As much as we have heard about electronic medical records (EMR) in the news this year, so have we heard about personal health records (PHR).  A lot of this has to do with the splashy entrances into this space by no less than Google and Microsoft. Both these information technology behemoths are betting a lot on the assumption that patients will want to create and maintain their own medical records in readily accessible, yet highly secure, confidential electronic environments.

This past June, Microsoft, Google and dozens of organizations promoting consumer adoption of electronic PHRs agreed for the first time on a comprehensive set of privacy protections. An 18-month effort by health insurers, Web portals, doctors, hospitals and nonprofit groups produced a framework that will spur growth in the use of PHRs. The negotiations were orchestrated by the Markle Foundation, a New York-based nonprofit group that focuses on uses for information technology (Goldstein, A.; Microsoft; Google; Consumers Endorse Health Privacy Standards. http://www.bloomberg.com/apps/news?pid=20670001&refer=home&sid=a38Kg3O.d86k).

The federal government has also begun to recognize the value of PHRs. The Medicare Program recently started a year-long pilot project in South Carolina testing online PHRs as a way to enable beneficiaries to get more involved in their care and better manage their (often chronic) conditions. Patients control their records and decide who has access to them—from doctors to family members. Users need an ID and password. Physicians can add information to the PHR, but patients can remove it. Patients may add information not found on Medicare claims. This may include notes, advance directives, out-of-pocket expenses and prescription drug information.

The records will be helpful to doctors when patients seek medical care out of state and can’t remember what procedures they received, according to Gerald E. Harmon, M.D., Immediate Past President of the South Carolina Medical Association. Because the records are on the internet, physicians will be able to access a patient’s medical data from multiple locations
- Hansen, D., Medicare Launches Personal Health Records for South Carolina Residents. http://www.ama-assn.org/amednews/2008/07/21/gvsd0721.htm

The Health Information Management Systems Society (HIMSS) strongly supports the widespread adoption of electronic personal health records (ePHRs). HIMSS envisions ePHRs that are universally accessible and layperson comprehensible, and that may be used as a lifelong tool for managing relevant health information that is owned, managed and shared by the individual or his or her legal proxy(s) (HIMSS Personal Health Records Definition and Position Statement. http://www.himss.org/content/files/PHRDefinition071707.pdf).

Despite the obvious benefits of PHRs, they could raise some liability issues which need to be addressed, avoided or otherwise managed. Some of these are discussed below.

Integrating the patient’s EMR (or paper-based record) and the PHR

According to the HIMSS Personal Health Records Definition and Position Statement cited above, the current forms of ePHRs in the market involve three basic models:

• Software utilized by individuals to enter and maintain their personal health information

• Web sites that are maintained by third parties (like Google or Microsoft) which allow patients to enter and access their information

• Web sites that allow patients to view information from other applications such as an institutional EMR, or from an application that maintains the individual’s health insurance claims data.

The last of these models is referred to as a tethered/connected ePHR. In an un-tethered/disconnected ePHR model, only the patient, or individuals that have been granted access by the patient, has/have the ability to enter personal health information (PHI) into the ePHR.

Currently, these models do not support interoperability, allowing patients to freely transfer their self-entered PHI from an un-tethered to a tethered PHR. Consequently, a patient (or his designated family member or legal proxy) could add (or, as pointed out above, even change or omit) information within the PHR without the physician’s knowledge.

This could result in a potentially dangerous situation; especially if the patient failed to grant physician-access to the PHR, which could have shown that the patient was taking medications or had other treatments or medical problems which could make particular courses of action quite risky. This might not even be limited to those situations where the PHR contained information about medications or other treatments obtained from other physicians. It could also relate to nonprescription agents or even so-called nutritional aids or herbal treatments which could either nullify or dangerously potentiate the effects of certain prescribed medications and other treatments.

As a regular part of questioning a patient or family members, physicians (and other caregivers in the physician’s office) should inquire whether each patient might have PHRs and if they could gain access to them (as a trusted personal physician). Whether a physician has EMRs, or paper-based records, it is important to ensure that all information in the patient’s PHR is also in the EMR, and vice versa.