shortage of commercially available PHR applications-the website of the American Health Information Management Association (AHIMA) offers links to 89 PHR products.[7] These PHRs can vary widely in their characteristics. For instance, PHR applications may differ in the nature of information they contain, features and functions offered, sources of information, locations where information is stored, technical approaches to security, and designation of control over who has access to them.
The concept of PHRs and PHR systems continues to evolve.[8] Additionally the National Alliance for Health Information technology (NAHIT), funded by the Office of the National Coordinator (ONC) is actively working on a PHR definition at the time of this report.[9]
ASPE Evaluation of the CMS Phr Pilot Demonstration
Medicare faces an urgent need to optimize the efficiency, quality, and cost-effectiveness of health care services for its beneficiaries. As the largest provider of health insurance in the U.S., Medicare currently covers over 44 million beneficiaries, and it is anticipated that a massive expansion in the Medicare-eligible population will occur from 2010 to 2025.[10] The Centers for Medicare & Medicaid Services (CMS) thus has a compelling interest in successfully leveraging health information technology (HIT), including the use of electronic health records (EHRs) and PHRs.
To this end, CMS is conducting a pilot demonstration project to introduce PHRs to Medicare fee-for-service (FFS) beneficiaries. The pilot, which represents one component of a diverse portfolio of HIT initiatives, is being implemented in the South Carolina service area by QSSI, an IT solutions contractor selected by CMS. The PHR demo, ‘My Personal Health Record, South Carolina’ (MyPHRSC) was launched in March 2008.
The Office of the Assistant Secretary for Planning and Evaluation (ASPE) has funded an evaluation to assess the usability and utility of the PHR system implemented through the CMS pilot. It is also exploring findings related to PHR standards, design, and development. To carry out the study, ASPE has contracted with the National Opinion Research Center at the University of Chicago (NORC). NORC is gathering and analyzing information from end-users of the PHR (consumers and providers) to learn which features they find most valuable, and is eliciting insights from QSSI and HealthTrio staff about their experiences in designing the PHR.
The Qssi Role in the CMS Phr Pilot Demonstration
QSSI is working with three key vendors and other partners to implement MyPHRSC. Specifically, QSSI has obtained its PHR product from a vendor called HealthTrio. Palmetto GBA is facilitating access to and importing of CMS claims data into the PHR, and IBM is performing general consulting in an advisory capacity related to PHRs. MyPHRSC is designed with three central components: data (which include records of patients’ visits, surgeries and procedures, and medications); tools (which help patients to plan for their health needs and capture important measurements); and security features (which include functions that allow the user to assign permission to access the PHR).
Visitors to the HealthTrio PHR web-based homepage are informed that the PHR is designed to help them gather their medical information in a single location, so that they and others to whom they grant access (e.g. family members or providers) can monitor health-related activities and events, or review and update information as necessary. Instructions guide consumers through the process of filling out a questionnaire about their health; exploring a care plan for their health; adding to their own health record; assigning permissions for others to view the PHR; and subscribing to receive education information about certain health topics.
Purpose of Literature Review/Environmental Scan within the Context of the ASPE Evaluation
As a preliminary step, NORC has conducted a formal literature review and environmental scan to gather, summarize and synthesize existing information relevant to key research questions for the evaluation as a whole (See Appendix A). The findings of the literature review help to define issues to be explored in greater depth during the study’s focus group and observational study components. Specifically, it is being used to develop discussion guides for focus group meetings about PHR feature usability and utility. These focus groups are tentatively scheduled to take place during the summer of 2008. The FFS PHR evaluation will be closely coordinated with an evaluation funded by CMS and Agency for Healthcare Research and Quality (AHRQ).
The CMS/AHRQ PHR evaluation will examine the use, usability, and utility of a Registration Summary/Medication History PHR tool. Seven health plans have integrated these two components into their existing PHRs and offered the PHR to Medicare Managed Care and/or Part D Drug Plan beneficiaries at no cost. Evaluation components for this project include a survey of beneficiaries who have used the PHR and focus groups with beneficiaries who either: 1) have used the PHR more than once; or 2) have decided not to register for the PHR. These focus groups will help identify factors which drive adoption of the PHR, as well as identify features and functions considered easiest to use and most useful for beneficiaries. The CMS/AHRQ evaluation team is regularly involved with the Fee-For-Service evaluation efforts, and both projects benefit from this mutual collaboration. Moreover, the literature review for this evaluation will inform later findings for both PHR evaluations by offering broad perspectives on the current PHR landscape.
Due to the potential of PHR technology to improve health care services, additional insight is needed to identify PHR features and functions that encourage PHR adoption by consumers. This review is intended to contribute to the overall development of PHRs by providing a current-state, panoramic snapshot of many key aspects of the PHR field. It offers an understanding of current knowledge of PHR usability and utility, and identifies best practices for developing PHR features and standards. At a time when PHR adoption is in its early stages, these issues are of great interest.
Chapter 2. Methodology
To gather up-to-date information about PHR development and implementation for this comprehensive literature review we conducted a review of the existing published and unpublished literature, gray literature, and various official government documents. Based on our findings from the literature and through discussions with ASPE and CMS we identified an initial group of key informants who are involved with and otherwise knowledgeable about PHR development efforts, product design, standards, and usability/ utility. We completed discussions with sixteen key informants (see Appendix B). Finally NORC submitted a draft version of the literature review to a fourteen-member expert panel and incorporated their comments into the document.
A complete listing of sources consulted for the literature review is provided in Appendix C. NORC obtained recommendations for relevant materials and information sources by seeking initial guidance from the ASPE Task Order Monitor and key contacts at ASPE, CMS, AHRQ, and other federal agencies and foundations. We also conducted broad searches using the following online resources:
- Google Scholar– A more specialized search engine that focuses on peer-reviewed and other academic literature.
- Lexis Nexis– A search engine that primarily indexes proprietary content, including a range of public and trade periodicals.
- Academic Search Premier– A multi-disciplinary database of academic journal articles, drawing from over 3,700 peer-reviewed publications.
- MEDLINE– A computerized bibliographic retrieval system containing a comprehensive listing of articles in the scientific medical literature.
- HSRProj– A database providing access to ongoing grants and contracts in health services research available through the National Library of Medicine.
- HSTAT– Health Services/ Technology Assessment Text- A searchable collection of large, full-length text clinical practice guidelines, technology assessments, and health information.
- AHRQ National Resource Center for Health IT Knowledge Library– An online comprehensive search engine compiled by NORC and its partners, containing articles and information on topics such as evaluation, economics, and management of information systems.
- HIMSS– The online resources of the Health Information and Management Systems Society
The sixteen individuals who took part in the key informant interviews contributed a broadened perspective on how other organizations are currently sponsoring and delivering PHR functionality. Initial key informant interview participants were identified through the use of referrals from key Federal and other contacts. Subsequent interview subjects were identified by asking the initial participants to recommend other individuals who are known for their expertise on PHR development and implementation. Exhibit 1 summarizes information about the organizations represented in these discussions and specific topics addressed. A sample discussion guide is included in Appendix D.
NORC staff considered each of these three data sources in crafting the analysis presented in this document. Findings were synthesized and incorporated into the document through an iterative process in which NORC collected relevant data, and organized the information into broad categories. These categories were then mapped to the project’s research questions. A detailed outline of themes was developed and revised, ultimately taking the form of the chapters presented in this document. NORC staff outlined each chapter in detail, and revised chapter contents as the literature review and key informant discussions progressed.
--------------->Key Informants Sample of Key Informant Discussion Areas X indicates that the key informant provided information in a discussion area. | Microsoft Corporation | National Cancer Institute | Markle Foundation | Kaiser Permanente | Life-Ledger | AARP | U. of Wisconsin-Madison | Intuit | Veterans Health Admin/ | Consumers Union | IHE | AHIMA | U. of North Carolina | Whatcom HI Network | Dell | Group Health Incorporated |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PHR Application or Platform | ||||||||||||||||
What initiatives are you involved with that are related to PHRs and standards development? | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X |
What have your project’s activities and lessons learned been to date in regards to developing user-centered personal health applications? | X | X | ||||||||||||||
Usability and Utility | ||||||||||||||||
Was any usability testing done when rolling out or developing your PHR product? What type of testing was done? | X | X | X | X | X | X | ||||||||||
What do you consider to be important guidelines for user-centered design and for usability testing? | X | X | X | X | X | X | ||||||||||
How should usability be assessed for CMS’ PHR? Should usability guidelines differ for the Medicare population (elderly and disabled)? | X | X | X | X | X | X | ||||||||||
Have there been usability "lessons learned" from your experience with your PHR that you think might be useful to CMS? What advice would you give to CMS? | X | X | X | X | X | X | X | X | X | X | ||||||
Standards | ||||||||||||||||
What would you say are the key standards development activities related to PHRs with respect to security, privacy, and/or interoperability? | X | X | X | X | X | X | X | X | X | X | X | X | X | |||
Are there any special considerations with respect to privacy and security when using a care-manager? | X | X | X | X | X | |||||||||||
Are there any gaps in the current PHR standards development activities? | X | X | X | X | X | X | X | |||||||||
Development of Best Practices | ||||||||||||||||
How do you see the business model of PHRs evolving over time? Are there other business models for PHRs that would serve as a good model for CMS? | X | X | X | |||||||||||||
What advice would you offer for CMS’ PHR–for now and the future? | X | X | X | X | X | X | ||||||||||
What are the advantages of using a claims-based model for a PHR? Other issues related to claims-based PHRs? | X | X | X | X | X | X | X | X | ||||||||
Consumer Perceptions | ||||||||||||||||
What do you think it will take for people to adopt and use PHRs? | X | X | X | |||||||||||||
For what reasons do consumers decide to enroll in and maintain a personal health record? | X | X | X | X | ||||||||||||
Which features of the PHR do consumers find most helpful? Which do they like the best/ least? Are there functions that are not being used? | X | X | X | X | X | X | X | X | X | |||||||
What kinds of effects do computer literacy and health literacy, and access to technology have on patient use of PHRs? | X | X | X | X | ||||||||||||
Patient-Provider Interactions | ||||||||||||||||
How do PHRs affect the ways in which patients and providers interact? | X | X | ||||||||||||||
Do personal health records affect provider work flow? | X | X | ||||||||||||||
How have providers reacted to the PHR? Have provider attitudes to the PHR changed over time? | X | X | X | X | X | X | ||||||||||
Issues Specific to Elderly and Underserved Populations | ||||||||||||||||
What do you see as the value of a PHR to Medicare beneficiaries? | X | X | X | X | X | X | X | |||||||||
Which features of the PHR are most valuable to the elderly? | X | X | X | X | X | X | X |
Chapter 3. Medicare FFS Beneficiaries and PHRs
There are many challenges inherent to the development, implementation, access and use of high value-add PHRs. When developing PHRs for senior citizens such as Medicare FFS Beneficiaries, a number of additional factors must be taken into account. Key aspects that must be considered include the demographics of this population, their levels of computer and health literacy, and their predominant health issues. The remainder of this chapter addresses the unique aspects of the Medicare FFS Beneficiary population in relation to the use of PHRs.
The Characteristics of Medicare FFS Beneficiaries
The CMS PHR pilot involves Medicare FFS beneficiaries in the South Carolina service area. The Medicare program provides health insurance to individuals who are 65 or older and certain younger disabled persons. In 2002, most Medicare beneficiaries (87 percent) were enrolled in traditional fee-for-service (FFS) Medicare, while others signed up for private health plans that contract to serve Medicare beneficiaries, known as Medicare Advantage plans. [11] Traditional FFS Medicare reimburses physicians a pre-determined amount for each service they provide, based on an established fee schedule. Physicians who ‘accept assignment’ agree to accept Medicare's fee as payment in full.[12]
The demographic characteristics of Medicare FFS beneficiaries should be examined when designing PHR solutions targeted to them. Health knowledge, attitudes, and beliefs for specific subpopulations may also be important to consider. On the whole, the Medicare population tends to be female (56%), white (78%), between the ages of 65 and 84 (67%), in good or fair health (53%), and living with a spouse (44%). Most Medicare beneficiaries live in urban areas (73%), have at least a high school education (69%), and have some form of supplemental insurance coverage (79%). Half have incomes under 200 percent of poverty level, and almost a third of beneficiaries (30%) have no high school diploma. Chronic illness is highly prevalent among members of the Medicare population–especially the elderly. One survey of Medicare beneficiaries indicated that 65 percent of all elderly people had two or more chronic conditions, and 34 percent of seniors reported limitations in mobility or activities of daily living. [13] Another report found that 36 percent of Medicare beneficiaries have three or more chronic conditions.[14]
Barriers to PHR Use among Medicare Beneficiaries
To date, little work has been done to examine what assistance may be needed to help elderly, disabled, and immigrant populations use PHRs. In a recent feasibility study of PHR usage in these populations, factors such as a lack of computer literacy, anxiety about using computers, cognitive and physical impairments, and the lack of health literacy were found to impede PHR use if additional support was not provided.[15]
Distrust may be another significant barrier among underserved populations. A 2007 focus group study found that participants from underserved minority groups expressed distrust of electronic record systems that would require them to store personal health data in computers other than their own or those of their physicians. One alternative they would consider is the use of a ‘smart card’. [16]’§
Medicare beneficiaries are more likely to have impaired vision and mobility, as well as other health problems that can impede their use of PHRs. [17] Changes in vision that occur with age include reductions in the amount of light that reaches the retina, loss of contrast sensitivity, and loss of the ability to detect fine details, all of which makes reading a computer screen difficult. An estimated 21 percent of adults aged 65 years and older have impaired vision.[18]
Medicare beneficiaries may also suffer from arthritis, Parkinson’s disease, and other conditions that reduce fine motor skills and their ability to use a keyboard or mouse.[19] In addition, cognitive impairment as a result of Alzheimer’s, dementia, or seizures may limit their ability to remember their user name and password, or to recall how to use a PHR application’s functions. Thus, whether or not Medicare FFS beneficiaries adopt PHRs and find them to be useful depends as much on systems and graphical user interfaces (computer programs designed to allow users to interact easily with the computer, typically by making choices from menus or groups of icons[20]) as on the data that the PHRs contain.[21]
Low reading literacy and health literacy levels may also be barriers to PHR use among Medicare beneficiaries. Although there has been no published assessment of the reading level of the information contained in PHRs, information on most general websites is far beyond the reading level of most of the population.[22] In addition, many individuals have difficulty reading and comprehending health information. A study of information technology use and literacy found that nearly one of two adults has difficulty understanding information necessary to make basic appropriate health decisions.[23] The 2003 National Assessment of Adult Literacy determined that adults in the study’s oldest age group–65 and older–have lower average health literacy than adults in younger age groups. Among adults ages 65 and older, 59 percent had below basic or basic health literacy, compared with 32 percent of adults ages 40-49 and 28 percent of adults ages 25-39.[24][2]
In addition, content and format of many health-oriented materials and IT applications do not meet the needs of many of the elderly and disabled. Health-oriented website content is often too technical for consumers to understand and may not be relevant to their culture or lifestyle.[25] Consumers may also lack record keeping experience. Standard text format guidelines helpful to a senior citizen user for print and web materials–large font size, white space, appropriate reading level, active use of verbs, clear and short sentences, etc.–are often not followed. PHR computer navigation, scrolling, moving objects and animation, and search functions (particularly difficult for the aged with functional issues) hinder accessibility and use.
The elderly are less likely to have experience using computers, access to the Internet, and broadband connection than those under age 65.[26] Many elderly individuals do not have computers at all,[27] and would need to access their PHR from a public place (e.g., a library, senior center, health care facility). In a study of barriers to PHR use among the elderly, Lober et al. found computer literacy and computer anxiety were two major barriers. (Computer literacy skills were demonstrated when performing tasks such as turning the computer on, using a mouse or keyboard, or logging in. ‘Computer anxiety’ is a term used to describe a lack of willingness to attempt these tasks not due to an apparent physical or cognitive barrier.)[28]
Although the percentage of elderly people who use computers is much lower than among the general population, an increasing number of older adults are accessing the Internet. In 1996, only 2 percent of adults 65 and older were ‘online’; by 2004 that number had risen to 22 percent.[29] Kaiser Permanente, VHA, and Whatcom County have all reported that significant numbers of elderly and disabled members are signing up for and successfully using their PHRs. To entice Medicare beneficiaries to use a PHR, though, the tools must be designed to accommodate their needs.
Chapter 4. PHR Definitions, Attributes and Models
There is a high level of interest in PHRs among both health IT experts and the stakeholders who stand to benefit from their implementation (e.g., consumers, providers, employers, payers, and vendors). New approaches to engaging consumers to become active participants in their own healthcare have influenced the health care industry’s interest in PHRs. For example, the concepts of “consumer-directed care” and “consumer-facing technologies,” have gained popular attention in recent years. Both emphasize empowering consumers to assess their own health care needs, and to make informed choices about what services would best meet those needs.[30]
By offering tools that facilitate information-seeking and record-keeping, PHR applications are able to help consumers take a more proactive role in their healthcare. Due to the efforts of PHR sponsors, vendors, and government and private funders, considerable progress has been made over the past decade in developing valuable PHRs. Yet much work remains to be done to ensure that PHRs are appropriate for and accessible to a wide range of potential users, including elderly and disabled populations and those who lack health and computer literacy skills.
Despite the groundswell of interest in PHRs, general consensus has not yet been reached on how they should be structured, what functions they should deliver, or how they can be of greatest use. No commonly accepted definition of what constitutes a PHR has been developed to date, although the Office of the National Coordinator for Health Information Technology (ONC) is currently developing a standardized definition funded by the National Association for Health Information Technology (NAHIT). This chapter explores the landscape of current knowledge about PHRs, including how they are being defined, what attributes they typically have, and what components (e.g., screen configurations, data elements, and features or functions) are currently being offered. Examples of key PHR models and initiatives are provided.
As noted by Patricia Flatley Brennan, RN, PhD, FAAN (consultant to ASPE for this evaluation) this review takes an approach to PHRs that is largely health care provider-focused. Many PHR case studies offered in this document are described in terms of who ‘owns’ or provides the PHR, and emphasize the PHR as a connection to clinical care providers or claims data services. Brennan has commented that this emphasis is understandable, because health care providers generate data, and the PHR abstracts some subset of that data. While provider-focused PHRs may be typical of those available at the time of this review (Spring 2008), future developments in the field may yield a broader suite of personal health information management tools.
PHR Definitions and Attributes
Consumers have long maintained paper records of health information, such as their medical history or a list of prescribed medications. Yet few have the time, ability, or motivation to keep a paper record up-to-date. It is generally believed that digitalizing consumers’ health records will help to maintain accurate information over time, and that this information will lead to improved health care access, use of services and health outcomes. In recent years, technological advances have increased the options available for maintaining personal records. Consumers have also become more comfortable in using technology. Thus, today’s PHRs are often computer-based. In the future, cell phones, personal digital assistants (PDAs), iPods, and other devices with Internet access may also offer the functionality for hosting full or partial PHRs.
The National Committee on Vital and Health Statistics (NCVHS) concluded that no uniform definition of the term PHR existed in industry or government as of 2006. The committee suggested that PHRs should be characterized by their attributes, including the scope or nature of their contents; source(s) of that information; features and functions offered; the custodian of the record; the storage location of the content; technical approaches to security, and the party designated to authorize access to the information.[31]
While a universal definition of what constitutes a PHR has not yet been adopted, leading organizations continue to work towards creating a standardized definition of PHR elements, methods, scope, desirable features, functions and infrastructural elements. Exhibit 2 below presents two alternative definitions of the term PHR–from the Markle Foundation and the American Health Information Management Association (AHIMA). Although these definitions differ there are commonalities. Each definition suggests that a PHR is an electronic application, accessed and managed by consumers, through which personal health information is maintained and shared in a secure, private, and confidential environment.
ONC-NAHIT, ASTM International (a voluntary standards development organization) and International Organization for Standardization (ISO) have also developed PHR definitions. ONC-NAHIT and ASTM both define PHRs as consumer-controlled, and health records which are payer-controlled are excluded from their PHR definitions.[32] AHIMA and ONC-NAHIT have included data inputs as components of their PHR definitions. Both organizations, along with RWJF, have agreed that the objective of a PHR includes universal availability and lifelong use for the consumer. Although most organizations define PHRs as being interoperable, ISO specifically recommends that PHRs maintain identical architecture to electronic health records (EHRs), which would simplify the often tricky process of providing interoperability between a PHR and an EHR in a particular health care system.
EXHIBIT 2 Alternate Definitions of the Term ‘PHR’
Markle Foundation Definition
An electronic application through which consumers can access, manage and share their health information, and that of others for whom they are authorized, in a private, secure, and confidential environment.Connecting for Health
Some PHRs guide consumers to sources of online health information or disease management programs. Sophisticated PHRs can be targeted to consumers who have specific risk factors or diseases (e.g., obesity, diabetes) and can suggest relevant websites or tools for these patients, or offer web search functions to them. PHRs can also offer access to virtual communities through their portals. These can be particularly useful for patients who have serious or chronic conditions. For example, women with breast cancer may be interested in interacting online with each other to discuss available providers and potential treatment options, and to share the impact of this condition on their personal lives.
Different user populations require tailored functions, depending on their health interests and needs. For beneficiaries over the age of 85 (12 percent of Medicare beneficiaries), an adult, child or other caregiver is more likely to manage the PHR. Similarly, a beneficiary with health problems may want different information and functions than a healthy beneficiary. Customization can be achieved by offering specific information modules, providing individualized plans within a PHR, or by offering specialized PHRs.
The Markle Foundation’s Personal Health Technology Council found that ensuring consumers’ privacy and control over their own records is essential to full consumer acceptance of electronic information exchange and the sharing of PHRs. To guide the development of PHRs, this Council endorsed seven patient and consumer principles intended to ensure that PHRs include the privacy and security functions necessary to alleviate consumers’ concerns about security.[42] The privacy and security principles are as follows:
- Individuals should be able to access their health and medical data conveniently and affordably.
- Individuals should be able to authorize when and with whom their health data are shared.
- Individuals should be able to designate someone else, such as a loved one, to have access to and exercise control over how their records are shared.
- Individuals should receive easily understood information about all the ways that their health data may be used or shared.
- Individuals should be able to review which entities have had access to their personal health data.
- Electronic health data exchanges must protect the integrity, security, privacy, and confidentiality of an individual's information.
- Independent bodies, accountable to the public, should oversee local and nationwide electronic health data exchanges, with no single stakeholder group dominating these oversight bodies.
PHR Models
Exhibit 3 presents a summary of currently available PHR configurations, and the data elements and functions they typically include. It provides an overview of the characteristics of each of these configurations, their advantages and disadvantages, and sponsors. For additional detail on key PHR initiatives, an overview of nine current efforts is provided in Appendix E. Various PHR configurations include:
- Institutional/IDN provider portal
- Populated from claims data
- Individual provider portal
- Untethered–USB, desktop, PDA
- Service oriented
- Population oriented
- Condition oriented
- Health 2.0 sites
- Network/Interconnected PHRs
Exhibit 3 below provides a more detailed overview of each of these PHR configurations:
Integrating the Healthcare Enterprise’s Work on Privacy and Security Issues
Integrating the Healthcare Enterprise (IHE), an initiative designed to improve electronic health care information sharing, has done work in the areas of privacy and security. First, IHE has addressed the encryption of information and audit trails for information to maintain privacy.
Second, IHE has worked on the Basic Patient Privacy Consent (BPPC). The BPPC was implemented as a trial, further refined, and adopted by HITSP in 2007. The BPPC is proposed as the first step for consent management. IHE has tried to devise the BPPC to maintain patient control over the PHR, and enable patients to handle consent issues in multiple ways.
Third, IHE has addressed user authentication issues through the Cross-Enterprise User Assertion (XUA). User authentication or user assertion ensures that it is possible to assert who users are when they try to access the PHR. The XUA work is fairly recent and has been adopted by HITSP. It provides the foundation to convey basic roles for user assertion.
The final area that IHE has been working on related to privacy and security is digital signatures for documents.
Challenges Associated with Developing Security Standards
One of the greatest challenges to developing security standards for PHRs is deciding how much access, use, and control consumers should have over their personal health information. According to Donald Mon, Ph.D., Vice President of Practice Leadership at AHIMA, there is less clarity with respect to standards for PHRs because there is not a broadly accepted policy about how much access, use and control a consumer should have over their PHR. Dr. Mon also noted that while there are prescribed legal procedures for EHRs with respect to documenting information, the same is not true for PHRs. For example, the EHR is a legal record for business and disclosure purposes; rather, deletions are marked as erroneous and amendment can be added.
According to Donald Mon, Ph.D., the industry cannot encumber the consumer with responsibility to maintain a legal record on the clinical side. However, there is no clear answer as to how much control consumers should over the information within their PHR. When developing the PHR-S functional model, the HL7 work group – composed of vendors, consumer advocates, and clinicians – discussed consumer access to and control of information. Vendors in the work group stated that consumers would like the ability to remove information from their PHRs. However, other experts have stated that presenting an incomplete PHR to a clinician will have serious consequences from both a health information exchange standpoint and a clinical standpoint.
One solution offered by the HL7 work group was to flag information that has been deleted or changed within a PHR to alert the clinician. The HL7 PHR-S functional model has a criterion that a flag must indicate that some information in the record has been modified, which communicates important information to the provider. While the flag does not disclose what information has been deleted, it will serve as a reminder to the clinician that information has been deleted, so that the clinician can have an informed conversation with the patient. According to Donald Mon, Ph.D., regardless of whether the flag method proposed by the HL7 work group becomes a law or a best practice, it is necessary to make a policy decision first, and then implement from a technical perspective: ‘After we deal with the social and ethical issues, we can then figure out how to deal with [these issues] within the context of a PHR.’
Security Considerations for People Who Have a Care Manager
For the frail, aged, or disabled, a care manager may be responsible for coordinating health care visits; scheduling appointments, tests, and consultations; transporting the patient to and from the provider; and potentially even assisting in the patient’s admission to different health care facilities.[184] There are several security considerations related to designing a PHR that enables the account holder (the person whose information is embedded in the PHR) to assign his/her care manager as a proxy to the PHR.
While some consumers may be comfortable with authorizing their proxy to have full access to view their entire PHR, others prefer that their proxy or care-manager have access to only certain aspects of their record (e.g., physician information, medications, emergency information, final plans, etc). Vendors are providing account holders with the ability to assign field-by-field access controls to each proxy. For example, in the case of the LifeLedger – a PHR-like product which enables a care-manager to manage an aged individual’s health information – the PHR account holder may assign the care manager (or any number of proxies) three degrees of access: ‘none;’ ‘read only’ or ‘read/write’ to each individual page. As a result, the account holder can control what pages the proxy does or does not see, and whether the proxy can amend information in the PHR. Other vendors address this issue in a slightly different way, providing the account holder with the ability to hide specific sub-sections or elements of the PHR, such as one particular health encounter, from the care-manager or proxy.
The HL7 PHR-S functional model is addressing the issue of proxies via the requirement that vendors must give the account holder the ability to determine what information is available to an authorized account holder of the PHR information.[185] While PHR-S indicates that the account holder should be able to authorize the proxy to update information within the PHR, it does not state how to implement the authorization. PHR-S also says that ‘account-holders should have the ability to mask data on a selective, record, field-by-field, or class basis as one aspect of controlling access to personal health data.’ [186]
According to Donald Mon, Ph.D., from a technical standpoint, it is not particularly complicated for a software vendor to implement a PHR where the proxy has access to all or none of the account holder’s information. However, from a vendor’s perspective, it is more technically challenging to implement a PHR whereby the proxy has granular access to only parts or specific sub-sections of the PHR.
Do consumers want the ability to assign varying levels of control and read/write access to their proxies or care-manager? David Lansky, Ph.D., suggest consumers are highly segmented in terms of their desire to employ access controls. The expert noted that while some users want to restrict access to providers and other parties by utilizing detailed access controls, between 60 and 80% of consumers would prefer not to navigate the access and consents processes.
Gaps in Security Standards
Currently, there are several critical gaps in PHR security standards:
Authentication practices. While the PHR community broadly accepts that it is necessary for the account holder to be able to authenticate himself/herself to the PHR, there is not a broadly accepted standard for authentication. According to an expert on the PHR-S model, clarifying standards related to authentication is an important and necessary step for the industry.
- Authorization practices. Security standards need to be developed for authorizing a care-manager or proxy to have access to and control over health information in the PHR.
- Audit practices. The National Committee on Vital and Health Statistics recommends that PHR standards enable consumers to audit who has accessed their personal health information.
- Data Access. The industry needs to come to a consensus about ‘blinding’ data or restricting access to subsets of information within the PHR.
- Emergency Override Practices. The industry needs to develop a standard practice for overriding authentication practices in the case of a medical emergency.
PHR Privacy Policies and Standards
Privacy of personal health information is a key concern for consumers of PHRs. A 2005 survey conducted by CHCF in collaboration with Forrester Researcher found that two-thirds of the sample of 2,000 consumers (1,000 nationally and 1,000 in California) said they were ‘very concerned’ (36%) or ‘somewhat concerned’ (31%) about the privacy of their health records.[187] Research also suggests that consumers are concerned about the types of information collected and entered into the PHR; how the information is handled internally; and whether and how the information is provided to any external entities.[188] Clearly there is a need for privacy standards and privacy policies for PHRs. However, there is not yet a consensus among PHR service providers about the specific elements that should be in all PHR privacy policies. [189] Experts have attested that the widespread adoption of PHRs will largely be a function of public confidence and trust that personal health information will be adequately protected.[190]
This section addresses privacy issues related to PHRs. First, we discuss privacy standards and issues related to privacy with respect to personal health information stored in PHRs. Then we present an overview of several PHR privacy policies under development. It is important to note that the privacy standards section and the security standards section are highly related, as many aspects of privacy are entwined with security issues.
Challenges Associated with Developing Privacy Standards for PHRs
There are a number of challenges associated with developing privacy standards for PHRs. In this section, we discuss the following challenges:
- There are no statutes or standards that define PHR service providers’ legal responsibilities.
- Consumers are misinformed about their privacy rights with respect to personal health information under HIPAA.
- Privacy standards for employer-provided PHRs will need to be considered, especially since HIPAA does not cover some employers.
- PHR vendors or third parties that are not covered by HIPAA do not need to notify consumers of their privacy policies and practices related to secondary uses of personal health information. As a result, consumers may be unaware that their personal health information is being used and disclosed to other entities in the U.S. or abroad for secondary.
- States have different laws governing privacy and security of personal health information.
- Privacy standards must balance the needs for privacy and confidentiality, with the need to maintain an accurate medical record.
The first key challenge associated with developing a privacy standard for PHRs is defining the legal responsibilities of PHR service providers, given that they are non-covered entities under the Health Insurance Portability and Accountability Act (HIPAA). The National Committee on Vital and Health Statistics (NCVHS) at the Department of Health and Human Services (DHHS) concluded that there are no statutes or standards that define PHR service providers’ legal responsibilities.
Under HIPAA, ‘covered entities’ are asked to provide consumers with information about their privacy policies and practices. Covered entities include health plans, health care clearinghouses, and health care providers that engage in electronic transactions for which HIPAA standards have been adopted.[191] Entities such as PHR vendors, employers, certain types of insurers, providers that do not engage in electronic transactions for which HIPAA standards have been adopted, and third-party data warehouses are all not covered by HIPAA, and thus not required to comply with HIPAA regulations.[192] Privacy policies will need to clearly outline whether the PHR vendor is covered by the HIPAA privacy policy.
A second challenge is that research suggests that consumers are misinformed about their privacy rights with respect to personal health information under HIPAA.[4] For example, when PHR vendors state that they are ‘compliant with HIPAA’ this does not mean that they are ‘covered under HIPAA’. This is an important distinction that consumers may not understand.[193] Such a distinction may be confusing, and further necessitates the development of a PHR privacy policy and privacy standards, more generally.
A third issue is that HIPAA does not cover some employers, and thus, privacy standards for employer-provided PHRs will also need to be considered. HIPAA does not consider employers who collect information directly from employees (e.g., for a pre-employment physical, job application, or via an employee assistance or wellness program) to be ‘covered entities.’[194] Given that PHRs are being developed by certain employers and other entities that are not covered by the HIPAA privacy rule, privacy standards will need to be developed with respect to the use and disclosure of personal health information within employer-provided PHRs. A 2007 CHCF issue brief concluded that employers will need to develop standards that ‘at a minimum address privacy, security, and confidentiality of PHRs.’[195]
A fourth challenge is that non-covered entities, such as PHR vendors, do not need to notify consumers of their privacy policies and practices (e.g., secondary uses of data for other purposes, such as marketing, population health purposes, other purposes) with respect to personal health information.[196] The NCVHS concluded that: ‘The Committee is unaware of any requirement that compels PHR vendors not covered by HIPAA to provide to consumers the terms and conditions governing the privacy of their personal data.’[197] Thus, consumers may be unaware that their personal health information is being used and disclosed to other entities in the U.S. or abroad for secondary purposes. This is a major concern for consumers with a PHR service provider that involves an outside business partner like a third party data warehouse. Lecker et al. (2007) studied PHR privacy policies for the Department of Health and Human Services and found that only 3% (one in 30) of PHR privacy policies indicated that consumers needed to explicitly consent before the PHR vendor could share the data in their PHRs.[198] None of the privacy policies studied identified the PHR vendor’s third party partners. This study demonstrates that even though consumers have not given explicit consent to share their personal health information with a third party or for other purposes such as marketing, consumers may still be at risk due to the construct of the PHR vendor’s privacy policy. [199]
A fifth challenge is that states have different laws governing privacy and security of personal health information, and consumers may not be aware of their rights. For example, while California has stringent privacy and security laws governing the use of personal health information that are layered on top of the HIPAA privacy rule, other states have more limited regulations.[200] A February 2008 issue brief by CHCF explored the issue of consumer control over personal health information, and determined that the current legal system ‘falls short as a viable legal framework for health information custodians,’ such as PHRs.[201] Existing federal and state laws will need to be considered when developing PHR privacy standards.
A final key challenge associated with developing a privacy policy for PHRs is balancing the need for consumer privacy and confidentiality, with the need for an accurate medical record. Experts have debated the issues of access and control from a privacy standpoint. What degree of control should consumers have over the information in their PHR? Some believe that account holders should have the ability to prevent access to certain aspects of the record or ‘blind’ sensitive information within the PHR. Others are concerned about enabling consumers to blind or delete health information, as omissions may lead to deleterious clinical implications.
In June 2006, NCVHS released its report titled Privacy and Confidentiality in the Nationwide Health Information Network, which includes recommendations on consumer rights over their personal health information and also covers a host of other issues ranging from regulatory issues to recommendations for maintaining and establishing the public trust.[202] These recommendations were presented to the U.S. Secretary of Health, Michael O. Levitt. The NCVHS recommended that consumers should have a limited right to control their personal health information electronically:
Giving individuals unlimited control is one way to empower them. On the other hand, if individuals had unfettered control, health care providers would likely place less confidence in the accuracy and completeness of their records….For these reasons, if individuals are given the right to control access to their records, the right should be limited.[203]
NCVHS was not prescriptive about the best method to institute limited individual control over health records. NCVHS continues to work on furthering these recommendations. In June 2007, the NCVHS Subcommittee on Privacy and Confidentiality Working Group discussed privacy issues and other issues related to consumer control over PHRs in a working session held in Washington, D.C.[204]
Specifically, the group addressed privacy of health information within the context of the CCR and CCD. [205] The Committee discussed the merits of masking certain types of data in the CCR or CCD, and the implications of transferring masked data from one provider to another. For example, should certain types of drugs (e.g., mental health drugs) or genetic information (e.g., family history of Huntington’s disease) be masked to protect the account holder’s privacy? One member of the Committee was particularly concerned about the social and ethic ramifications of blinding/masking mental health or genetic information: ‘By treating mental illness separately [and] by treating genetic disorders separately, we may be further contributing to the stigmatization of these conditions and putting into the future the time when there will be no difference between mental illness and other illnesses and so forth.’[206]
The Subcommittee did not come to a consensus on a privacy standard for PHRs. Specifically, the Committee concluded that it would be optimal to wait for Congress’s definition of ‘genetic information’ under the Genetic Information Nondiscrimination Act (GINA). A Congressionally mandated definition of genetic information could dictate whether and what type of genetic information can/should be masked in a CCR or CCD. Despite these challenges, deciding upon the principles and components of a privacy policy for PHR service providers is a critical and necessary step to ensuring consumers and PHR service providers under their rights and responsibilities.
Recommendations for PHR Privacy Standards
The NCVHS made several recommendations for the development of PHR privacy standards. [207] First, standards should be developed to ensure that consumers are always notified of secondary uses of data in PHRs. NCVHS specifically recommended that if HHS or another agency intends to use CMS data in PHRs, then there should be a requirement which ensure that those PHR systems provide notice to consumers of the uses of personally identifiable information. Second, privacy standards for PHRs should be developed within the context of the National Health Information Network (NHIN). Third, consumers should be educated about their rights with respect to privacy and personal health information stored in PHRs. Fourth, if individuals are granted control over the specific content within their health records, that control should be limited by specific factors such as the individuals’ age, treatment/condition, and/or type of provider.[208] Finally, the NCVHS recommended that third party vendors, or other entities not covered by HIPAA, adopt their own privacy policies that are at least equal to those outlined in HIPAA.[209]
Additional recommendations for a PHR privacy policy were developed by Altarum, a non-profit research institute, in early 2007. Altarum was contracted by the Office of the National Coordinator for Health Information Technology (ONC), in support of the American Health Information Community (AHIC) Consumer Empowerment (CE) Workgroup, to review existing privacy policies for PHRS and make recommendations.[210] Recommendations for characteristics of a PHR privacy policy included:
- Policy must be required for all PHR vendors;
- Policy must be transparent on secondary data uses;
- PHR vendor must disclose business relationships relating to “handling, processing, data mining, or other management of PHR data” to consumers;
- Policy must provide information about the relationship between the PHR service provider’s policies to HIPAA; and
- Policy must be written at a 6th grade reading level and include a glossary of technical terms used.Key:
X=Primary
O=SupplementaryLiterature Review and Environmental Scan Expert Panel Pre Focus Group Activities Focus Groups Observational Studies (Optional Task 7) Published Literature Unpublished and Online Materials Key Information Discussions Expert Panel Kickoff meeting Expert Panel Teleconferences Structured Interviews: Plans Structured Interviews: Vendors Analysis of Claims and Usage data Providers Plans Beneficiaries Vendors Beneficiaries and Related Stakeholders ANALYSIS OF CURRENT STATE OF KNOWLEDGE What is currently known regarding PHR usability? X X O O O What is currently known regarding PHR utility? X X O O O What is known regarding best practices on PHR development? X X O O O What are known issues/perceptions related to PHR use and adoption? X X O O What is the impact of PHR use and adoption? X X O O O EVALUATION FINDINGS Usability How effectively can stakeholders use the PHR to obtain the information of interest to them? O O O X X O X X X X What appearance, design, and visual treatment options would increase usability (including for Section 508 compliance)? O O O O X O X X X X What screen elements are confusing or difficult to use? O O O O X O X X X X Utility What key information should the PHR contain? O X O X X X O X What are the key features the PHR should include? O X O X X X O X How accessible is the information in the PHR? O X O X X X O X What features contribute to user frustration? O X O X X X O X Best Practices for Development What is optimal for determining requirements–are stakeholder input, expert review, or established guidelines utilized? O O O O O O O X O O X O What is the best process for design, development, and implementation? O O O O O O O X O O X O What usability testing and evaluative methods should be employed to gauge system? O O O O O O X O O X O What is optimal for determining requirements–are stakeholder input, expert review, or established guidelines utilized? O X O X X X O O What are the key standards that need to be adhered to when developing PHRs? X X O X X X O What are the key EHR/PHR interoperability requirements? X X O X X X O X X Issues / Concerns How accurate/reliable is the system? O O O O O X O O X X X How secure/private is the system, and are these issues understood by users? O O O O X O O X X X What implications does PHR use have on providers? O O O O X O O X X X Impacts How do PHRs affect patient-provider interactions? O O O X O X O O X X X How do PHRs affect patient self-care and self-management? O O O O X O O X X X Appendix B. Key Informant Interview Participants
Key Informant Interview Participants
Expert Organization Gary Marchionini University of North Carolina Jan Oldenburg Kaiser Permanente Rashida Fleming Veterans Administration (myHealtheVet) Patti Brennan Project HealthDesign; University of Wisconsin Brad Hesse National Cancer Institute Steve Findlay Consumers Union Don Mon American Health Information Management Association Joyce Dubow AARP Lori Nichols Whatcom Health Information Network Tre McCalister Dell Bill Farnsworth Microsoft Health Vault Stefanie Fenton Intuit George Scriban Microsoft Health Vault David Epstein IBM/Cap Med John Boden LifeLedger Charles Parisot Integrating the Health Enterprise David Lansky Markle Foundation Karen Smith Hagman GHI Appendix C. Bibliography
- The Markle Foundation, http://www.markle.org.
- www.thefreedictionary.com/utility.
- AHIMA, http://www.myphr.com/resources/index.asp.
- Merriam Webster Online Dictionary, http://www.merriam-webster.com/dictionary.
- American Health Informatics Management Association, http://www.ahima.org.
- AHIMA, http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_027539.hcsp?dDocName=bok1_027539.
- K. Ackerman. "Early Employer Efforts to Shape Future Health It Initiatives." I Health Beat (2007), www.ihealthbeat.org.
- "Aetna: Nearly Two-Thirds of Americans Are Not Familiar with Personal Health Records, a Resource Available to Millions of Consumers." Biotech Week, August 1 2007.
- R. Agarwal, and C. M. Angst. "Technology-Enabled Transformations in Us Health Care: Early Findings on Personal Health Records and Individual Use." In Human-Computer Interaction and Management Information Systems: Applications, edited by Dennis Galletta and Ping Zhang. Armonk, NY, 2006.
- AHIMA e-HIM Personal Health Record Work Group. "The Role of the Personal Health Record in the EHR." Journal of AHIMA 76, no. 7 (2005): 64A-D.
- B. Albright. "Prepping for PHRs. The Growing Trend of Consumer Empowerment Includes the Speedy Rise of Personal Health Records." Healthcare Informatics 2007, 44-46.
- "The American National Standards Process." The American National Standards Institute, http://www.ansi.org. .
- "Americans Support Online Personal Health Records; Patient Privacy and Control Are Crucial to Acceptance." Markle Foundation, http://www.markle.org/resources/press_center/press_releases/2005/press_release_10112005.php.
- C.M. Angst, Agarwal, R., Downing, J. "An Empirical Examination of the Importance of Defining the PHR for Research and for Practice." Robert H. Smith School of Business, Working Paper No. RHS-06-011.
- "Annual Report of the Boards of Trustees of the Federal Hospital Insurance and Federal Supplementary Medical Insurance Trust Funds." edited by Department of Health and Human Services. Washington, DC: Boards of Trustees of the Federal Hospital Insurance and Federal Supplementary Medical Insurance Trust Funds, 2008.
- "Astm E2211-02 Standard Specification for Relationship between a Person (Consumer) and a Supplier of an Electronic Personal (Consumer) Health Record." ASTM, http://www.astm.org/Standards/E2211.htm.
- L. Nancy Atkinson, A. Holly Massett, Christy Mylks, Bethany Hanna, Jo Mary Deering, and W. Bradford Hesse. "User-Centered Research on Breast Cancer Patient Needs and Preferences of an Internet-Based Clinical Trial Matching System." J Med Internet Res 9, no. 2 (2007): e13.
- Attitudes of Americans Regarding Personal Health Records and Nationwide Electronic Health Information Exchange. Edited by Public Opinion Strategies: Markle Foundation, 2005.
- "Attitudes of Americans Regarding Personal Health Records and Nationwide Electronic Health Information Exchange: Key Findings from Two Surveys of Americans." Markle Foundation, http://www.phrconference.org/assets/research_release_101105.pdf.
- M. J. Ball, and J. Gold. "Banking on Health: Personal Records and Information Exchange." Journal of Healthcare Information Management 20, no. 2 (2006): 71-83.
- F. Bazzoli. "Continuity of Care Standards Reach Milestone." Healthcare IT News, http://www.healthcareitnews.com.
- R. Benoit. "PDF-H: The “Safe Deposit Box” for Personal Healthcare Data." Intel, http:// http://www.niphysiciansforconnectivity.org.
- William Bernstein, Julie Murchinson, Melinda Dutton, Terry Keville, Robert Belfort, and Manatt Health Solutions. "Whose Data Is It Anyway? Expanding Consumer Control over Personal Health Information." In Issue Brief, edited by California Health Care Foundation: California Health Care Foundation, 2008.
- "Best Practices for Employers Offering Personal Health Records (PHRs)." Health Privacy Project and the California Health Care Foundation, 2007.
- M.B. Bloche. "Consumer-Directed Health Care." New England Journal of Medicine 355, no. 7 (2006): 1756-59.
- C. Bocchino. "AHIC Testimony." American Health Information Community, Consumer Empowerment Subgroup 2006.
- John Boden. December 3 2007.
- –––. December 3 2007.
- E; Manning Boehm, H; McInnes, A; Melnikova, O. "PHRs: From Evolution to Revolution. A Health Plan Guide to Navigating the Personal Health Record Market." Forrester Research, 2007.
- K.W. Boone. "Patient Controlled Health Information Infrastructure." GE Healthcare, http://www.pchri.org/2006/presentations/pchri2006_boone.pdf.
- "Boston’s Caregroup Hospitals Pioneer the Web-Based Patient Portal." Canadian Healthcare Technology, . http://www.intersystems.com/cache/analysts/CHT_May2005.pdf.
- Patricia Flatley Brennan. "Discussion." (2007).
- Patricia Flatley Brennan, Stephen Downs, Gail Casper, and Daniel Kenron. "Project Healthdesign: Stimulating the Next Generation of Personal Health Records." AMIA Annual Symposium Proceedings (2007): 70-74.
- B. Bright. "Benefits of Electronic Health Records Seen as Outweighing Privacy Risks." Wall Street Journal, November 28 2007.
- C. Broder. "Insurers Plan Interoperable PHRs." Healthcare IT News, http://www.healthcareitnews.com.
- Cynthia Burghard. "Truth and Fiction of Personal Health Management Tools." Gartner Research, 2006.
- J. Burrington-Brown, Friedman, B. "Educating the Public About Personal Health Records." Health Care Policy Report Health Care Policy Report Journal of AHIMA 77 (2005): 94-95.
- S.O. Carsten, Nienke, P.D., Smith, C.A. "Mother Knows Best: Medical Record Management for Patients with Spina Bifida During the Transition from Pediatric to Adult Care." AMIA 2005 Annual Symposium Proceedings (2005): 580-84.
- A. Civan, M. M. Skeels, A. Stolyar, and W. Pratt. "Personal Health Information Management: Consumers’ Perspectives." AMIA Annu Symp Proc 156 (2006): 60.
- J. Conn. "Ccd Standard up for a Vote." Modern Healthcare, http://www.modernhealthcare.com.
- –––. "Standards Rivals’ Collaboration Could Have Major Impact." EMR Advice, http://www.emradvice.wordpress.com.
- "Connecting Americans to Their Health Care: A Common Framework for Networked Personal Health Information." In The Connecting for Health Common Framework: Markle Foundation, 2006.
- "Connecting for Health." Markle Foundation, Personal Health Working Group, Final Report, 2003.
- "Connecting for Health." The Markle Foundation, http://www.connectingforhealth.org. .
- "Defining Key Health Information Technology Terms." In Draft Report prepared for the 2nd public comment period, edited by The Records Workgroup: Office of the National Coordinator funded by the National Alliance for Health Information Technology, 2008.
- Lorraine Doo. "Registration Summary & Medication History - a Personal Health Record (PHR) Pilot for Medicare Beneficiaries." December 5 2007.
- Joyce DuBow. December 10 2007.
- Charles B. Eaton, and David K. Ahern. Integration of EMR/PHR and Patient Portal with Decision Support, 2007. PowerPoint presentation.
- "EHR-S Fm and EHR/Im Package." Health Level Seven, http://www.hl7.org/ehr/downloads/index_2007.asp.
- J. Eichner, Dullabh, P. "Accessible Health Information Technology (Health It) for Populations with Limited Literacy: A Guide for Developers and Purchasers of Health It." In Agency for Healthcare and Research Quality. Rockville, MD, 2007.
- S. Emmer, and J. Horvath. "American Geriatrics Society (Ags)." Geriatric medicine: a clinical imperative for an aging population. New York: AGS, Association of Directors of Geriatric Academic Programs (2004).
- "Essential Similarities and Differences between the HL7 Cda/Crs and Astm Ccr." American Academy of Family Physician's Center for Health Information Technology, 2005.
- S. Fenton. December 12 2007.
- –––. "Quicken for Healthcare Briefing for Consumer Empowerment Workgroup." Department of Health and Human Services, 2006.
- J. Ferranti, C. Musser, et al. . "The Clinical Document Architecture and the Continuity of Care Record: A Critical Analysis." Journal of the American Medical Informatics Association 13, no. 3 (2006): 245-52.
- "Final Report." The Markle Foundation Personal Health Working Group, 2003.
- Steve Findlay. November 26 2007.
- Rashida Fleming. "Myhealthevet Discussion." (2007).
- –––. December 12 2007.
- S. Fox. "Older Americans and the Internet: ." Pew Internet and American Life Project, 2004.
- L. Frieden. "Consumer-Directed Health Care: How Well Does It Work?" In National Council on Disability, 2004.
- L. Gallagher. "Privacy and Security Issues for PHRs. ." Health Information and Management Systems Society, http://www.himss.org/content/files/PHRPrivSecCOO-LGV1.0.pdf.
- Terhilda Garrido, Brian Raymond, Laura Jamieson, Louise Liang, and Andrew Wiesenthal. "Making the Business Case for Hospital Information Systems--a Kaiser Permanente Investment Decision." Journal of Health Care Finance 31, no. 2 (2004): 16-25.
- Christopher J. Gearon. "Perspectives on the Future of Personal Health Records." California HealthCare Foundation, 2007.
- Robert Gellman. "Personal Health Records: Why Many PHRs Threaten Privacy." The World Privacy Forum, 2008.
- Janlori Goldman. "Personal Health Records: Employers Proceed with Caution ": California HealthCare Foundation, 2007.
- Google. "Cleveland Clinic to Test Google Health." http://googlesystem.blogspot.com/2008/02/cleveland-clinic-to-pilot-goog….
- David H. Gustafson, Fiona M. McTavish, William Stengle, Denise Ballard, Robert Hawkins, Bret R. Shaw, Ellen Jones, Karen Julesberg, Helene McDowell, Wei Chih Chen, Kanittha Volrahongchai, and Gina Landucci. "Use and Impact of Ehealth System by Low-Income Women with Breast Cancer." Journal of Health Communication 10 (2005): 195-218.
- R.A. Guth. "Microsoft’s Health Push Faces Obstacles." Wall Street Journal, October 5 2007, B3.
- "Harris Interactive Survey." 2004.
- "Health Literacy: A Prescription to End Confusion." In Institute of Medicine Committee on Health Literacy, edited by Panzer Nielsen-Bohlman L, AM, and Kindig DA, editors. Washington, DC: The National Academic Press, 2004.
- "Healthcare Policy Report." edited by Bureau of National Affairs, 655, 2006.
- B. W. Hesse, and B. Shneiderman. "Ehealth Research from the User’s Perspective." American Journal of Preventive Medicine 32, no. 5S (2007): 97-103.
- Kevin Heubusch. "Piecing Together the PHR." Journal of AHIMA 78 (2007): 4.
- "HIMSS Personal Health Records Definition and Position Statement." Healthcare Information Management and Systems Society (HIMSS), 2007.
- "HITSP Consumer Access to Clinical Information Use Case Requirements, Design and Standards Selection." Consumer Empowerment Technical Committee, http://publicaa.ansi.org
- "HITSP Document Reliable Interchange Transaction." Paper presented at the Submitted to the Healthcare Technology Standards Panel by the Population Health Technical Committee, December 7, 2007 2007.
- "HL7 Finalizing Health It Standards." <http://www.fiercehealthit.com/story/hl7-finalizing-phr-standards/2007-1…; (accessed December 1, 2007).
- R. J. Hodes, and D. A. B. Lindberg. "Making Your Web Site Senior Friendly." National Institute on Aging and the National Library of Medicine, 2002.
- J. Nicholas Hoover. "Get Well Soon: Fed up with Rising Health Care Costs, Intel, Wal-Mart, and Others Think Giving Employees Digital Records Will Help." InformationWeek, December 4 2006.
- T. K. Houston, D. Z. Sands, M. W. Jenckes, and D. E. Ford. "Experiences of Patients Who Were Early Adopters of Electronic Communication with Their Physician: Satisfaction, Benefits, and Concerns." Am J Manag Care 10, no. 9 (2004): 601-8.
- "How Are ISO Standards Developed?" International Organization for Standardization, http://www.iso.org/iso/standards_development/processes_and_procedures/h….
- "Implementation Guide for the Personal Health Record Data Transfer between Health Plans." America's Health Insurance Plans and Blue Cross Blue Shield Association, 2006.
- "Industry Leaders Join Forces to Advance Portable Healthcare Document Practices – New Best Practices Guide Addresses Exchange of Healthcare Information." AIIM, the ECM Association, http://www.aiim.org/article-pr.asp?ID=32097.
- "Innovations in Health Care Delivery." Paper presented at the FTC Public Workshop, Washington, DC, April 24, 2008 2008.
- "Issues in American Labor Statistics: Computer Ownership up Sharply in the 1990s." edited by Bureau of Labor Statistics U.S. Department of Labor, 1999.
- D. et al Johnson. "A Framework and Approach for Assessing the Value of Personal Health Records (PHRs)." AMIA Annu Symp Proc (2007): 374-78.
- Douglas Johnston, David Kaelber, Eric C Pan, Davis Bu, Sapna Shah, Julie M. Hook, and Blackford Middleton. "A Framework and Approach for Assessing the Value of Personal Health Records (PHRs)." AMIA Annual Symposium Proceedings (2007): 374-78.
- Valeria Tate Jopeck, and Marion Ein Lewin. Developing an Information Infrastructure for the Medicare+Choice Program:Summary of a Workshop. Edited by Institute of Medicine Office of Health Policy Programs and Fellowships, Committee on Choice and Managed Care: Furthering the Knowledge Base to Ensure Public Accountability and Information for Informed Purchasing by and on Behalf of Medicare Beneficiaries. Washington, DC: National Academy Press, 1999.
- M. Jordan. "Scenario Boards Can Be Used to Improve Validation of Early Product and Service Concepts: A Critical Skill in Today’s Environment." www.pdma.org. .
- S. J. Katz, C. A. Moyer, D. T. Cox, and D. T. Stern. "Effect of a Triage-Based E-Mail System on Clinic Resource Use and Patient and Physician Satisfaction in Primary Care: A Randomized Controlled Trial." Journal of General Internal Medicine 18, no. 9 (2003): 736-44.
- S. J. Katz, N. Nissan, and C. A. Moyer. "Crossing the Digital Divide: Evaluating Online Communication between Patients and Their Providers." Am J Manag Care 10, no. 9 (2004): 593-98.
- Alla Keselman, Laura Slaughter, Catherine Arnott-Smith, Hyeoneui Kim, Guy Divita, Allen Browne, Christopher Tsai, and Qing Zeng-Treitler. "Towards Consumer-Friendly PHRs: Patients’ Experience with Reviewing Their Health Records." AMIA Annual Symposium Proceedings (2007): 399-403.
- E. H. Kim, Mayani, A., Modi, S., Soh, C.B., Kim, Y. "Evaluation of Patient-Centered Electronic Health Record to Overcome the Digital Divide." In Engineering in Medicine and Biology 27th Annual Conference. Shanghai, China, 2005.
- Eung-Hun Kim, Anna Stolyar, William B. Lober, Anne L. Herbaugh, Sally E.Shinstrom, Brenda K. Zierler, Cheong B. Soh, and Yongmin Kim. "Usage Patterns of a Personal Health Record by Elderly and Disabled Users." AMIA Annual Symposium Proceedings (2007): 409-13.
- Katherine Kim. "Clinical Data Standards in Health Care: Five Case Studies." California HealthCare Foundation, 2005.
- M. I. Kim, and K. B. Johnson. "Personal Health Records: Evaluation of Functionality and Utility." Journal of the American Medical Informatics Association 9, no. 2 (2002): 171.
- A. F. Kittler, G. L. Carlson, C. Harris, M. Lippincott, L. Pizziferri, L. A. Volk, Y. Jagannath, J. S. Wald, and D. W. Bates. "Primary Care Physician Attitudes Towards Using a Secure Web-Based Portal Designed to Facilitate Electronic Communication with Patients." Informatics in Primary Care 12, no. 3 (2004): 129-38.
- M. Kutner, E. Greenburg, Y. Jin, and C. Paulsen. "The Health Literacy of America's Adults." 76: National Center for Education Statistics, 2006.
- D Lansky. December 3 2007.
- D. Lansky. "A National Agenda for Personal Health Records? How Will We Really Empower Consumers in the Next Decade?" Connecting for Health presentation, 2006.
- S. Lauriks, A. Reinersmann, H. G. Van der Roest, F. J. M. Meiland, R. J. Davies, F. Moelaert, M. D. Mulvenna, C. D. Nugent, and R. M. Droes. "Review of ICT-Based Services for Identified Unmet Needs in People with Dementia." Ageing Research Reviews 6, no. 3 (2007): 223-46.
- W. Lazarus, and F. Mora. "Online Content for Low-Income and Underserved Americans: The Digital Divide's New Frontier. A Strategic Audit of Activities and Opportunities." Children's Partnership, 2000.
- M. Ray Leavitt, A. "Cchit Town Hall." Paper presented at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference 2008, Orlando, FL 2008.
- R Lecker, D Armijo, S Chin, J Christensen, J Desper, A Hong, L Kneale, and Altarum Institute. "Review of Personal Health Record (PHR) Service Provider Market Privacy and Security." edited by Office of the National Coordinator for Health Information Technology (ONC) Department of Health and Human Services, 2007.
- R. & Gordon Leonard, AR. Statistics on Vision Impairment a Resource Manual. Vol. 4th ed.: Research Institute of Lighthouse International, 2001.
- E. M. Liederman, J. C. Lee, V. H. Baquero, and P. G. Seites. "The Impact of Patient-Physician Web Messaging on Provider Productivity." Journal of Healthcare Information Management–Vol 19, no. 2: 81.
- –––. "Patient-Physician Web Messaging." Journal of General Internal Medicine 20, no. 1 (2005): 52-57.
- Leili Lind, Daniel Karlsson, and Bengt Fridlund. "Patients' Use of Digital Pens for Pain Assessment in Advanced Palliative Home Healthcare." International Journal of Medical Informatics In Press, Corrected Proof (2007).
- W. B. Lober, B. Zierler, A. Herbaugh, S. E. Shinstrom, A. Stolyar, E. H. Kim, and Y. Kim. "Barriers to the Use of a Personal Health Record by an Elderly Population." AMIA Annual Symposium Proceedings (2006): 514-8.
- "LOINC." RegenStreif Institute, http://www.regenstrief.org/medinformatics/loinc.
- K.D. Mandl, et al. "Indivo: A Personally Controlled Health Record for Health Information Exchange and Communication." BCM Medical Informatics and Decision Making 7, no. 25 (2007).
- G. Marchionini. November 13 2007.
- G. Marchionini, B. K. Rimer, and B. Wildemuth. "Evidence Base for Personal Health Record Usability Final Report to the National Cancer Institute." National Cancer Institute 2007.
- "The Medical Home Position Statement." edited by AAMC Executive Council: Advisory Panel on Healthcare, 2008.
- "Medicare Fee-for –Service Beneficiary Access to Physician Services: Trends in Utilization of Services, 2000 to 2002." edited by U.S. Government Accountability Office, 2005.
- "Medicare: A Primer." Kaiser Family Foundation, 2007.
- "Microsoft Healthvault Beta Version Privacy Statement." Microsoft Corporation, https://account.healthvault.com/help.aspx?topicid=PrivacyPolicy
- K. Miller. "Health Level Seven, America's Health Insurance Plans, and the Blue Cross and Blue Shield Association Sign Mou to Collaborate on Portability Standards for Personal Health Records." Blue Cross Blue Shield Association, http://www.bcbs.com/news/bcbsa/hl7_ahip_bcbsa_collaborate_on_phrs.html?…
- L Moreno, et. al. "Personal Health Records: What Do Underserved Consumers Want." Mathematica Policy Research, Inc., Issue Brief, no. 4 (2007).
- J. Morrissey. "But What Does the Public Think?: For Consumers to Adopt PHRs, They Need Reasons That Hit Home." Journal of AHIMA 76, no. 10 (2005): 42-44.
- D. B. Nash, D. Shulkin, F. Comite, R. Loeppke, B. Van Cleave, R. Kane, J. Christianson, and D. Pousma. "Measurement of the Impact of Winona Health Online." Disease Management 4, no. 1 (2001): 15-18.
- "National Committee on Vital and Health Statistics Subcommittee on Privacy and Confidentiality Working Session. U.S. Department of Health and Human Services ". Paper presented at the National Committee on Vital and Health Statistics Subcommittee on Privacy and Confidentiality Working Session. U.S. Department of Health and Human Services Washington, D.C., June 2007 2007.
- "National Consumer Health Privacy Survey 2005." California Healthcare Foundation, 2005.
- "New Health Data Standards Gaining Support." Fierce Health IT, http://www.fiercehealthit.com/story/new-health-data-standards-gaining-s….
- Lori Nichols. December 19 2007.
- –––. December 19 2007.
- J. Nielsen. "Usability 101: Introduction to Usability." http://www.useit.com/alertbox/20030825.html.
- K. L. Norman, and E. Panizzi. "Levels of Automation and User Participation in Usability Testing." Interacting with Computers 18, no. 2 (2006): 246-64.
- "Office of the National Coordinator: Mission." Office of the National Coordinator. U.S. Department of Health and Human Services http://www.hhs.gov/healthit/onc/mission.
- Jan Oldenberg. November 1 2007.
- Jan Oldenburg. November 1 2007.
- G. Olsen. "Designing Breakthrough Products: Going Where No User Has Gone Before." UX Matters, http://www.uxmatters.com/MT/archives/000130.php.
- "Patient-Provider Secure Messaging Detailed Use Case." Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, 2008.
- "PDF Healthcare Overview." AIIM - Enterprise Content Manager, http://www.aiim.org/standards.asp?ID=31832.
- "Personal Health Record Data Transfer between Health Plans: Standards for Electronic Data Interchange." America’s Health Insurance Plans and Blue Cross Blue Shield Association, 2006.
- "Personal Health Records and Personal Health Record Systems." edited by U.S. Department of Health and Human Services. Washington, D.C., 2006.
- "Personalized Healthcare Detailed Use Case." U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, 2007.
- "PHR-System Functional Model, Release 1 Dstu." HL7 EHR Technical Committee, 2007.
- M. Pierson. "Perspective on PHR Clinical, Patient, and Consumer Perspectives." Paper presented at the AHIC 2007 Presentation, Whatcom County, WA 2007.
- Sandra Potthoff, Jing Du, Stuart Speedie, and Donald P. Connelly. "Emergency Room Providers’ Perceptions of Mychart’s My Emergency Data: Findings from a Focus Group Study." AMIA Annual Symposium Proceedings (2007): 1082.
- "Privacy and Confidentiality in the Nationwide Health Information Network." National Committee on Vital and Health Statistics, 2006.
- "Privacy Statement." Elder Issues, http://www.elderissues.com/pages/index.cfm?fuseaction=customerservice&C….
- "Project Healthdesign: Rethinking the Power and Potential of Personal Health Records." The Robert Wood Johnson Foundation, 2006.
- J. D. Ralston, D. Carrell, R. Reid, M. Anderson, M. Moran, and J. Hereford. "Patient Web Services Integrated with a Shared Medical Record: Patient Use and Satisfaction." Journal of the American Medical Informatics Association 14, no. 6 (2007): 798.
- "Remote Monitoring Draft Detailed Use Case." Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, 2008.
- "Research-Based Web Design and Usability Guidelines." edited by U.S. Department of Health and Human Services. Washington, DC, 2006.
- "Review of the Personal Health Record Service Provider Market: Privacy and Security." Altarum, http://www.hhs.gov/healthit/ahic/materials/01_07/ce/PrivacyReview.pdf.
- L Ricciardi. "Project Healthdesign and HL7 Functional Requirements for PHRs Compared." edited by Project Health Design, 2008.
- Andis Robeznieks. "Getting Personal; Legal Liability, Patient-Data Overload among Issues Making Physicians Uneasy over Emergence of Personal Health Records." Modern Healthcare, May 21 2007.
- "Roundtable Summary Report: Personal Health Records and Electronic Health Records. Navigating the Intersections." Oakland, CA: Agency for Healthcare Research and Quality, American Medical Informatics Association, Kaiser Institute for Health Policy, and the Robert Wood Johnson Foundation, 2006.
- ACC/ HIMSS/ RSNA. "IHE It Infrastructure Technical Framework, Supplement 2006-2007: Cross-Enterprise Document Media Interchange (XDM)." Integrating the Health Enterprise, http://www.ihe.net.
- "Rxnorm Overview." U.S. National Library of Medicine. National Instititutes of Health., http://www.nlm.nih.gov/research/umls/rxnorm/overview.html.
- D. Z. Sands. "Making It Real: Patientsite." AMIA 2006 Spring Congress, http://www.amia.org/meetings/s06/post/sands_5-17_1030a.pdf.
- Brigid McHugh Sanner. "Creating Age-Friendly Websites: Does Your Website Meet the Needs of Senior Surfers? This Communications Expert Outlines How You Can Make the Most of the Internet Opportunity." The Journal on Active Aging (2004).
- George Scriban. January 10 2008.
- B. Shneiderman. "Designing the User Interface: Strategies for Effective Human-Computer Interaction." (1997).
- L. Sprague. "Personal Health Records: The People’s Choice?" NHPF Issue Brief 820 (2006): 1-13.
- W. W. Stead. "Rethinking Electronic Health Records to Better Achieve Quality and Safety Goals." Annual Review of Medicine (2006).
- Walter Sujansky, and Associates LLC. "Project Healthdesign: Common Platform Requirements: Technical Specifications Overview." California Health Care Foundation, 2008.
- "Summary of Responses to an Industry Rfi Regarding a Role for Cms with Personal Health Records ". Center for Medicare and Medicaid Services, http://www.cms.hhs.gov/PerHealthRecords.
- "Survey Finds Americans Want Electronic Personal Health Information to Improve Own Health Care." Markle Foundation, http://www.markle.org/downloadable_assets/research_doc_120706.pdf.
- Paul C. Tang, Joan S. Ash, David W. Bates, J. Marc Overhage, and Daniel Z. Sands. "Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption." Journal of the American Medical Informatics Association 13, no. 2 (2006): 121-26.
- Paul Tang, and David Lansky. "The Missing Link: Bridging the Patient- Provider Health Information Gap." Health Affairs 24, no. 5 (2005): 1290-95.
- C. Tessier, Waegermann, P., Kibbe, D., Smith, D., Brewer, P. "The Concept Paper of the Ccr - Version 3." Medical Records Institute, 2006.
- C.B. Thielst. "The New Frontier of Electronic, Personal, and Virtual Records." Journal of Healthcare Management 52, no. 2 (2007): 75-78.
- Joanne K. Tobacman, Pamella Kissinger, Marilyn Wells, Joan Prokuski, Mary Hoyer, Patricia McPherson, Julie Wheeler, Joyce Kron-Chalupa, Carol Parsons, Patricia Weller, and Bridget Zimmerman. "Implementation of Personal Health Records by Case Managers in a Vamc General Medicine Clinic." Patient Education and Counseling 54, no. 1 (2004): 27-33.
- "Two in Five Adults Keep Personal or Family Health Records and Almost Everybody Thinks This Is a Good Idea." Health Care News 4, no. 13 (2004).
- "An Uphill Climb for Personal Health Records." American Medical News (2006): 22.
- "The Value of Personal Health Records, a Joint Position Statement for Consumers of Health Care." AHIMA/AMIA, 2007.
- J. Walker, E. Pan, D. Johnston, J. Adler-Milstein, D. W. Bates, and B. Middleton. "The Value of Health Care Information Exchange and Interoperability." Health Affairs (2005).
- Harry Wessel. "More Insurers Reimburse Doctors for Online Care." Orlando Sentinel, May 15 2006.
- M. Wise, J. Y. Han, B. Shaw, F. McTavish, and D. H. Gustafson. "Effects of Using Online Narrative and Didactic Information on Healthcare Participation for Breast Cancer Patients." Patient Educ Couns (2008).
- Yasnoff. "Healthvault–a Step in the Right Direction." http://williamyasnoff.com/?p=42.
- Y. Y. Zhou, T. Garrido, H. L. Chin, A. M. Wiesenthal, and L. L. Liang. "Patient Access to an Electronic Health Record with Secure Messaging: Impact on Primary Care Utilization." Am J Manag Care 13 (2007): 418-24.
Appendix D. Sample Discussion Guide
Organization: Lead Project Manager, Clinical Quality and Content
Kaiser Permanente and HealthConnect
Expertise: Usability/Standards
Usability
- How long have you been working with Kaiser? How have you been involved with Kaiser’s HealthConnect Online? When was its PHR unrolled?
- Do enrollees need to sign up for a PHR or are then automatically signed up?
- How many members are currently using the PHR?
- How many members are currently using KP HealthConnect Online?
- Are the aged and/or disabled members using KP HealthConnect Online?
- What functions do enrollees use most? Which are most helpful? Which do they like best/ least? Are there functions they aren’t using? How does this differ for the aged and disabled?
- Have there been any changes made to the PHR since it was introduced?
- Was there any initial usability testing done of the PHR? When? How?
- Do you receive feedback on problems enrollees have using the PHR?
- How do you get this feedback?
- Do the aged have any particular problems?
- What have enrollees found to be the biggest benefit of PHRs? (Does it save them time and effort? Improve their relationship with their physician? Allow them to better monitor their medical conditions?)
Standards
- What would you say are the key standards that are relevant for PHR development?
- Are there any gaps in the current PHR standards development activities?
- Privacy and security
- Can you discuss how consumer privacy and security issues will be addressed as these seem to be a major impediment to PHR adoption and use?
- With regards to PHR-EHR interoperability what are the key standards that need to be considered?
- Are the current SDOs (Standards Development Organizations) the right organizations to be overseeing PHR standards development?
Patient-Provider Interactions
- How have physicians responded to KP HealthConnect Online?
- Are all of Kaiser’s providers required to use Health Connect Online?
- Have providers experienced changes in work flow?
- How have provider attitudes changed over time?
- How has KP HealthConnect Online affected patient-provider communication and interaction?
- Are members asking providers more questions as a result of their experiences with the PHR?
- Do you think that KP Health Connect Online has helped patients to become more involved in their own health care?
- Have providers experienced a decline in appointments as a result of the PHR?
- What concerns or issues do physicians have with the PHR?
Other resources that we may consult
Are there any products, papers, other resources related to PHRs that you think are particularly useful?
Is there anyone else you recommend that we contact?
Appendix E. Key PHR Initiatives
As this report has illustrated, the PHR space is both new and very dynamic. During the course of developing this report, a number of initiatives were identified that have the potential to significantly impact the development of PHRs. These initiatives profiled in this Appendix were selected for inclusion their number of users, the scope of the functions they offer, or other unique factors, such as an open source software approach, a design with a care management perspective, and financial (rather than a medical) model approach. A number of these initiatives are still in the early-design or implementation stage but offer new, interesting and potentially influential approaches to the design of future PHRs. The information provided is from our literature review and discussions with PHR implementers and leaders.
Kaiser Permanente’s HealthConnect
The HealthConnect PHR is part of Kaiser Permanente’s larger HealthConnect software system, designed by Epic Systems at a cost of $3 billion. Its core data elements are a shared view of the medical record. Access to the PHR provides a health history of allergies, immunizations, conditions, past visit information, and prescriptions. It also provides members with laboratory test results, behavior change modules, health education materials, information on health plan services and facilities, and patient instructions in English and Spanish. Secure messaging of providers is available for primary care providers in most regions and will soon allow messaging to specialists. Its PHR also offers members the ability to make and change appointments, tools to monitor chronic conditions, and online prescription refills.
Currently, 1.7 million of its 8.6 million members are registered for HealthConnect, with 79,000 repeat users each month. Of its 880,000 Medicare members, 220,000 are signed up. Members must opt-in to participate (this now requires members to register online and then receive an activation code by mail; in February 2007, this will become a one-step process.) The PHR provides family members who have been granted access the ability to view the full record (the exception being any mention of domestic violence.)
