Personal Data Records Raise Legal, Security Issues


BALTIMORE — Personal health records may be the next step in the evolution of health information technology, but these electronic documents raise several legal and security issues for long-term care facilities.

“PHRs might in fact have the opportunity to leapfrog over things that are happening in electronic health records,” Dr. Steven Labkoff, director of business technology for Pfizer Inc., said at a meeting on long-term care health information technology.

The main difference between personal health records (PHRs) and electronic health records is who owns them. Ideally, patients should own their PHRs. But it is still unclear who should control what information is entered in the document and, perhaps more important, who should be able to delete information from the record, experts said at the meeting, sponsored by the American Health Information Management Association (AHIMA).

An online public survey conducted in 2003 found that 71% of respondents believed that personal health records would improve the quality of health care, said Jill Burrington-Brown, the practice manager for health information management products and services at AHIMA.

“The time is now to accelerate the development of personal health records,” she said, citing a report from Connecting for Health, a project of the Markle Foundation to promote the adoption and use of personal health records.

“A second finding was that PHRs are a means to necessary ends, such as increased consumer health awareness, activation, safety, and self-efficacy,” she said.

During roundtable discussions, meeting attendees said that they thought personal health records are a potentially important component of health information technology efforts, but many also had misgivings about the security risk represented by giving seniors, some with cognitive deficits, electronic access to their health records.

“Every day is a day that we work on security to make sure it is tight and concise,” said Daniel Wilt, director of information technology for Erickson Retirement Communities.

Erickson has launched a pilot program that allows residents to remotely access laboratory results, physician notes, and medical histories. The system also allows them to set appointments and keep health journals.

“They want their labs. That's the one thing they really want. They go to the medical center, they run back upstairs, they go to their computers, and they ask 'It's been 20 minutes; where are my labs?' We have to explain it takes 24 hours,” he said.

While most users really like the system, administrators have had to struggle with how much access the public should have. For example, Mr. Wilt said, should administrators allow adult children to look at records or let residents change information that they deem incorrect?

By definition, personal health records need to be individually owned, said Ms. Burrington-Brown.

“The individuals own the PHR in a similar way as we own money in the bank. There is some conversation in the industry about who really owns that, because of who produces it. That is a conversation that is going to be going on” for quite some time, she said.

Industry groups are working on a standard format for personal health records, while groups such as the American Health Information Community and the National Committee on Vital and Health Statistics are developing standards to ensure interoperability and security of those documents.

“We have a lot of PHR activities occurring at many levels,” she said.

Next Article: