Personal Health Records Face Legal, Technical Roadblocks, Academics Say

PHRs are distinct from electronic health records (EHRs), which are created and maintained by health providers and don’t allow patients to add or edit health data. Various definitions of PHRs also emphasize that patients “own and manage” their data and can “share” records with various organizations, said Peter Gabriel, medical director of clinical information systems at the University of Pennsylvania Health System.

Google Health and Microsoft HealthVault, which provide user-initiated PHRs, are at the opposite end of the spectrum from employer- or payer-hosted EHR portals, such as those used by Intel, AT&T and Wal-Mart, Gabriel said. The most complex variant are physician- or institution-hosted portals, which may incorporate user changes along with data entered by providers, Gabriel said. UPHS is in the midst of a rollout of Epic MyChart, used by 2.4 million patients, that will cover half of outpatient visits by summer, he said.

Giving patients access to their own health data may be a bad idea in some cases, Gabriel said. The Health Insurance Portability and Accountability Act (HIPAA) arguably could regulate a patient’s control over certain of his own health information, and authentication of a patient’s identity is “not a trivial matter,” he said. Health providers are worried about “secure messaging” systems -- basically encrypted e-mail or online chat with patients -- becoming “a huge sinkhole of time” for unreimbursed services, Gabriel said. There’s a technical challenge, even internally for UPHS, he added: “You'd like to take a bunch of information and mash it together” without losing the “meaning and integrity of data.”

Not only privacy but business interests are certain to complicate PHR adoption, Wharton’s Rosoff said. Patients may record “lifestyle” information they would want available to emergency medical personnel but not their health providers, setting up “two sets of books,” he said. “I don’t bloody well think” that Keystone, a Blue Cross plan, would let Rosoff take his health data in a portable form to a competing plan, he said. Physicians also may fear malpractice lawsuits from treatments that were based on incomplete PHRs, Rosoff said.

Expanding HIPAA may be necessary to bring Google and Microsoft systems under federal medical privacy rules, Rosoff said, though it would be politically challenging. Even the most clever lawyer probably can’t write “boilerplate” that would both inform patients of their rights in a PHR and limit liability for providers who make judgments based on them, he said. The FTC may be a better venue for oversight of such services, Rosoff said.

Patients aren’t likely to update their records regularly unless they're alarmed by symptoms, providing a health record full of gaps, said Mark Weiner, assistant professor of medicine at the school. A reminder like the “annoying little paperclip guy” in Microsoft Word may be necessary for PHRs to have any value, Rosoff said. The alternate scenario is information overload for physicians, Weiner said: “I used to have blissful ignorance” of patients’ every cough and sneeze, now dutifully recorded.

* * * * *

Lawmakers focused on the improved security and cost savings of electronic systems for health records, in a press conference on Capitol Hill later in the day. The conference and Hill event are part of National Health IT Week. “The choice is rationing care or transforming the system,” said Rep. Patrick Kennedy, D-R.I., 21st Century Health Caucus co-chairman and sponsor of legislation last year to give financial incentives for PHR adoption. Commercial providers should compete for patients the same way banks use ATMs to compete for convenience-minded customers, he said. Answering fears that electronic records are at greater risk of breach, Kennedy said privacy will be the “cornerstone” of legislation. Rep. Tim Murphy, R-Pa. and caucus co-chairman, said he knew of a dog whose records were transferred without fuss. Records must be smoothly communicated, not a “Tower of Babel,” to improve patient health, he said. “Anyone who tells you paper records are more secure… doesn’t know the [electronic] system,” said Rep. Allyson Schwartz, D- Pa., a House Ways and Means Committee member. Rep. Phil Gingrey, R-Ga., a physician, said paper records were at risk from hospitals’ outsourced cleaning crews. “I think we're good to go” on health IT legislation at the House Commerce Committee, he said. Gingrey is among several Republicans sponsoring market-oriented legislation that is challenging House Commerce leaders’ own discussion draft (WID June 6 p3). Rep. Tom Price, R-Ga., another sponsor of the House Republican bill, said patient ownership of records will actually lower the regulatory burden for doctors and providers. Every Virginia health center eligible for federal funds will have electronic records by the end of Gov. Tim Kaine’s (D) administration, said Aneesh Chopra, Virginia secretary of technology. State hospitals will release a request for information from vendors to reduce administrative costs through electronic records by the end of the week, he said. The Certification Commission for Healthcare Information Technology, authorized by the Department of Health and Human Services, has certified 150 health IT products and is starting on certifying PHR systems, said Chairman Mark Leavitt.