Personal Health Records Should Ensure Privacy, Panel Says


Privacy should be the top priority when developing certification criteria for personal health records, a task force created by the Certification Commission for Healthcare Information Technology has recommended.

Adequate security and interoperability also must be included in certification efforts, according to the task force.

The Certification Commission for Healthcare Information Technology (CCHIT) will use these recommendations as it prepares to begin certifying personal health records (PHRs) next summer.

Since the PHR field is still “rapidly evolving,” the task force said that certification requirements should not be so prescriptive that they interfere with the progress of the technology.

The task force recommended that the voluntary certification process should apply to any products or services that collect, receive, store, or use health information provided by consumers. Certification should also apply to products or services that transmit or disclose to a third party any personal health information.

This would allow the CCHIT to offer certification to a range of products and applications, from those that offer a PHR application and connectivity as an accessory to an HER, to stand-alone PHRs.

CCHIT hopes that, just as it did in the EHR field, certification will create a floor of functionality, security, and interoperability, said Dr. Paul Tang, cochair of the PHR Advisory Task Force and vice president and chief medical information officer for the Palo Alto (Calif.) Medical Foundation.

The task force called for requirements to maintain privacy in monitoring and enforcement, and for consumer protection that would allow patients to remove their data if certification is revoked.

The group also recommended that standards-based criteria be developed that would require PHRs to send and receive data from as many potential data sources as possible, including ambulatory EHRs, hospital EHRs, labs, and networks.

If done right, certification would have significant benefits for both physicians and patients, Dr. Tang said. A PHR could provide physicians with better access to secure, authenticated data that could help them make decisions, while patients would have more control over their own care, he said. “The physician benefits by what benefits the patient,” Dr. Tang said.

In July, the task force made its recommendations and handed over responsibility for PHR certification to a CCHIT work group. That work group will develop the actual certification criteria that will be used to test PHR products starting next July, according to Dr. Jody Pettit, strategic leader for CCHIT's PHR work group.

Offering certification for PHR platforms and applications could help spur consumer acceptance and adoption of PHRs, Dr. Pettit said. “The consumer wouldn't feel so far out on a limb in terms of putting in their data,” she said.

Next Article: