Standards govern the way health information is exchanged between PHRs and other health information systems. A number of entities are involved in developing standards for PHRs. Most recently, HL7 developed the PHR-S functional model (PHR-S). This represents the first effort to define personal health functions, supportive functions, and information infrastructure functions for PHRs. In addition to this effort, other standards development organizations have created standards for EHRs that are also applicable to PHRs. The relevant standards for semantic interoperability are terminologies such as SNOMED, developed by the College of American Pathologists, and LOINC, maintained by the Regenstrief Institute. The HL7 Clinical Document Architecture is another important data exchange and message standard for clinical and administrative data.
A number of security standards for authentication, consent, confidentiality, accountability, and non-repudiation are available for PHRs. However, one outstanding security issue is how much access, use and control a consumer should have over their PHR. Various PHRs and PHR platforms treat the issues of access, use and control differently. Closely connected to security, privacy is a key concern for consumers of PHRs. Currently, there is no uniform standard for privacy of personal health information stored in a PHR. The NCVHS has released recommendations for the characteristics of a PHR privacy. Several organizations have also released privacy statements for their PHR products and platforms. However, there is no consensus among PHR service providers about the specific elements that should be in all PHR privacy policies.
Portability of information between health care entities and between PHRs and EHRs is another important issue that the standards community has addressed. Integrating the Healthcare Enterprise has developed the IHE-XDS, IHE-XDR and IHE-XDM standards-based specifications for cross-enterprise document interchange. In addition, America’s Health Insurance Plans and Blue Cross Blue Shield Association have explored portability between PHRs, and between PHRs and EHRs. Their work resulted in the X12 plan-to-plan transfer portability standard, which is under further development by HL7 and Accredited Standards Committee X12.
Finally, AHIC has developed detailed use cases in the areas of patient-provider secure messaging, remote monitoring, and personalized healthcare; each of these use cases has implications for PHR users.
While a number of standards are available or under development for PHRs, the standards community, health researchers, and policy makers will need to address four key gaps with respect to standards. First, no standards exist for patient-initiated changes to information within the PHRs. Standards must be developed to ensure that changes requested by consumers are made in a uniform fashion to protect the accuracy of the clinical record. Second, future work should address privacy and security issues related to PHRs. Researchers should explore the possibility of developing a uniform privacy standard that applies to all PHR service providers, regardless of whether or not they are covered by HIPAA. Research should also explore the implications of assigning access, use, and control over a PHR to a care-manager or proxy, as this issue will be particularly relevant to Medicare beneficiaries. Third, future work should focus on further standardizing data content in PHRs to ensure semantic interoperability. Fourth, the PHR community must come to a consensus on the rights and legal responsibilities of all parties involved with PHRs. A clear definition of the rights and responsibilities of consumers, health care providers, PHR suppliers/ vendors, and other entities involved with PHRs will help to foster interoperability and also facilitate the protection of personal health information.