What’s the first thing that comes to your mind when you think of a visit to the doctor’s office? If it’s filling out forms, you’re not alone; it’s a common frustration for patients nationwide. Detailed questions about your past medical history fill the pages, causing anxiety and leading to a guessing game of inaccuracies. Understandably, few people can recall the exact dates of their last immunizations or the name of the antibiotic they took back in 1986. But that information exists — somewhere.

More than likely your health records are strewn across the offices and databases of a wide array of doctors, pharmacies, and insurance providers. So before you even visit the doctor, you may have to spend hours on the phone, tracking down information with mixed success. The process, as it exists, often results in redundant tests, wasted time and resources, and extra costs to the patient and the healthcare system.

There has to be a better way, right? The future of healthcare, many believe, will be organized around the Personal Health Record (PHR). It’s a simple idea: a record of your health information — a timeline of health issues, lab tests, past medications, immunizations, and physical stats — all in one place, maintained and managed (primarily) by you. An ideal PHR would be a comprehensive collection of data from many sources — hospitals, pharmacies, past doctors — organized in a user-friendly way and made accessible to appropriate entities with the necessary credentials.

The principal goal of an effective PHR is improving patient safety, says Colin Evans, CEO of Dossia, one of America’s largest private PHR vendors. For one thing, mistakes in medical records create unnecessary additional financial burdens. Medical Billing Advocates of America estimates that eight out of 10 hospital bills are incorrect, filled with errors that can adversely affect your insurance coverage. But more importantly, mistakes are also dangerous: in a landmark 2000 report, the Institute of Medicine estimated that as many as 44,000 to 98,000 people die in hospitals each year as the result of medical errors. Presumably, many more people are not getting the care they need because of mistakes in their medical records.

And even if all your records are accurate, they’re likely dispersed and disconnected, rendering them ineffectual. “From both a safety and coordination of care perspective, your data needs to be in one place,” says Evans. PHRs could create a system where your doctor will see a complete timeline of your blood tests and prescription history as well as your gym membership and appointment history and thus be able to provide more personal and appropriate treatment.

Ideally, an effective PHR would provide patients with an easy way to amend mistakes on their records. Currently, federal laws require that healthcare providers give patients access to their health records and force providers to respond to patient concerns, but the process for patient review is clunky and differs from state to state. PHRs give patients the opportunity to play a greater role in their own healthcare and have a louder voice in the greater healthcare discussion.

Dr. Jason Hwang of the Innosight Institute, a nonprofit think tank working in the the healthcare sector, believes PHRs will also keep providers honest. For an example of success, he pointed to the auto industry, where studies have shown that a very small group (2% to 5%) of active consumers who look up consumer reports and safety records before they buy a car have been able to push the entire market and cause manufacturers to produce higher quality and safer cars. “The same thing is needed in healthcare,” says Hwang. “But we don’t have that vocal minority, nor do we give them the resources that would enable them to make a difference.” Both Hwang and Evans believe that PHRs are a necessary starting point to providing the patient/consumer with the resources needed to make positive changes in the healthcare industry.

The definition and details of how a PHR should ultimately function are both works in progress. The term “Personal Health Record” has been in use since 1978 and initially was applied to simple, paper records kept by individual patients. Today, it usually implies an electronic database of some kind. There are currently dozens of PHR vendors on the market. Some are internet-based; some are software-based. There are free PHRs open to everyone, and there are private PHRs paid for by employers and only offered to employees of specific companies. Some PHRs are internet applications that can connect and share information with your local pharmacy; others are Radio Frequency Identification (RFID) chips that are implanted under your skin and can only be read with special scanners (the “VeriChip,” produced by a company called PostiveID Corp). And that’s just a sampling of the possibilities.

Why, then, has the public been so hesitant to embrace PHRs? Recent surveys suggest that only about 2.7% of American adults (about 6.1 million) are actually using electronic PHRs. It may be that the wide range of PHRs is in fact the very reason they have been so slow to catch on: the lack of standardization across the world of PHRs is a serious cause of concern among many. Unlike electronic health records, which are kept at the offices of providers and are federally regulated by the Health Insurance Portability and Accountability Act (HIPAA), PHRs exist in an unregulated consumer market. For example, the two largest PHR vendors — Google Health and Microsoft Healthvault — both claim that they are not “covered entities” according to HIPAA.

Lack of HIPAA coverage means that:

  • Identifiable health information may leak out of a PHR into the marketing system or to commercial data brokers.
  • The information in a non-HIPAA covered PHR may be sold, rented, or otherwise shared.
  • It may be easier for consumers to accidentally or casually authorize the sharing of records in a PHR.
  • Consumers may think they have more control over the disclosure of PHR records than they actually do.
  • Privacy protections offered by PHR vendors may be weaker than consumers expect and may be subject to change without notice or consumer consent.
  • PHR records can be more easily subpoenaed by a third party than HIPAA-covered health records.

This is not to say that PHRs are by necessity unsecure. The point, rather, is that there are no established guidelines as to the required security measures, or even functionality, of a PHR.

“Buyer beware” applies as much in the PHR market as in any consumer market. However, as in other markets, consumers of PHRs do have some assurances and guarantees. As Evans correctly emphasizes, no matter what HIPAA says, PHR vendors are deliverers of a consumer good and makers of a consumer promise and are thus dependant on the regulatory scope of the Federal Trade Commission. “The FTC is a lot more aggressive [than HIPAA] when it comes to protecting consumers from organizations that would dupe them or misuse their data,” says Evans.

Hwang, for his part, warns that although security risks are a valid concern, progress should not be impeded by fear. He offered another example for perspective, pointing to the concerns over security when ATMs were first introduced. “A lot of people said it was nuts,” says Hwang. “They thought people would screw up their bank accounts when trying to handle transactions without the presence of a teller. Now ATMs and online banking are such a convenient option that we don’t think twice about it.” Hwang says it’s imperative to make the technology available and to give people the option to use it. The market will decide what is to the benefit of the public.

The bottom line is that PHRs are a bourgeoning technology, offering intrepid patients and healthcare consumers an opportunity to start to take control of their healthcare out of the hands of “professionals” and into their own. A PHR may not be for everybody, but for the right person, it can be a valuable tool in improving the quality and lowering the overall cost of healthcare.