Veteran Health Administration’s My HealtheVet
My HealtheVet is linked with the VHA’s Computerized Patient Record System (CPRS) and VistA, a storage application for all VHA clinical documents. My HealtheVet provides online access to personal information, military health histories, medication tracking and VHA prescription refill, medical events, and immunization records. It makes available health information, links to Federal and VA benefits and resources, and a personal health journal (to track, for example, blood pressure, blood sugar, and cholesterol). Secure messaging will be released next year and online test results will be available after that. In the future, My HealtheVet registrants will be able to view appointments, co-pay balances, and key portions of their VHA medical records.
Over 41,000 veterans have signed up, 2,000 of whom are over 90 years old. The VHA is moving to national implementation and will end the pilot as this happens. Because in-person authorization is required to obtain a log-in ID and password, a major concern for the national roll-out is the lack of on-site staff to authenticate those applying for a PHR ID and password, particularly in outpatient rural clinics.[333]
LifeLedger
LifeLedger is a stand-alone computer application housed on the internet. It was designed by geriatric case managers as a paper form. LifeLedger is targeted to family members and care managers of the aged, with the intent to communicate information to all involved in the subscribers’ care. It records and stores health records, financial and demographic information, medication histories, funeral plans, and other important documents, such as living wills and health care power of attorney forms. Subscribers or caregivers manually enter the information; in the case of documents, they are uploaded to the personal record. Caregivers and providers may add progress notes. LifeLedger also includes a library, chat room, and forums.
Along with assisting in the day-to-day management of care, LifeLedger is designed for emergencies. It provides a print out of all emergency information and suggests that this be put in an envelope on the subscriber’s refrigerator (the first place that emergency medical personnel will check when they enter a house). Also, if the subscriber is unable to provide access to his/her records in the emergency room, LifeLedger provides emergency room providers with a password that allows them a view of the subscriber’s emergency information (medications, physician information, etc.) It is noted that LifeLedger is not a comprehensive medical record, but instead, a subset of information that is critical to the care of an individual.
Microsoft HealthVault
HealthVault is a personal health technology platform that allows consumers to gather, store, and share health information online. HealthVault is not a PHR; instead, it is a place to store health information. HealthVault links to Microsoft’s partners’ applications, with HealthVault’s role being to facilitate communication to and from partners and consumers. At its October 2007 release, Microsoft had agreements for over 40 applications and devices for its platform and its partner list now numbers in the hundreds. Partners include health-management device manufacturers (Johnson & Johnson), prevention and disease groups (American Diabetes Association, American Heart Association), and PHR companies (CapMed, Medem, ActiveHealth).
According to Microsoft, HealthVault’s value to consumers is that it offers them a platform to better manage their health information. It plans for consumers to collect (upload or enter) their private health information. Consumers are said to have complete control over this health information, which they can then offer to their health care providers. HealthVault also includes a specialized medical search engine that helps consumers to more effectively search the Internet for health information by organizing online health content, and according to Microsoft, allowing consumers to refine searches faster and with more accuracy, and eventually connecting them with HealthVault-compatible solutions.
Quicken Health
Quicken Health is now under development and its broad launch (with United Healthcare first and later CIGNA) is planned for 2008. This is an online application that aims to help consumers to understand their health care expenditures, settle their bills, and spend their dollars wisely. Unlike other medical- and health-related PHRs, Quicken Health focuses on the management of health care expenditures. It is designed to partner with health plans and employers, who then provide their members or employees access to Quicken Health. Once signed up, consumers permit the download of claims and benefit information, which Quicken Health translates into a language understandable to consumers, then provides tools to help consumers manage their expenditures. For example: in the case of a denied claim, the denial code is translated and the consumer advised of follow-on action. A financial diagnostic engine is included to assist consumers’ future financial decisions.
Quicken Health is a product of Intuit, maker of Turbo Tax, Quicken, Quicken Books (for small-businesses), and Quicken Medical Expense Manager. According to Intuit’s Director of Market Development, its market research shows that consumers’ health care expenditure data is scattered and difficult for consumers to manage. Its experience with Quicken Medical Expense Manager (its individual, non-group product which requires users to hand-enter all data) is that consumers want an application that enters the data for them. Intuit believes that many (but not all) health plan members and employees will use Quicken Health. The incentive for employers--particularly self-insured employers--to partner with Intuit is particularly strong, as they anticipate that Quicken Health will facilitate a decline in employee and employer health expenditures.
Children’s Hospital Boston’s, Indivo
Indivo (formerly PING) is a PHR (it calls itself “personally controlled health records”) that enables a patient to assemble, maintain, and manage a secure copy of his or her medical data.[334] It integrates health information across sites of care and over time. It is an open source, open standards PHR that is internet based and provides a web interface. All Indivo technical documents, including design concepts and source code, are accessible on the internet, enabling straightforward local customization of Indivo, as well as interoperability between Indivo and other vendor products.
In September 2007, the Children's Hospital Informatics Program and the Dossia Consortium announced that they would be partnering to make the Indivo PHR the core of the anticipated Dossia Personally Controlled Health Record system. Dossia will provide resources to extend the core Indivo functionality and server architecture, which will remain open source and freely available. Indivo is also the PHR for Children’s Hospital Boston and was deployed as part of an employee health program at Hewlett Packard. MIT and Harvard University are adopting Indivo as the PHR for their students and employees.
Palo Alto Medical Foundation’s PAMFOnline
The Palo Alto Medical Foundation is a large multispecialty group practice that has been operating its PHR since 2002. PAMF tightly integrates its electronic medical record system with its PHR. Patients can view summary data from their medical record, including the results of diagnostic tests, and request medical advice, prescription renewals, appointments, or updates to their demographic information. It has found that patients embrace this new communication channel and are using the service appropriately. Patients especially value electronic messaging with their physicians and timely access to their test results. While initially concerned about an increase in work, physicians have found that use of electronic messaging can be an efficient method for handling non-urgent communication with their patients.
CareGroup Healthcare System’s PatientSite
Caregroup’s PHR, PatientSite, serves an integrated delivery network of five hospital (its flagship hospital is Beth Israel Deaconess Medical Center), 12,000 employees, 2 million patients, and 1,700 physicians (as of December 2005). It has been up and running since 2000, and as of January 2006, over 22,000 patients had registered for PatientSite and 16 percent of these patients accessed their records each month. The median age user is 43, with four percent of users over age 70. Along with patients, clinicians and other staff use PatientSite (200 primary care clinicians and 300 staff used PatientSite every month in 2005). PatientSite achieved this degree of adoption by ensuring it is compatible with all browsers, is easy to use, and is highly customizable.[335]
PatientSite, provides secure messaging, personal medical records, and “convenience transactions” online (this includes requesting appointments, obtaining prescription refills, requesting referrals, and viewing medical claims). It allows patients to view their physician’s schedule and request a non-urgent appointment. PatientSite also includes health education modules and links and home pages may also be customized with health education links (either by the provider or patient).[336] Patients can also input their own medications, problems, allergies, and notes; track and graph data over time (e.g., blood glucose measurements, weight, blood pressure); and upload documents to the PHR. Caregroup estimates the cost of PatientSite to be $250,000 to $720,000 per year, an average of $6 per patient per month.
Project HealthDesign: Rethinking the Power and Potential of Personal Health Records
Funded by the Robert Wood Johnson Foundation in 2006, this program is intended to stimulate innovation in the design of PHR. It aims to build a PHR (described as a PHR system) in which an array of personal health applications can be built on top of a common platform of core data elements and technical services (e.g., a medical management tool that would alert consumers at the proper time to take their medication; and a tool to help consumers minimize medication expenses by searching the Internet to identify the lowest prices). Project HealthDesign’s design and prototyping efforts focus on the needs, preferences, and living environments of consumers.[337]
Project HealthDesign funds nine multidisciplinary teams of technology, health and design experts, each of which will design and test PHR systems before prototyping tools in communities. The design experience is set up to ensure that the teams’ design strategies engage and respond to the self-identified populations of interest. Teams will seek strategies for capturing consumers’ information throughout the course of daily living and address how a PHR can best fit with consumers’ day-to-day activities. Projects emphasize health promotion. The ActivHealth team, for example, is developing a PHR to assist sedentary adults become more physically active.[338]
Citations
- http://www.myphr.com/resources/index.asp.
- http://www.merriam-webster.com/dictionary.
- Back to Top
http://www.astm.org/Standards/E2211.htm.
- http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_0275….
- http://www.markle.org/resources/press_center/press_releases/2005/press_….
- http://williamyasnoff.com/?p=42.
- http://googlesystem.blogspot.com/2008/02/cleveland-clinic-to-pilot-goog….
- http://www.pchri.org/2006/presentations/pchri2006_boone.pdf.
- http://www.connectingforhealth.org. .
- http://www.markle.org/downloadable_assets/research_doc_120706.pdf.
- www.thefreedictionary.com/utility.
- http://www.phrconference.org/assets/research_release_101105.pdf.
- http://www.useit.com/alertbox/20030825.html.
- www.thefreedictionary.com/utility.
- http://www.uxmatters.com/MT/archives/000130.php.
- www.pdma.org. .
- www.thefreedictionary.com/utility.
- http://www.markle.org.
- http://www.ahima.org.
- http://www.ansi.org. .
- http://www.iso.org/iso/standards_development/processes_and_procedures/h….
- http://www.fiercehealthit.com/story/hl7-finalizing-phr-standards/2007-1…; (accessed December 1, 2007).
- http://www.regenstrief.org/medinformatics/loinc.
- http://www.nlm.nih.gov/research/umls/rxnorm/overview.html.
- http://www.hl7.org/ehr/downloads/index_2007.asp.
- http://www.modernhealthcare.com.
- http://www.emradvice.wordpress.com.
- http://www.healthcareitnews.com.
- http://www.cms.hhs.gov/PerHealthRecords.
- http://www.himss.org/content/files/PHRPrivSecCOO-LGV1.0.pdf.
- http://www.hhs.gov/healthit/ahic/materials/01_07/ce/PrivacyReview.pdf.
- https://account.healthvault.com/help.aspx?topicid=PrivacyPolicy
- http://www.elderissues.com/pages/index.cfm?fuseaction=customerservice&C….
- http://www.healthcareitnews.com.
- http://www.bcbs.com/news/bcbsa/hl7_ahip_bcbsa_collaborate_on_phrs.html?…
- http://www.ihe.net.
- http://www.aiim.org/article-pr.asp?ID=32097.
- http://www.niphysiciansforconnectivity.org.
- http://www.fiercehealthit.com/story/new-health-data-standards-gaining-s….
- http://www.aiim.org/standards.asp?ID=31832.
- http://publicaa.ansi.org
- www.ihealthbeat.org.
- http://www.intersystems.com/cache/analysts/CHT_May2005.pdf.
- http://www.amia.org/meetings/s06/post/sands_5-17_1030a.pdf.